× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41bce3e382cee06aa65fbee15fd38f7187fb090d5da78d868f57c84197689287
File name: drefudre20.exe
Detection ratio: 43 / 61
Analysis date: 2017-05-16 09:05:17 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5076515 20170516
AegisLab Troj.Ransom.W32!c 20170516
ALYac Trojan.Ransom.Scatter 20170516
Antiy-AVL Trojan[Ransom]/Win32.Scatter 20170516
Arcabit Trojan.Generic.D4D7623 20170516
Avast Win32:Malware-gen 20170516
Avira (no cloud) TR/FileCoder.57843 20170516
AVware Trojan.Win32.Generic!BT 20170516
BitDefender Trojan.GenericKD.5076515 20170516
Bkav W32.eHeur.Malware08 20170516
Comodo UnclassifiedMalware 20170516
CrowdStrike Falcon (ML) malicious_confidence_66% (W) 20170130
Cyren W32/RansomJaff.XEQX-8149 20170516
DrWeb Trojan.Encoder.11429 20170516
Emsisoft Trojan.GenericKD.5076515 (B) 20170516
ESET-NOD32 a variant of Win32/GenKryptik.AGDX 20170516
F-Prot W32/RansomJaff.B 20170516
F-Secure Trojan.GenericKD.5076515 20170516
Fortinet W32/Scatter.UR!tr 20170516
GData Trojan.GenericKD.5076515 20170516
Ikarus Trojan-Ransom.Jaff 20170516
Sophos ML worm.win32.gamarue.ar 20170413
K7AntiVirus Trojan ( 0050db271 ) 20170516
K7GW Trojan ( 0050db271 ) 20170516
Kaspersky Trojan-Ransom.Win32.Scatter.ur 20170516
Malwarebytes Ransom.Jaff 20170516
McAfee Artemis!F5EBB00E1FB9 20170516
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20170515
Microsoft Ransom:Win32/Genasom 20170516
eScan Trojan.GenericKD.5076515 20170516
nProtect Ransom/W32.Scatter.176128 20170516
Palo Alto Networks (Known Signatures) generic.ml 20170516
Qihoo-360 Trojan.Generic 20170516
Rising Ransom.Scatter!8.139C (cloud:fMhog2SeQWQ) 20170516
Sophos AV Troj/Ransom-ELT 20170516
Symantec Ransom.Cryptolocker 20170515
TrendMicro Ransom_CRYPJAFF.ENE 20170516
TrendMicro-HouseCall Ransom_CRYPJAFF.ENE 20170516
VBA32 Trojan.Filecoder 20170516
VIPRE Trojan.Win32.Generic!BT 20170516
ViRobot Trojan.Win32.Jaff.176128[h] 20170516
Webroot W32.Adware.Gen 20170516
ZoneAlarm by Check Point Trojan-Ransom.Win32.Scatter.ur 20170516
AhnLab-V3 20170515
Alibaba 20170516
AVG 20170515
Baidu 20170503
CAT-QuickHeal 20170516
ClamAV 20170515
CMC 20170516
Endgame 20170515
Jiangmin 20170516
Kingsoft 20170516
NANO-Antivirus 20170516
Panda 20170515
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170516
Symantec Mobile Insight 20170516
Tencent 20170516
TheHacker 20170514
WhiteArmor 20170512
Yandex 20170515
Zillya 20170516
Zoner 20170516
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © cbfg wgvs libtp knwsu il

