e120c26a601ee0eceb84068728910e89

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-May-24 15:23:07

Plugin Output

Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Malicious The PE contains functions mostly used by malware. Uses Microsoft's cryptographic API:
  • CryptGetUserKey
  • CryptGenRandom
  • CryptGenKey
  • CryptDestroyKey
Functions related to the privilege level:
  • DuplicateToken
Enumerates local disk drives:
  • GetVolumeInformationW
Manipulates other processes:
  • Process32First
Malicious VirusTotal score: 42/67 (Scanned on 2018-06-12 07:54:27) MicroWorld-eScan: Gen:Variant.Ransom.RotorCrypt.2
McAfee: RansomRotorCrypt!E120C26A601E
Cylance: Unsafe
K7AntiVirus: Trojan ( 0050f06c1 )
K7GW: Trojan ( 0050f06c1 )
TrendMicro: Mal_CrypRoto
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9998
Symantec: Ransom.Troldesh
ESET-NOD32: a variant of Win32/Filecoder.RotoCrypt.C
TrendMicro-HouseCall: Suspicious_GEN.F47V0612
Kaspersky: HEUR:Trojan.Win32.Generic
BitDefender: Gen:Variant.Ransom.RotorCrypt.2
NANO-Antivirus: Trojan.Win32.Filecoder.fdybxi
Avast: Win32:KadrBot [Trj]
Tencent: Win32.Trojan.Filecoder.Agke
Ad-Aware: Gen:Variant.Ransom.RotorCrypt.2
Sophos: Mal/Generic-S
F-Secure: Gen:Variant.Ransom.RotorCrypt.2
DrWeb: Trojan.Encoder.5342
Invincea: heuristic
McAfee-GW-Edition: RansomRotorCrypt!E120C26A601E
Emsisoft: Gen:Variant.Ransom.RotorCrypt.2 (B)
Ikarus: Trojan-Ransom.Rotocrypt
Cyren: W32/Ransom.PGTG-7732
Avira: TR/Crypt.XPACK.Gen2
Antiy-AVL: Trojan/Win32.AGeneric
Microsoft: Ransom:Win32/Genasom
Endgame: malicious (high confidence)
Arcabit: Trojan.Ransom.RotorCrypt.2
AegisLab: Troj.W32.Generic!c
ZoneAlarm: HEUR:Trojan.Win32.Generic
GData: Gen:Variant.Ransom.RotorCrypt.2
ALYac: Trojan.Ransom.RotorCrypt
MAX: malware (ai score=99)
Malwarebytes: Trojan.MalPack
SentinelOne: static engine - malicious
Fortinet: W32/RotoCrypt.C!tr
AVG: Win32:KadrBot [Trj]
Cybereason: malicious.a601ee
Panda: Trj/GdSda.A
CrowdStrike: malicious_confidence_100% (W)
Qihoo-360: HEUR/QVM20.1.6CC1.Malware.Gen

Hashes

MD5 e120c26a601ee0eceb84068728910e89
SHA1 2e074045c334a5e59a536b1397d6a4d63437c10b
SHA256 3637c9f27d8599d1c79a1de6f4eb2bf2795f831d43d9d4b0c821e73bdbebafcf
SHA3 fb8cccced58c0b8e4e3da84ca2e1ad4cd21b6d1f07222f0000d5952951897463
SSDeep 1536:25EgY2I1Dx07GN6bM+/nIbtHGZo8GlRSSU32egMY1tPjwmwAa7V:8Cx046zOtmZo3lRSSw2eNY1tsmO
Imports Hash b1a6fba59730062d23755804b451bf50

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2018-May-24 15:23:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0xc800
SizeOfInitializedData 0x6600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00009517 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xe000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x15000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NO_SEH
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 24d86a59131bce9fd9dd1defbac9da18
SHA1 bf38d800bddb06c45bdfa6298cd11cc72a06bb78
SHA256 95b64e2a54f805c8e1c55de305a17ffb04a6acd61885695b2632cb720e674eee
SHA3 e95e1b62d044640983298a50d155572dda105f0bca6bcca2f7e68bf1676fa266
VirtualSize 0xc6b0
VirtualAddress 0x1000
SizeOfRawData 0xc800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.5427

