ab70755be8d2525c4d74f9e80f979386

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Nov-02 10:09:05
Detected languages English - United States

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • haCK
Suspicious The PE is possibly packed. The PE only has 4 import(s).
Malicious VirusTotal score: 57/70 (Scanned on 2019-11-05 09:27:46) MicroWorld-eScan: Win32.Virlock.Gen.8
VBA32: Virus.PolyRansom.k
FireEye: Generic.mg.ab70755be8d2525c
CAT-QuickHeal: Ransom.PolyRansom.F3
ALYac: Win32.Virlock.Gen.8
Malwarebytes: Ransom.VirLock
K7AntiVirus: Trojan ( 0052b3dd1 )
K7GW: Trojan ( 0052b3dd1 )
Cybereason: malicious.be8d25
Arcabit: Win32.Virlock.Gen.8
TrendMicro: PE_VIRLOCK.K
Baidu: Win32.Virus.Virlock.e
F-Prot: W32/S-c1bd2b76!Eldorado
Symantec: W32.Virlock!inf3
APEX: Malicious
Avast: Win32:Cryptor
ClamAV: Win.Virus.Virlock-6332874-0
Kaspersky: HEUR:Trojan.Win32.Generic
BitDefender: Win32.Virlock.Gen.8
NANO-Antivirus: Virus.Win32.Virlock.dsdros
ViRobot: Trojan.Win32.Virlock.Gen.A
Tencent: Virus.Win32.VirLocker.ja
Endgame: malicious (high confidence)
Emsisoft: Win32.Virlock.Gen.8 (B)
Comodo: Virus.Win32.VirLock.GA@7lv9go
F-Secure: Trojan.TR/Crypt.ZPACK.Gen
DrWeb: Win32.VirLock.16
VIPRE: Virus.Win32.Nabucur.c (v)
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.VirRansom.tc
MaxSecure: Virus.PolyRansom.b
Trapmine: malicious.high.ml.score
Sophos: W32/VirRnsm-F
Cyren: W32/S-c1bd2b76!Eldorado
Webroot: W32.Malware.gen
Avira: TR/Crypt.ZPACK.Gen
Fortinet: W32/Virlock.J
Microsoft: Trojan:Win32/Nabucur.AA
ZoneAlarm: HEUR:Trojan.Win32.Generic
TACHYON: Virus/W32.VirRansom.B
AhnLab-V3: Win32/Nabucur.D
Acronis: suspicious
McAfee: Trojan-FQZC!AB70755BE8D2
MAX: malware (ai score=82)
Ad-Aware: Win32.Virlock.Gen.8
Cylance: Unsafe
ESET-NOD32: a variant of Win32/Virlock.J
TrendMicro-HouseCall: PE_VIRLOCK.K
Rising: Malware.Undefined!8.C (TFE:2:F9oTcQmkAMJ)
SentinelOne: DFI - Malicious PE
eGambit: Unsafe.AI_Score_99%
GData: Win32.Virlock.Gen.8
BitDefenderTheta: AI:FileInfector.394B29A813
AVG: Win32:Cryptor
Panda: Trj/Genetic.gen
CrowdStrike: win/malicious_confidence_100% (D)
Qihoo-360: HEUR/QVM20.1.052B.Malware.Gen

Hashes

MD5 ab70755be8d2525c4d74f9e80f979386
SHA1 382f5bce36ba05242569e5a24166472de85c7a1a
SHA256 9fa039cb520a3e37aca6dd1a6124b65366930469112b0ee59e901f75da2eb93b
SHA3 012af96a541aacb6be5b8525aa359a00fcfe42d41d8d6c6625411f8de4878d9b
SSDeep 24576:xHchz6vspWjxWbO/Q+mB9+GoksMoQpphyc9YNiGj+KHU3q0QbCRJmhRNMSuZo+i:xHcp6vspSxWbKQHBkfkslGpQ8YNiGj5
Imports Hash 7983265fef5982537cc862d7253624b4

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2019-Nov-02 10:09:05
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 5.0
SizeOfCode 0x88a00
SizeOfInitializedData 0xcf200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x8a000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x15c000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7949d17b555b573bd431161a2854c3b3
SHA1 6ef98312b1aa050be90cef74a9e0e4ee75cf0656
SHA256 70c091a8dddd8e5c688b00d03deb4f134c4527259168e971d6ac65d30e0fecad
SHA3 70d68f69c3e29a2d1e8e41ae014c6b313301b01b95962cf8e0096959967efa04
VirtualSize 0x89000
VirtualAddress 0x1000
SizeOfRawData 0x88a00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.1847

.rdata

MD5 015b7c3c2562c7c6052f93501f95b3d8
SHA1 4c83c4b450788e1e93b1d313b8d64cc7530fb95d
SHA256 beb9aad35e631740da10141b605fec69c7a2d5bc0aac61dd11ed7a40c3bceae9
SHA3 1673e13ce831f9f00d3d5fbaa9f5571ac7a3e14556fcb5d90b36f1d0ddb12818
VirtualSize 0x1000
VirtualAddress 0x8a000
SizeOfRawData 0x200
PointerToRawData 0x89000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.11046

.data

MD5 ae9a0f35c57f8d007480aac8fd7d5bcc
SHA1 3bcdd77295e4733ba403ae6b9c5c86a1f6469d35
SHA256 97321506e214d391933f76d01daa9e31fbae8e0ed547c2041225428310c2ac4f
SHA3 ee41af04518981a035e9b7ee71c62ec8dd2a698aab01d889e07f97b94ed0850f
VirtualSize 0xcf000
VirtualAddress 0x8b000
SizeOfRawData 0xcf000
PointerToRawData 0x89200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.78126

.rsrc

MD5 cde328219e656fce4c04af073c87cfaa
SHA1 ad73156f0111681fd029d619ac2c53b5b085e7f3
SHA256 fe2b8b20da2447a2874a81fe221c1533ba920238db913fe76c31348b9e07e091
SHA3 6d7e229439fa223e3ccd44d503c94d5a517974e6b344cb0b549f9e39324fd094
VirtualSize 0x1200
VirtualAddress 0x15a000
SizeOfRawData 0x1200
PointerToRawData 0x158200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_LOCKED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.97754

Imports

kernel32.dll VirtualAlloc
user32.dll GetProcessWindowStation
GetClipboardOwner
GetShellWindow

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.22413
MD5 3499ac8142dc912a1a3340d35f339ad7
SHA1 f419d256668db1860e9bf09827ce96a81f1fa14c
SHA256 beb0af303ee34c9d6641ce2fb77c5b159f609330e67710e53a35c49c2e2f71f3
SHA3 156916fe5806e85df81f5a3d62c9e63311d737ca43c00c289284ee82b9e8c2ec

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.94375
Detected Filetype Icon file
MD5 aaba260d0fffc1b1f8ca91cf14ebb086
SHA1 f9303169a79d768cd2877c896611d8523c80f945
SHA256 bd7b891000b776021bd2d3790a165561c6134cea734f0d70a52a9b9c0b363321
SHA3 c71b97c34a1b8d59396b2dc78a1e5c5cce90da1de42d4cd98e168d9cb151bf8e

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xd4f1ae19
Unmarked objects 0
19 (8078) 10
18 (8444) 1

Errors