Cuckoo Sandbox

PE Compile Time

2022-08-23 12:55:06

PE Imphash

bb2600e94092da119ee6acbbd047be43

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.flat	0x00001000	0x0000014d	0x00000200	4.52841896497
.text	0x00002000	0x000174c2	0x00017600	6.45338378706
.rdata	0x0001a000	0x0000ba6a	0x0000bc00	6.94985962136
.data	0x00026000	0x00016fce	0x00014c00	6.08954004404
.rsrc	0x0003d000	0x000001e8	0x00000200	4.7655426852

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_MANIFEST	0x0003d060	0x00000184	LANG_ENGLISH	SUBLANG_ENGLISH_US	XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library CRYPT32.dll:

• 0x41a030 CryptStringToBinaryA

Library COMCTL32.dll:

• 0x41a024 None

• 0x41a028 InitCommonControlsEx

Library MPR.dll:

• 0x41a168 WNetOpenEnumW

• 0x41a16c WNetEnumResourceW

• 0x41a170 WNetCloseEnum

Library KERNEL32.dll:

• 0x41a07c Process32FirstW

• 0x41a080 GetSystemInfo

• 0x41a084 GetVersionExW

• 0x41a088 GetModuleHandleA

• 0x41a08c lstrcpyA

• 0x41a090 GetProcAddress

• 0x41a094 ExitProcess

• 0x41a098 GetModuleHandleW

• 0x41a09c EnterCriticalSection

• 0x41a0a0 LeaveCriticalSection

• 0x41a0a4 InitializeCriticalSection

• 0x41a0a8 GetVolumeInformationW

• 0x41a0ac GetVolumePathNameW

• 0x41a0b0 MulDiv

• 0x41a0b4 GetCommandLineW

• 0x41a0b8 FindFirstVolumeW

• 0x41a0bc FindNextVolumeW

• 0x41a0c0 FindVolumeClose

• 0x41a0c4 GetFileSize

• 0x41a0c8 QueryDosDeviceW

• 0x41a0cc ReadFile

• 0x41a0d0 GetTempPathW

• 0x41a0d4 CreateMutexW

• 0x41a0d8 CreateProcessA

• 0x41a0dc lstrcatA

• 0x41a0e0 IsWow64Process

• 0x41a0e4 GetModuleFileNameA

• 0x41a0e8 GetModuleFileNameW

• 0x41a0ec SetVolumeMountPointW

• 0x41a0f0 Process32NextW

• 0x41a0f4 ResumeThread

• 0x41a0f8 WaitForMultipleObjects

• 0x41a0fc GetComputerNameExW

• 0x41a100 lstrcmpiW

• 0x41a104 GetSystemTime

• 0x41a108 GetWindowsDirectoryW

• 0x41a10c lstrcatW

• 0x41a110 GetLastError

• 0x41a114 Sleep

• 0x41a118 GetCurrentThreadId

• 0x41a11c CreateFileW

• 0x41a120 lstrlenA

• 0x41a124 WriteFile

• 0x41a128 lstrlenW

• 0x41a12c lstrcpyW

• 0x41a130 CreateThread

• 0x41a134 GetLogicalDriveStringsW

• 0x41a138 GetDriveTypeW

• 0x41a13c GetDiskFreeSpaceW

• 0x41a140 lstrcmpW

• 0x41a144 GetProcessHeap

• 0x41a148 CloseHandle

• 0x41a14c HeapReAlloc

• 0x41a150 OpenProcess

• 0x41a154 Wow64DisableWow64FsRedirection

• 0x41a158 WaitForSingleObject

• 0x41a15c GetCurrentProcess

• 0x41a160 VirtualAlloc

Library USER32.dll:

• 0x41a19c DefWindowProcW

• 0x41a1a0 GetWindowRect

• 0x41a1a4 GetDC

• 0x41a1a8 SetWindowPos

• 0x41a1ac MessageBoxW

• 0x41a1b0 CreateWindowExW

• 0x41a1b4 SendMessageW

• 0x41a1b8 EndDialog

• 0x41a1bc GetSystemMetrics

• 0x41a1c0 RegisterClassExW

• 0x41a1c4 wsprintfA

• 0x41a1c8 DispatchMessageW

• 0x41a1cc SetTimer

• 0x41a1d0 RegisterHotKey

• 0x41a1d4 TranslateMessage

• 0x41a1d8 LoadCursorW

• 0x41a1dc GetClientRect

• 0x41a1e0 GetDlgItem

• 0x41a1e4 PostQuitMessage

• 0x41a1e8 wsprintfW

• 0x41a1ec DrawTextW

• 0x41a1f0 GetMessageW

• 0x41a1f4 ReleaseDC

• 0x41a1f8 SystemParametersInfoW

• 0x41a1fc ShowWindow

• 0x41a200 LoadImageW

Library GDI32.dll:

• 0x41a038 CreateCompatibleBitmap

• 0x41a03c BitBlt

• 0x41a040 CreateFontW

• 0x41a044 DeleteDC

• 0x41a048 GetDeviceCaps

• 0x41a04c SetBkMode

• 0x41a050 SetTextColor

• 0x41a054 DeleteObject

• 0x41a058 GetTextExtentPoint32W

• 0x41a05c SelectObject

• 0x41a060 CreateCompatibleDC

• 0x41a064 CreateDIBSection

• 0x41a068 SetBkColor

Library ADVAPI32.dll:

• 0x41a000 RegOpenKeyExW

• 0x41a004 RegSetValueExW

• 0x41a008 RegCreateKeyExW

• 0x41a00c SystemFunction036

• 0x41a010 RegQueryValueExW

• 0x41a014 RegQueryValueExA

• 0x41a018 RegCloseKey

• 0x41a01c AllocateAndInitializeSid

Library SHELL32.dll:

• 0x41a184 SHGetPathFromIDListW

• 0x41a188 CommandLineToArgvW

• 0x41a18c ShellExecuteExW

• 0x41a190 SHBrowseForFolderW

• 0x41a194 SHEmptyRecycleBinW

Library WS2_32.dll:

• 0x41a208 ntohl

• 0x41a20c inet_ntoa

• 0x41a210 setsockopt

• 0x41a214 socket

• 0x41a218 gethostbyname

• 0x41a21c WSAStartup

• 0x41a220 inet_addr

• 0x41a224 htons

• 0x41a228 bind

• 0x41a22c WSACleanup

• 0x41a230 sendto

Library IPHLPAPI.DLL:

• 0x41a070 SendARP

• 0x41a074 GetAdaptersAddresses

Library NETAPI32.dll:

• 0x41a178 NetApiBufferFree

• 0x41a17c NetShareEnum

!This program cannot be run in DOS mode.
`.rdata
@.data
ho%m\j
hb|3Zj
hz,,Lj
D$$PVh
1P 1H$_^[
2-byVW
T$d5l>+3T$4
n<3D$$
3T$\RP
3T$@RP
3T$DRP
T$t3D$4
L$h3L$|
T$@3D$x
D$l3D$HPR
L$D3L$x
3D$XPR
T$|3D$x
T$p3T$DRP
3D$DPQ
L$P3L$8
D$L3D$<PQ
T$T3D$X
T$T3T$xRP
T$\3T$h
T$L3D$d
T$@3T$XRP
T$(3T$
T$03T$TRP
T$$3T$PRP
L$X3L$$
T$\3T$xRP
T$|3T$DRP
3T$DRP
3T$4RP
T$03T$`RP
T$$3T$PRP
T$<3T$HRP
T$(3T$
T$03T$TRP
D$p3D$tPQ
3T$DRP
T$03T$`
3D$DPQ
T$P3D$t
T$$3T$|RP
L$`3L$d
D$p3D$XPQ
3T$DRP
D$x3L$|
D$<3D$pPQ
3T$pRP
T$(3T$
L$X3L$L
3D$LPQ
3D$lPQ
T$<3D$|
D$83D$DPQ
3D$LPQ
D$|3D$`PQ
AD9ADw
A(l>+
#D$$#t$
G<_^[]
te k_^
3p 3x03H
3p43H$
?dcsqdcasdxasd=
?dcsqdcasdxasd=
?dcsqdcasdxasd=
text/*
HTTP/1.1
/c ping localhost -n 3 > nul & del %s
C:\Windows\System32\cmd.exe
SHChangeNotify
Shell32.dll
C:\Windows\System32\cmd.exe
<html><head><hta:application ApplicationName="Venus" Border="Thin" BorderStyle="Static" Caption="Yes" ContextMenu="No" MaximizeButton="No" MinimizeButton="No" Navigable="No" Scroll="No" Selection="No" ShowInTaskbar="Yes" SingleInstance="Yes" SysMenu="Yes" WindowState="Maximize"><title>Venus</title><style type = "text/css">*{padding:0;margin:0}p{color:white}.f{background-color:#ff7c00;width:100%;margin-left:auto;margin-right:auto;height:100%}.c h1{color:white;line-height:80px}.r{word-break:break-all;float:left;width:100%;text-align:center}</style></head><body><div class="f"><div class="c"><h1 align="center">&lt;&lt;&lt;Venus&gt;&gt;&gt;</h1></div><div class="r"><p></br></br></br></br><strong>We downloaded and encrypted your data.</strong></br>Only we can decrypt your data.<br><strong>IMPORTANT!</strong><br> If you, your programmers or your friends would try to help you to decrypt the files it can cause data loss even after you pay.<br> In this case we will not be able to help you.<br>Do not play with files.</p
<html><head><title>Venus</title><style type = "text/css">*{padding:0;margin:0}p{color:white}.f{background-color:#ff7c00;width:100%;margin-left:auto;margin-right:auto;height:100%}.c h1{color:white;line-height:80px}.r{word-break:break-all;float:left;width:100%;text-align:center}</style></head><body><div class="f"><div class="c"><h1 align="center">&lt;&lt;&lt;Venus&gt;&gt;&gt;</h1></div><div class="r"><p></br></br></br></br><strong>We downloaded and encrypted your data.</strong></br>Only we can decrypt your data.<br><strong>IMPORTANT!</strong><br> If you, your programmers or your friends would try to help you to decrypt the files it can cause data loss even after you pay.<br> In this case we will not be able to help you.<br>Do not play with files.</p><p>Do not rename encrypted files.<br>Do not try to decrypt your data using third party software, it may cause permanent data loss.<br>Decryption of your files with the help of third parties may cause increased price  or you can become a victim of a scam.</br>-------
</p></div></body></html></html></body></html>
]-wyP
^S5rQ8
5@;>fq
Ib|3Z24y
|\={S}-G6
Vz,,LCp
gooodgamer
pbsecGOOD
secpbGOOD
xXBLTZKmAu9pjcfxrIK4gkDp/J9XXATjuysFRXG4rH4=
pbsecGOOD
3nDfO5MC84yPIVrig9wVSglY/VEutb0apH6dCWdW1Rw=