Product E ksq cn gbuvpu
Original name Uaxfoabk
Internal name Uaxfoabk
File version 7.910
Description Fbr enw vhs os oao
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 13:11:31
Entry Point 0x0001E2CA
Number of sections 4
PE sections
PE imports
RegEnumKeyW
RestoreDC
SetMapperFlags
SetPolyFillMode
PtVisible
SetTextCharacterExtra
RoundRect
SetThreadLocale
GetStartupInfoA
lstrcpynW
SetEnvironmentVariableW
LoadLibraryA
GetModuleHandleA
SetFileTime
SleepEx
SetUnhandledExceptionFilter
ResetEvent
SetHandleCount
CloseHandle
ReleaseActCtx
GetProcAddress
VirtualAlloc
lstrcmpW
ReplaceFileW
__p__fmode
sscanf
_mbsnbcoll
__wgetmainargs
strxfrm
__dllonexit
_controlfp
_wenviron
div
_except_handler3
fwrite
_onexit
mktime
exit
_XcptFilter
__setusermatherr
__p__commode
_acmdln
_adjust_fdiv
_stat64
_wunlink
_mbcasemap
__getmainargs
__p__wpgmptr
__RTtypeid
ctime
_mktime64
_setjmp
_ismbbkpunct
_getdiskfree
_initterm
_exit
isupper
_CIacos
__set_app_type
RxNetAccessEnum
RtlOemToUnicodeN
ReadClassStg
SafeArrayCreateEx
RasEnumAutodialAddressesW
ShellExecuteExW
SHRegSetPathA
NotifyWinEvent
SetScrollRange
SetRect
SetCaretPos
DtcGetTransactionManagerExA
Number of PE resources by type
RT_STRING 3
RT_DIALOG 2
RT_GROUP_CURSOR 1
RT_ICON 1
RT_MANIFEST 1
RT_MENU 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.910.0.0

UninitializedDataSize
0

LanguageCode
Unknown (000C)

FileFlagsMask
0x003f

CharacterSet
Unknown (0004)

InitializedDataSize
114688

EntryPoint
0x1e2ca

OriginalFileName
Uaxfoabk

MIMEType
application/octet-stream

LegalCopyright
Copyright cbfg wgvs libtp knwsu il

FileVersion
7.91

TimeStamp
2017:05:11 14:11:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Uaxfoabk

ProductVersion
7.91

FileDescription
Fbr enw vhs os oao

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Kypnpm u

CodeSize
122880

ProductName
E ksq cn gbuvpu

ProductVersionNumber
7.910.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f5ebb00e1fb9bbcfe5ae742082e2002f
SHA1 83edee74728aa231cb77d62a442fa560c64ecdee
SHA256 41bce3e382cee06aa65fbee15fd38f7187fb090d5da78d868f57c84197689287
ssdeep
3072:PldaD6pVgjyNbZR53FMmIpyTTnxa2yi35kXuudea+W6PZUHz:Nd3pVgOlZXFTcyfxca5JuAa+WfH

authentihash 3057a3bd2b743cd70c114c86cba40568ad2048b336a3d821ab4f18685d7e7e6f
imphash 4894200e9a58321f04e9b5487d0a92a9
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 5.0 (57.5%)
Win64 Executable (generic) (26.1%)
Win32 Dynamic Link Library (generic) (6.2%)
Win32 Executable (generic) (4.2%)
Win16/32 Executable Delphi generic (1.9%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-15 10:43:28 UTC ( 5 months, 1 week ago )
Last submission 2017-08-18 21:43:05 UTC ( 2 months ago )
File names drefudre20.exe
drefudre20
localfile~
jaff ransomware
Jeff.exe
83edee74728aa231cb77d62a442fa560c64ecdee.ex_
Jaff-ransomware-drefudre20.exe
drefudre.exe
drefudre20.exe.3420.dr
hHGFjd.vir.DNvir
41bce3e382cee06aa65fbee15fd38f7187fb090d5da78d868f57c84197689287.bin
drefudre20.exe
1.exe
QQ.exe
dredudre20.exe
Uaxfoabk
jeff-ransom-today.exe
2017-05-15-Jaff-ransomware-malspam-artifacts.zip
drefudre20.exe
Uaxfoabk.exe
41bce3e382cee06aa65fbee15fd38f7187fb090d5da78d868f57c84197689287.exe
drefudre20.exe
2017-05-15-Jaff-ransomware-drefudre20.exe
hHGFjd.exe
drefudre20.exe
Advanced heuristic and reputation engines
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Deleted files
HTTP requests
DNS requests
TCP connections
UDP communications