.rdata

MD5 f0e11d8137c43dcc271f9c2b3a33e41e
SHA1 b80bf904c23da55a09859731da2ecb062f0fc405
SHA256 1327798b6abedf373f88307fd7c9303771f693b2d932d25d7547c3c03b1074e6
SHA3 f56e4e0e129dd9f3426f2b13a45ec4f89149b0c1ee0a49582738c5536f1d610b
VirtualSize 0xb85
VirtualAddress 0xe000
SizeOfRawData 0xc00
PointerToRawData 0xcc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.1524

.data

MD5 c7ec64cead2cb15b6d8e645db2bc3f76
SHA1 21ec5b9c64f15c370424c1532492954a6eeaf7a0
SHA256 952be35405a151a0b76da2b31a22c50e4a24a34484dc58cab25fc79b5c899764
SHA3 da47379e6cee23f92cb2b2a53de49186d3dbc675fc2dad4f603a0287c1c14311
VirtualSize 0x5921
VirtualAddress 0xf000
SizeOfRawData 0x5a00
PointerToRawData 0xd800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.57454

Imports

KERNEL32.DLL InterlockedDecrement
FileTimeToLocalFileTime
DebugBreak
GetConsoleMode
DeleteFileW
CloseHandle
ConnectNamedPipe
FileTimeToDosDateTime
GetCommandLineW
GetStringTypeA
GetCommandLineA
InterlockedExchange
LocalLock
GetFileTime
GetEnvironmentVariableW
RemoveDirectoryW
ReplaceFileW
DuplicateHandle
TlsAlloc
WriteConsoleA
GetSystemDefaultLCID
GetVolumeInformationW
OpenSemaphoreW
Process32First
IsBadReadPtr
SetComputerNameW
SizeofResource
TlsSetValue
MulDiv
GetLastError
GetProcAddress
GetPrivateProfileIntW
UnhandledExceptionFilter
LCMapStringA
CreateThread
Sleep
GetModuleHandleA
USER32.DLL GetWindowPlacement
AppendMenuW
GetMessageW
GrayStringW
GetClipCursor
GetSysColorBrush
SetMenuItemBitmaps
ValidateRect
SetFocus
TabbedTextOutW
MapVirtualKeyW
GetClassInfoW
SendMessageW
InvalidateRgn
GetWindow
GetKeyNameTextW
OLE32.DLL CoTaskMemFree
CoTaskMemAlloc
WriteClassStg
SetConvertStg
CreateBindCtx
CLSIDFromString
WriteFmtUserTypeStg
ReadClassStg
CoCreateInstance
ReleaseStgMedium
StringFromCLSID
OleDuplicateData
CoTreatAsClass
CLSIDFromProgID
GDI32.DLL GetPixel
CreateSolidBrush
CreatePatternBrush
GetCharWidthW
CreateCompatibleDC
PolyBezier
GetArcDirection
CreateICW
CloseMetaFile
GetTextExtentPoint32W
CreateFontIndirectW
SaveDC
SHLWAPI.DLL PathFindExtensionW
PathRemoveExtensionW
PathIsUNCW
PathFindFileNameW
COMDLG32.DLL ChooseFontW
GetSaveFileNameW
SHELL32.DLL DragAcceptFiles
ExtractIconW
SHGetFileInfoW
DragFinish
ADVAPI32.DLL CryptGetUserKey
RegEnumKeyW
IsValidSecurityDescriptor
CryptGenRandom
CryptGenKey
SetAclInformation
FreeSid
CryptDestroyKey
DuplicateToken
SetSecurityDescriptorDacl

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x25427b87
Unmarked objects 0
C++ objects (VS2012 build 50727 / VS2005 build 50727) 26
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors