× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 675c681f4c9684685dda43e5e96983c1688bef6d68583562d60fe673dafb3d0c
File name: ELghUu1.vir.HSvir
Detection ratio: 42 / 56
Analysis date: 2016-12-10 16:12:01 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3749087 20161210
AegisLab Ransom.Hplocky.Smjba!c 20161210
AhnLab-V3 Trojan/Win32.Locky.R191099 20161210
ALYac Trojan.GenericKD.3749087 20161210
Arcabit Trojan.Generic.D3934DF 20161210
Avast Win32:Malware-gen 20161210
AVG FileCryptor.NJV 20161210
Avira (no cloud) TR/Crypt.ZPACK.kglvj 20161210
AVware Trojan.Win32.Generic!BT 20161210
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9988 20161207
BitDefender Trojan.GenericKD.3749087 20161210
CAT-QuickHeal Ransom.Crowti.MUE.A4 20161210
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.OPBC-4746 20161210
DrWeb Trojan.Encoder.7128 20161210
Emsisoft Trojan.GenericKD.3749087 (B) 20161210
ESET-NOD32 Win32/Filecoder.Locky.D 20161210
F-Secure Trojan.GenericKD.3749087 20161210
Fortinet W32/Locky.D!tr 20161210
GData Trojan.GenericKD.3749087 20161210
Ikarus Trojan-Ransom.Locky 20161210
K7AntiVirus Trojan ( 004f95121 ) 20161210
K7GW Trojan ( 004f95121 ) 20161210
Kaspersky Trojan-Ransom.Win32.Locky.wgx 20161210
Malwarebytes Ransom.Locky 20161210
McAfee Generic.asf 20161210
McAfee-GW-Edition Generic.asf 20161210
Microsoft Ransom:Win32/Locky.A 20161210
eScan Trojan.GenericKD.3749087 20161210
NANO-Antivirus Trojan.Win32.Encoder.eiuzfo 20161210
Panda Trj/Genetic.gen 20161210
Qihoo-360 HEUR/QVM39.1.5B9D.Malware.Gen 20161210
Rising Malware.Generic!IniTgLLif1T@1 (thunder) 20161210
Sophos Troj/Locky-UJ 20161210
Symantec Ransom.Locky 20161210
Tencent Win32.Trojan.Raas.Auto 20161210
TrendMicro Ransom_HPLOCKY.SMJBB 20161210
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBB 20161210
VBA32 SScope.Malware-Cryptor.Filecoder 20161209
VIPRE Trojan.Win32.Generic!BT 20161210
ViRobot Trojan.Win32.Locky.303104[h] 20161210
Yandex Trojan.Locky! 20161209
Alibaba 20161209
Antiy-AVL 20161210
ClamAV 20161210
CMC 20161210
Comodo 20161210
F-Prot 20161210
Invincea 20161202
Jiangmin 20161210
Kingsoft 20161210
nProtect 20161210
SUPERAntiSpyware 20161210
TheHacker 20161130
TotalDefense 20161210
Trustlook 20161210
WhiteArmor 20161207
Zillya 20161210
Zoner 20161210
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-23 06:58:04
Entry Point 0x0002EA80
Number of sections 4
PE sections
PE imports
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetLocaleInfoW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeLibrary
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
SetConsoleCtrlHandler
GetCurrentProcessId
GetUserDefaultLCID
CreateSemaphoreW
GetDateFormatW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCurrentThread
SetStdHandle
GetTimeFormatW
WriteConsoleW
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
CompareStringW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
CreateEventW
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetStringTypeW
FatalAppExitA
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
LeaveCriticalSection
PE exports
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:11:23 07:58:04+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
0

LinkerVersion
7.1

FileTypeExtension
dll

InitializedDataSize
307200

SubsystemVersion
4.0

EntryPoint
0x2ea80

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4e207b30c5eae01fa136f3d89d59bbbe
SHA1 86d347faba791a6007092bcebfa736de5a4d2e3d
SHA256 675c681f4c9684685dda43e5e96983c1688bef6d68583562d60fe673dafb3d0c
ssdeep
6144:v3WLzy1herKt/Uw8t/XZLA7myro1qnDNRMfQtKUWFYXx:v311gryoTA7fqqDNRMfQn8YXx

authentihash 905f4f666f60f6428fcfe4aa8de6699ca3fbc8479714b1cdfacc6c2245810467
imphash 547e1cd82265605b63c3f0698e4036ee
File size 296.0 KB ( 303104 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-23 09:27:45 UTC ( 7 months ago )
Last submission 2016-11-27 04:06:10 UTC ( 6 months, 4 weeks ago )
File names Ktlbgby1.dll
gsHuyR1_dll
wooTevq1.dll
GMidBut2.dll
ELghUu1.dll
MfTxlsV1.dll
wsWRdAlNyXn1.dll
ELghUu1.vir.HSvir
SfgRkkv1.dll.4247399343.dll
vMQmpUkgBao1.dll
08yhrf3.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!