× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d9caad76dd52b00ee362977bd0672510778b353cdf790bf63ad9dceae714b76
File name: Hq6sWNeXy.exe
Detection ratio: 49 / 57
Analysis date: 2016-10-01 08:37:22 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BUET 20161001
AegisLab Luhe.Fiha.Gen!c 20161001
AhnLab-V3 Trojan/Win32.Locky.N2034510760 20160930
ALYac Trojan.Agent.BUET 20160930
Antiy-AVL Trojan[Ransom]/Win32.Locky 20161001
Arcabit Trojan.Agent.BUET 20161001
Avast Win32:Malware-gen 20161001
AVG Ransom_r.RW 20161001
Avira (no cloud) TR/Crypt.ZPACK.byza 20161001
AVware Trojan.Win32.Generic!BT 20161001
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20161001
BitDefender Trojan.Agent.BUET 20161001
Bkav HW32.Packed.CC71 20160930
CAT-QuickHeal Ransomware.Locky.WR7 20161001
Comodo TrojWare.Win32.FakeAV.HH 20161001
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Locky.AK.gen!Eldorado 20161001
DrWeb Trojan.Packed2.38169 20161001
Emsisoft Trojan.Agent.BUET (B) 20161001
ESET-NOD32 a variant of Win32/Kryptik.FAUJ 20160930
F-Prot W32/Locky.AK.gen!Eldorado 20160926
F-Secure Trojan.Agent.BUET 20161001
Fortinet W32/Kryptik.FCQA!tr 20161001
GData Trojan.Agent.BUET 20161001
Ikarus Trojan-Ransom.Locky 20160930
Sophos ML ransom.win32.locky.a 20160928
Jiangmin Trojan.Locky.aoa 20161001
K7AntiVirus Trojan ( 004f3bfc1 ) 20161001
K7GW Trojan ( 004f3bfc1 ) 20161001
Kaspersky Trojan-Ransom.Win32.Locky.agu 20161001
Malwarebytes Ransom.Locky 20161001
McAfee RDN/Ransomware-FLY 20161001
McAfee-GW-Edition BehavesLike.Win32.Pate.ch 20161001
Microsoft Ransom:Win32/Locky 20161001
eScan Trojan.Agent.BUET 20161001
NANO-Antivirus Trojan.Win32.Packed2.edynbp 20161001
nProtect Trojan/W32.Agent.142336.SE 20161001
Panda Trj/GdSda.A 20160930
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161001
Rising Malware.Generic!u73fuV1Pj5K@1 (thunder) 20161001
Sophos AV Troj/Locky-FC 20161001
SUPERAntiSpyware Ransom.Locky/Variant 20161001
Symantec Trojan Horse 20161001
Tencent Win32.Trojan.Raas.Auto 20161001
TrendMicro-HouseCall Ransom_HPLOCKY.SM2 20161001
VIPRE Trojan.Win32.Generic!BT 20161001
ViRobot Trojan.Win32.Z.Locky.142336.D[h] 20161001
Yandex Trojan.Locky! 20160930
Zillya Trojan.AgentGen.Win32.56 20160929
Alibaba 20160930
ClamAV 20161001
CMC 20160930
Kingsoft 20161001
TheHacker 20161001
TrendMicro 20161001
VBA32 20160930
Zoner 20161001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005-2011 Stardock Corporation

Product Activate
Original name SDActivate.exe
Internal name Activate
File version 1, 2, 1, 12
Description Product Activation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-22 07:51:31
Entry Point 0x00011000
Number of sections 6
PE sections
PE imports
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
LookupAccountNameA
CryptAcquireContextA
RegSetValueExW
IsValidSid
GetSidIdentifierAuthority
CryptGenRandom
RegOpenKeyExW
RegOpenKeyA
CryptReleaseContext
RegQueryValueExW
CreatePatternBrush
SetBrushOrgEx
DeleteDC
CreateFontIndirectW
SetBkMode
AngleArc
CreatePen
GetStockObject
AddFontMemResourceEx
CancelDC
SelectObject
AnimatePalette
SetTextColor
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
GetStdHandle
GetConsoleOutputCP
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
LoadLibraryW
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
InterlockedDecrement
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
lstrcmpA
CompareStringA
GetComputerNameA
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CancelWaitableTimer
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHCreateDirectoryExW
PathGetArgsW
RedrawWindow
DrawTextExW
EndDialog
GetMessageW
PostQuitMessage
CharLowerA
SetWindowLongW
MessageBoxW
GetWindowRect
DialogBoxParamW
GetWindowDC
TranslateMessage
GetDlgItemTextW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
SendMessageW
wsprintfA
GetSystemMetrics
SendMessageA
GetClientRect
GetDlgItem
DrawTextW
ScreenToClient
DrawFocusRect
CallWindowProcW
IsDialogMessageW
SetWindowTextW
GetFocus
GetDC
GetWindowInfo
HttpQueryInfoW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW
HttpSendRequestW
InternetReadFile
InternetOpenW
HttpOpenRequestW
_except_handler3
malloc
_CIsin
free
exit
_CIcos
__set_app_type
_wtoi
CreateStreamOnHGlobal
Number of PE resources by type
RT_ICON 12
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
96256

ImageVersion
2.0

ProductName
Activate

FileVersionNumber
1.2.1.12

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
2.0

FileTypeExtension
exe

OriginalFileName
SDActivate.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 2, 1, 12

TimeStamp
2016:06:22 08:51:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Activate

ProductVersion
1, 2, 1, 12

FileDescription
Product Activation

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 2005-2011 Stardock Corporation

MachineType
Intel 386 or later, and compatibles

CompanyName
Stardock Corporation

CodeSize
65536

FileSubtype
0

ProductVersionNumber
1.2.1.12

EntryPoint
0x11000

ObjectFileType
Executable application

File identification
MD5 78758463c6cd084bae0b64cdc88e4a55
SHA1 329ee9b36266c393bb0b5100a8fe6de7f5a1728a
SHA256 9d9caad76dd52b00ee362977bd0672510778b353cdf790bf63ad9dceae714b76
ssdeep
1536:wuM/E+00SBVxcYVi8Wdtz/5oS216EtkPpTghm0rCLXYpA/HZMveCx3K2EweeYlsv:w1E2SfxW3Pz/5AgpGrCLXYpA/q33K

authentihash a39e70b62b729780deb2770d1d38f0b606a8a56eba700fccc179af7b03168b36
imphash 10396912b25a04972c2244f16ae9baa9
File size 139.0 KB ( 142336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-22 15:19:00 UTC ( 1 year, 5 months ago )
Last submission 2016-10-01 08:37:22 UTC ( 1 year, 2 months ago )
File names Hq6sWNeXy.exe
Activate
SZHOHq6sWNeXy.exe
SDActivate.exe
78758463c6cd084bae0b64cdc88e4a55
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications