03536cb6...e4d9

VTI SCORE: 91/100

Target:

win7_32_sp1 | exe

Classification:

Trojan, Dropper, Ransomware

03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9 (SHA256)

03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe

Windows Exe (x86-32)

Created at 2018-03-06 15:43:00

Severity	Category	Operation	Classification
4/5	File System	Modifies content of user files	Ransomware
Modifies the content of multiple user files. This is an indicator for an encryption attempt. ... VTI Actions Go to Function Call
4/5	File System	Associated with malicious files	Trojan
File "c:\users\eebsym5\desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe" is a known malicious file. ... VTI Actions Go to File Details Go to Function Call
3/5	Anti Analysis	Tries to detect the presence of antivirus software	-
Tries to detect antivirus software via WMI query: "select * from antivirusproduct". ... VTI Actions Go to Function Call
1/5	Process	Creates process with hidden window	-
The process ""C:\Users\EEBsYm5\AppData\Local\Cullinnen.bin"" starts with hidden window. ... VTI Actions Go to Function Call
1/5	PE	Drops PE file	Dropper
Drops file "c:\users\eebsym5\appdata\local\cullinnen.bin". ... VTI Actions Go to File Details Go to Function Call
1/5	PE	Executes dropped PE file	-
Executes dropped file "c:\users\eebsym5\appdata\local\cullinnen.bin". ... VTI Actions Go to File Details Go to Function Call

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After