× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a36c836d1283efba8903583ad5fcee0a3f16b0d9b52fa87e82478245950b19a5
File name: 1990?s
Detection ratio: 51 / 62
Analysis date: 2017-04-26 16:54:07 UTC ( 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20514949 20170426
AegisLab Uds.Dangerousobject.Multi!c 20170425
AhnLab-V3 Trojan/Win32.SageCrypt.C1874517 20170426
ALYac Trojan.Generic.20514949 20170426
Antiy-AVL Trojan[Ransom]/Win32.SageCrypt 20170426
Arcabit Trojan.Generic.D1390885 20170426
Avast Win32:Rootkit-gen [Rtk] 20170426
AVG FileCryptor.OIZ 20170426
Avira (no cloud) TR/Crypt.Xpack.ftmig 20170425
AVware Trojan.Win32.Generic!BT 20170426
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170426
BitDefender Trojan.Generic.20514949 20170426
Bkav W32.KipteratLTAF.Trojan 20170426
CAT-QuickHeal Ransom.Milicry 20170426
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.KNMP-5421 20170426
DrWeb Trojan.Encoder.10433 20170426
Emsisoft Trojan.Generic.20514949 (B) 20170426
Endgame malicious (high confidence) 20170419
ESET-NOD32 Win32/Filecoder.NHQ 20170426
F-Secure Trojan.Generic.20514949 20170426
Fortinet W32/Filecoder.NHQ!tr 20170426
GData Trojan.Generic.20514949 20170426
Ikarus Trojan.Win32.Filecoder 20170426
Sophos ML virus.win32.sality.at 20170413
Jiangmin Trojan.SageCrypt.bd 20170425
K7AntiVirus Trojan ( 004f78ba1 ) 20170426
K7GW Trojan ( 004f78ba1 ) 20170426
Kaspersky Trojan-Ransom.Win32.SageCrypt.bma 20170426
Malwarebytes Ransom.SageLocker 20170426
McAfee RDN/Generic.mem 20170426
McAfee-GW-Edition BehavesLike.Win32.Expiro.gc 20170426
Microsoft Ransom:Win32/Milicry!rfn 20170426
eScan Trojan.Generic.20514949 20170426
NANO-Antivirus Trojan.Win32.SageCrypt.emsota 20170426
nProtect Ransom/W32.SageCrypt.422656 20170426
Palo Alto Networks (Known Signatures) generic.ml 20170426
Panda Trj/Genetic.gen 20170426
Qihoo-360 Win32/Trojan.a22 20170426
Rising Malware.Generic.1!tfe (cloud:K6sktT5KKEF) 20170426
Sophos AV Mal/Generic-S 20170426
Symantec Ransom.Cry 20170426
Tencent Win32.Trojan.Raas.Auto 20170426
TrendMicro Ransom_MILICRY.GQL 20170425
TrendMicro-HouseCall Ransom_MILICRY.GQL 20170426
VBA32 Hoax.SageCrypt 20170426
VIPRE Trojan.Win32.Generic!BT 20170426
Webroot Trojan.Dropper.Gen 20170426
Yandex Trojan.SageCrypt! 20170426
Zillya Trojan.SageCrypt.Win32.119 20170426
ZoneAlarm by Check Point Trojan-Ransom.Win32.SageCrypt.bma 20170426
Alibaba 20170426
ClamAV 20170426
CMC 20170421
Comodo 20170426
F-Prot 20170426
Kingsoft 20170426
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170426
Symantec Mobile Insight 20170426
TheHacker 20170424
TotalDefense 20170426
Trustlook 20170426
ViRobot 20170426
WhiteArmor 20170409
Zoner 20170426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©. InMobi

Product 1990?s
Original name 1990?s.exe
Internal name 1990?s
Description Blackhole Aargu Ego Hli
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-21 12:21:46
Entry Point 0x0000C0E0
Number of sections 6
PE sections
Overlays
MD5 7dd0ba2aef2169e7334debafdb1e4901
File type data
Offset 421888
Size 768
Entropy 2.05
PE imports
TraceEventInstance
RegCloseKey
StartTraceA
PageSetupDlgA
ExcludeClipRect
CreateFontA
SetTextJustification
GetStdHandle
GetOverlappedResult
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
OutputDebugStringW
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
ReadConsoleInputA
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
DeleteFileA
GetStartupInfoW
GetProcAddress
GetProcessHeap
FindFirstFileA
lstrcpyA
HeapValidate
ResetEvent
FindNextFileA
GlobalLock
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
SetConsoleMode
GetSystemInfo
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
GetCurrentProcessId
HeapQueryInformation
WideCharToMultiByte
HeapSize
GetCommandLineA
CancelIo
RaiseException
TlsFree
GetModuleHandleA
SetConsoleTitleA
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
acmFormatEnumA
acmMetrics
NetShareGetInfo
ShellExecuteA
DragFinish
DragQueryFileA
PathAppendA
PathRemoveBackslashA
PathRemoveExtensionA
AssocCreate
PathRelativePathToA
StrCmpNIA
PathRemoveFileSpecA
MapWindowPoints
DestroyMenu
ScreenToClient
FindWindowA
SetWindowPos
AppendMenuA
GetWindowRect
RegisterClassExW
SetCapture
MoveWindow
GetIconInfo
MessageBoxA
ChildWindowFromPoint
GetProcessWindowStation
CheckDlgButton
SetScrollInfo
ReleaseDC
CreatePopupMenu
SendMessageA
GetDlgItem
CreateDialogParamA
FrameRect
DeleteMenu
LoadAcceleratorsA
DrawFocusRect
FindWindowExA
LoadCursorA
LoadIconA
GetTopWindow
GetSysColorBrush
LoadImageA
GetSystemMenu
GetFocus
GetDC
GetAncestor
Ord(143)
Ord(88)
MiniDumpWriteDump
CoInitializeEx
OleUninitialize
CoUninitialize
OleInitialize
CoLockObjectExternal
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
RevokeDragDrop
CreateILockBytesOnHGlobal
PdhGetFormattedCounterValue
PdhValidatePathA
PdhVerifySQLDBA
PdhBrowseCountersA
UrlMkSetSessionOption
URLOpenPullStreamW
URLOpenStreamW
Number of PE resources by type
RCDATA 4
JPG 4
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.8.4.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
244224

EntryPoint
0xc0e0

OriginalFileName
1990 s.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright . InMobi

TimeStamp
2017:03:21 13:21:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
1990 s

ProductVersion
6.8.4.2

FileDescription
Blackhole Aargu Ego Hli

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
InMobi

CodeSize
176640

ProductName
1990 s

ProductVersionNumber
6.8.4.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d8226b7697524c60eddd22a46b588ff7
SHA1 14b1007ef0b73b1f1258a0ccf1df735d9a3e8b11
SHA256 a36c836d1283efba8903583ad5fcee0a3f16b0d9b52fa87e82478245950b19a5
ssdeep
12288:U/aqlUmzdqqlzKBZTlgu79W0Fu+YY1dko:UybAHmTT9dj1dk

authentihash c795f2b9bc1a36253f8be2c1bf098b3f0415de2cf13978eb5af74cba7a4b89f4
imphash 8342191285fda1f0074a8646595f9309
File size 412.8 KB ( 422656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-22 12:44:37 UTC ( 11 months, 1 week ago )
Last submission 2017-04-26 16:54:07 UTC ( 10 months ago )
File names 4600471ea0906e43f0b46eb6d19b7ba7019a5623
C__Users_User_AppData_Local_Temp__fgwhe5zy8.exe
1990?s
s3.exe
1990?s.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications