× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c
Dosya adı: d8743fgh[1].txt.1.dr
Tespit edilme orani 39 / 64
Analiz tarihi: 2017-09-28 09:40:39 UTC ( 1 yıl, 7 ay önce) En sonuncusunu görüntüle
Antivirus Sonuç Güncelle
AegisLab Ransom.Cerber.Smaly0!c 20170928
AhnLab-V3 Win-Trojan/RansomCrypt.Exp 20170928
ALYac Trojan.Ransom.LockyCrypt 20170928
Avast Win32:Malware-gen 20170928
AVG Win32:Malware-gen 20170928
Avira (no cloud) TR/Crypt.ZPACK.tfrzu 20170928
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170928
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170928
Cyren W32/Locky.CA.gen!Eldorado 20170928
DrWeb Trojan.Encoder.13570 20170928
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Filecoder.Locky.M 20170928
F-Prot W32/Locky.CA.gen!Eldorado 20170928
Fortinet W32/Locky.FWSD!tr.ransom 20170928
GData Win32.Trojan-Ransom.Locky.6DK0PD 20170928
Ikarus Trojan-Ransom.Locky 20170928
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 00517c701 ) 20170928
K7GW Trojan ( 00517c701 ) 20170928
Kaspersky UDS:DangerousObject.Multi.Generic 20170928
Malwarebytes Ransom.Locky 20170928
MAX malware (ai score=99) 20170928
McAfee Ransom-Locky!DD4D46B9612E 20170928
McAfee-GW-Edition BehavesLike.Win32.Ransomware.hc 20170928
Microsoft Ransom:Win32/Locky 20170928
Palo Alto Networks (Known Signatures) generic.ml 20170928
Qihoo-360 Win32/Trojan.Multi.daf 20170928
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170928
Symantec Ransom.Locky.B 20170928
Tencent Win32.Trojan.Raas.Auto 20170928
TrendMicro Ransom_CERBER.SMALY0 20170928
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170928
VIPRE Trojan.Win32.Generic!BT 20170928
ViRobot Trojan.Win32.Locky.604672.D 20170928
Webroot W32.Trojan.Gen 20170928
WhiteArmor Malware.HighConfidence 20170927
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.aabe 20170928
Ad-Aware 20170928
Alibaba 20170911
Antiy-AVL 20170928
Arcabit 20170928
Avast-Mobile 20170928
BitDefender 20170928
CAT-QuickHeal 20170928
ClamAV 20170928
CMC 20170928
Comodo 20170928
Emsisoft 20170928
F-Secure 20170928
Jiangmin 20170928
Kingsoft 20170928
eScan 20170928
NANO-Antivirus 20170928
nProtect 20170928
Panda 20170927
Rising 20170928
SUPERAntiSpyware 20170928
Symantec Mobile Insight 20170928
TheHacker 20170925
TotalDefense 20170928
Trustlook 20170928
VBA32 20170927
Yandex 20170908
Zillya 20170927
Zoner 20170928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-24 10:56:05
Entry Point 0x00003D89
Number of sections 4
PE sections
PE imports
CMP_Init_Detection
CMP_Report_LogOn
CM_Add_Range
CM_Add_IDA
IsBadStringPtrW
LeaveCriticalSection
GetTempPathA
GetConsoleAliasA
LoadLibraryA
WaitNamedPipeW
GetCurrentProcessId
GetModuleFileNameW
GetProfileSectionW
WaitForSingleObject
SearchPathA
GetStringTypeA
GetLogicalDriveStringsW
FindNextFileA
GetCurrentThreadId
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetExpandedNameA
ClusWorkerStart
ResUtilDupString
CPEncrypt
CPDecrypt
CreateWindowExA
MessageBoxW
DispatchMessageA
GetPropW
LoadIconW
DrawStateA
IsDialogMessageW
LoadStringW
IsCharUpperW
LoadCursorA
PostMessageW
LoadMenuW
GetClassLongA
Number of PE resources by type
RT_RCDATA 2
RT_STRING 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:24 12:56:05+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56832

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, 32-bit, No debug

EntryPoint
0x3d89

InitializedDataSize
546816

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 dd4d46b9612efc391469bba8553358b6
SHA1 b83fa30809ca80e981546cf1bae8f3f9a9cca206
SHA256 3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c
ssdeep
12288:j6wdOcYExLY0ebcIZ3pxCU5/2jEa95pY0Er4L1wD88P5DmWmeyX:jRLe0Mco3pxCU5/2jEafpVe4L1C88x1w

authentihash 43d58a5dc368e10e10bd146791610eaa9f03297c91be770c1dc29b293685a62b
imphash 4639f5d4787f9d3a0cc3d592d2dcb799
Dosya boyutu 590.5 KB ( 604672 bytes )
Dosya türü Win32 EXE
Magic lafzı
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-27 16:52:19 UTC ( 1 yıl, 7 ay önce)
Last submission 2019-03-06 04:04:28 UTC ( 2 ay, 2 hafta önce)
Dosya isimleri d8743fgh.txt
d8743fgh
d8743fgh[1].txt.1.dr
3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c
d8743fgh.exe
40eadc49cb0fb8ad19d6757127b4a4cc77296006
d8743fgh.exe
d8743fgh (1).exe
dd4d46b9.gxe
d8743fgh-2017-09-28.122443.txt
output.112293974.txt
VirusShare_dd4d46b9612efc391469bba8553358b6
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications