Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-May-24 15:23:07 |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
Can access the registry:
|
Malicious | VirusTotal score: 42/67 (Scanned on 2018-06-12 07:54:27) |
MicroWorld-eScan:
Gen:Variant.Ransom.RotorCrypt.2
McAfee: RansomRotorCrypt!E120C26A601E Cylance: Unsafe K7AntiVirus: Trojan ( 0050f06c1 ) K7GW: Trojan ( 0050f06c1 ) TrendMicro: Mal_CrypRoto Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9998 Symantec: Ransom.Troldesh ESET-NOD32: a variant of Win32/Filecoder.RotoCrypt.C TrendMicro-HouseCall: Suspicious_GEN.F47V0612 Kaspersky: HEUR:Trojan.Win32.Generic BitDefender: Gen:Variant.Ransom.RotorCrypt.2 NANO-Antivirus: Trojan.Win32.Filecoder.fdybxi Avast: Win32:KadrBot [Trj] Tencent: Win32.Trojan.Filecoder.Agke Ad-Aware: Gen:Variant.Ransom.RotorCrypt.2 Sophos: Mal/Generic-S F-Secure: Gen:Variant.Ransom.RotorCrypt.2 DrWeb: Trojan.Encoder.5342 Invincea: heuristic McAfee-GW-Edition: RansomRotorCrypt!E120C26A601E Emsisoft: Gen:Variant.Ransom.RotorCrypt.2 (B) Ikarus: Trojan-Ransom.Rotocrypt Cyren: W32/Ransom.PGTG-7732 Avira: TR/Crypt.XPACK.Gen2 Antiy-AVL: Trojan/Win32.AGeneric Microsoft: Ransom:Win32/Genasom Endgame: malicious (high confidence) Arcabit: Trojan.Ransom.RotorCrypt.2 AegisLab: Troj.W32.Generic!c ZoneAlarm: HEUR:Trojan.Win32.Generic GData: Gen:Variant.Ransom.RotorCrypt.2 ALYac: Trojan.Ransom.RotorCrypt MAX: malware (ai score=99) Malwarebytes: Trojan.MalPack SentinelOne: static engine - malicious Fortinet: W32/RotoCrypt.C!tr AVG: Win32:KadrBot [Trj] Cybereason: malicious.a601ee Panda: Trj/GdSda.A CrowdStrike: malicious_confidence_100% (W) Qihoo-360: HEUR/QVM20.1.6CC1.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xb0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2018-May-24 15:23:07 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0xc800 |
SizeOfInitializedData | 0x6600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00009517 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xe000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x15000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NO_SEH
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
InterlockedDecrement
FileTimeToLocalFileTime DebugBreak GetConsoleMode DeleteFileW CloseHandle ConnectNamedPipe FileTimeToDosDateTime GetCommandLineW GetStringTypeA GetCommandLineA InterlockedExchange LocalLock GetFileTime GetEnvironmentVariableW RemoveDirectoryW ReplaceFileW DuplicateHandle TlsAlloc WriteConsoleA GetSystemDefaultLCID GetVolumeInformationW OpenSemaphoreW Process32First IsBadReadPtr SetComputerNameW SizeofResource TlsSetValue MulDiv GetLastError GetProcAddress GetPrivateProfileIntW UnhandledExceptionFilter LCMapStringA CreateThread Sleep GetModuleHandleA |
---|---|
USER32.DLL |
GetWindowPlacement
AppendMenuW GetMessageW GrayStringW GetClipCursor GetSysColorBrush SetMenuItemBitmaps ValidateRect SetFocus TabbedTextOutW MapVirtualKeyW GetClassInfoW SendMessageW InvalidateRgn GetWindow GetKeyNameTextW |
OLE32.DLL |
CoTaskMemFree
CoTaskMemAlloc WriteClassStg SetConvertStg CreateBindCtx CLSIDFromString WriteFmtUserTypeStg ReadClassStg CoCreateInstance ReleaseStgMedium StringFromCLSID OleDuplicateData CoTreatAsClass CLSIDFromProgID |
GDI32.DLL |
GetPixel
CreateSolidBrush CreatePatternBrush GetCharWidthW CreateCompatibleDC PolyBezier GetArcDirection CreateICW CloseMetaFile GetTextExtentPoint32W CreateFontIndirectW SaveDC |
SHLWAPI.DLL |
PathFindExtensionW
PathRemoveExtensionW PathIsUNCW PathFindFileNameW |
COMDLG32.DLL |
ChooseFontW
GetSaveFileNameW |
SHELL32.DLL |
DragAcceptFiles
ExtractIconW SHGetFileInfoW DragFinish |
ADVAPI32.DLL |
CryptGetUserKey
RegEnumKeyW IsValidSecurityDescriptor CryptGenRandom CryptGenKey SetAclInformation FreeSid CryptDestroyKey DuplicateToken SetSecurityDescriptorDacl |
XOR Key | 0x25427b87 |
---|---|
Unmarked objects | 0 |
C++ objects (VS2012 build 50727 / VS2005 build 50727) | 26 |
Linker (VS2012 build 50727 / VS2005 build 50727) | 1 |