× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92ad1b7965d65bfef751cf6e4e8ad4837699165626e25131409d4134f031a497
File name: xdata2.exe
Detection ratio: 42 / 61
Analysis date: 2017-05-22 12:01:53 UTC ( 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5101437 20170522
AegisLab Ml.Attribute.Gen!c 20170522
AhnLab-V3 Trojan/Win32.XData.C1961833 20170522
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20170522
Arcabit Trojan.Generic.D4DD77D 20170522
Avast Win32:Malware-gen 20170522
AVG FileCryptor.PAM 20170522
Avira (no cloud) TR/Crypt.ZPACK.liuua 20170522
AVware Trojan.Win32.Generic!BT 20170522
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9945 20170503
BitDefender Trojan.GenericKD.5101437 20170522
Bkav W32.eHeur.Malware03 20170522
CrowdStrike Falcon (ML) malicious_confidence_98% (W) 20170130
Cyren W32/Ransom.ITQR-4650 20170522
DrWeb Trojan.Encoder.11526 20170522
Emsisoft Trojan.GenericKD.5101437 (B) 20170522
Endgame malicious (high confidence) 20170515
ESET-NOD32 Win32/Filecoder.NLN 20170522
F-Prot W32/Ransom.XData.A 20170522
F-Secure Trojan:W32/XData.A 20170522
Fortinet W32/Filecoder.NLN!tr 20170522
GData Win32.Trojan.Agent.MJDYRT 20170522
Ikarus Trojan-Ransom.XData 20170522
Sophos ML trojan.win32.swrort.a 20170519
Jiangmin TrojanDropper.Dapato.xxe 20170522
K7AntiVirus Trojan ( 0050df871 ) 20170522
K7GW Trojan ( 0050df871 ) 20170522
Kaspersky Trojan-Dropper.Win32.Dapato.oxcr 20170522
McAfee RDN/Generic.hra 20170522
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dc 20170521
Microsoft Ransom:Win32/FileCryptor 20170522
eScan Trojan.GenericKD.5101437 20170522
Palo Alto Networks (Known Signatures) generic.ml 20170522
Panda Trj/CI.A 20170521
Sophos AV Mal/Generic-S 20170521
Symantec Ransom.Cryptolocker 20170521
TrendMicro Ransom_XDATA.A 20170522
TrendMicro-HouseCall Ransom_XDATA.A 20170522
VIPRE Trojan.Win32.Generic!BT 20170522
ViRobot Dropper.U.Agent.944128[h] 20170522
Webroot W32.Trojan.Gen 20170522
ZoneAlarm by Check Point Trojan-Dropper.Win32.Dapato.oxcr 20170522
Alibaba 20170522
ALYac 20170522
CAT-QuickHeal 20170522
ClamAV 20170522
CMC 20170521
Comodo 20170522
Kingsoft 20170522
Malwarebytes 20170522
NANO-Antivirus 20170522
nProtect 20170522
Qihoo-360 20170522
Rising 20170518
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170522
Symantec Mobile Insight 20170522
Tencent 20170522
TheHacker 20170522
Trustlook 20170522
VBA32 20170522
WhiteArmor 20170517
Yandex 20170518
Zillya 20170520
Zoner 20170522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-07 08:29:24
Entry Point 0x0000622B
Number of sections 6
PE sections
PE imports
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeNameW
GetAdaptersInfo
GetStdHandle
GetOverlappedResult
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
ConnectNamedPipe
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
CancelIo
GetEnvironmentVariableW
SetLastError
InterlockedDecrement
CopyFileW
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
CreateRemoteThread
GetStartupInfoW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetFileSizeEx
FindNextFileW
FindFirstFileExW
GetProcAddress
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
VirtualAllocEx
CreateNamedPipeW
GetConsoleCP
GetEnvironmentStringsW
Process32NextW
VirtualFree
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
wsprintfW
__WSAFDIsSet
htonl
socket
ioctlsocket
WSAStartup
connect
WSACleanup
htons
closesocket
select
Number of PE resources by type
PIC 4
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 4
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:11:07 09:29:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
87040

LinkerVersion
14.0

EntryPoint
0x622b

InitializedDataSize
858624

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 c6a2fb56239614924e2ab3341b1fbba5
SHA1 bdd2ecf290406b8a09eb01016c7658a283c407c3
SHA256 92ad1b7965d65bfef751cf6e4e8ad4837699165626e25131409d4134f031a497
ssdeep
24576:diQZitpSzuX+gltfyZE25LQv77cMhi7eobIMUGDM5Lna:rZif7+OyZEREei7eob8mM5La

authentihash 603c86b34da883a1a818a46f4223b37a4d8d38fe8d94a8b5b75d8d89b0e0fc2e
imphash d0cbfb70904a6c2c4f1d40179a3943a5
File size 922.0 KB ( 944128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-18 12:18:52 UTC ( 5 months, 1 week ago )
Last submission 2017-08-02 15:56:09 UTC ( 2 months, 3 weeks ago )
File names lsm.$$$
xdata2.exe
lsm.exe
services.exe
dwm.exe
c6a2fb56239614924e2ab3341b1fbba5.virus
2.exe.bin
conhost.exe
svchost.exe
taskhost.exe
XData ransomware DROPPER
wuauclt.exe
wininit.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!