3nDfO5MC84yPIVrig9wVSglY/VEutb0apH6dCWdW1Rw=
3nDfO5MC84yPIVrig9wVSglY/VEutb0apH6dCWdW1Rw=
3nDfO5MC84yPIVrig9wVSglY/VEutb0apH6dCWdW1Rw=
secpbGOOD
RtlInitUnicodeString
NtCreateFile
NtWriteFile
NtReadFile
NtQueryDirectoryFile
NtOpenFile
NtClose
NtSetInformationFile
NtRemoveIoCompletion
NtSetIoCompletion
NtCreateIoCompletion
NtQuerySystemInformation
NtDll.dll
NtDuplicateObject
NtDll.dll
NtQueryObject
NtDll.dll
SetSecurityInfo
Advapi32.dll
SetEntriesInAclW
Advapi32.dll
RtlZeroMemory
RtlFillMemory
memcpy
D7q/;M
SigEd25519 no Ed25519 collisions
GooGLeeedRRG
?ffffff
.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
CryptStringToBinaryA
CRYPT32.dll
InitCommonControlsEx
COMCTL32.dll
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
MPR.dll
GetCurrentProcess
WaitForSingleObject
OpenProcess
HeapReAlloc
CloseHandle
GetProcessHeap
lstrcmpW
GetDiskFreeSpaceW
GetDriveTypeW
GetLogicalDriveStringsW
CreateThread
lstrcpyW
lstrlenW
WriteFile
lstrlenA
CreateFileW
GetCurrentThreadId
GetLastError
lstrcatW
GetWindowsDirectoryW
GetSystemTime
lstrcmpiW
WaitForMultipleObjects
ResumeThread
GetVolumeInformationW
VirtualAlloc
GetComputerNameExW
lstrcatA
Process32NextW
Process32FirstW
GetSystemInfo
GetVersionExW
GetModuleHandleA
lstrcpyA
GetProcAddress
ExitProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetVolumePathNameW
MulDiv
GetCommandLineW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSize
QueryDosDeviceW
ReadFile
GetTempPathW
CreateMutexW
CreateProcessA
Wow64DisableWow64FsRedirection
IsWow64Process
GetModuleFileNameA
GetModuleFileNameW
SetVolumeMountPointW
KERNEL32.dll
wsprintfW
LoadImageW
PostQuitMessage
GetDlgItem
GetClientRect
LoadCursorW
TranslateMessage
RegisterHotKey
SetTimer
DispatchMessageW
ShowWindow
RegisterClassExW
GetSystemMetrics
EndDialog
SendMessageW
CreateWindowExW
MessageBoxW
SetWindowPos
GetWindowRect
DefWindowProcW
GetMessageW
wsprintfA
DrawTextW
ReleaseDC
SystemParametersInfoW
USER32.dll
GetDeviceCaps
CreateFontW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetTextExtentPoint32W
SelectObject
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
GDI32.dll
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid
SystemFunction036
RegCreateKeyExW
RegSetValueExW
ADVAPI32.dll
SHEmptyRecycleBinW
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteExW
SHELL32.dll
WS2_32.dll
GetAdaptersAddresses
SendARP
IPHLPAPI.DLL
NetShareEnum
NetApiBufferFree
NETAPI32.dll
12210111111610599117115
FRPU\X_
RT\PM\
RVEPYoV
@EXTE
GCFX]\XYTMe
VW]UET
BYPR^GF
SRUTRXD
BTA JQGCBT_EL
qYNXHBxWW
bypuyfszi`
ur}taE1
AAABAAEAAAAQAAEABADn8QAAFgAAAIlQTkcNChoKAAAADUlIRFIAAAEAAAABAAgGAAAAXHKoZgAAIABJREFUeJzcvX9sVOe1NvrMJI4xEoOnSXDBHJtwZpwiU1LZllt+uZzTOBTMqYCAfBxRhaRJW1KJL3/0BvlckqgJ5yI+9Y80Ustp2tKgg8JnkRLUxqEJJ0fUQEgsg5o0CILnEuzDjzoh8TBIOM6E2fePd5416333u8em99One78lWXv2nr3fvccz6/ez1ooNH/1ZMDjwZ6RbvobBgT9jYOAqWlqmQ1PF5avIz5yOgYGrABB6HwAGBq5iYa15ffwikB0Cth/Zj71PPoEZt38s65D2vl+Brvn50Dqkg28B994/3brGpXJrHL8ILKwF8jP9a2x9pYBta+IYPF1Aep69BYDMaBzZRAXWtU8t+wwH3wJWLIJc59LuM0BHazx0vLe/gMU15ngqaa69kogjOwRU15v/ccXlqzh+0Zzf9cNvYnDgz9YaLx+6jnXtUyOfjd/lwMBVnB+twM7eHux98gn0nRzCWFCDF197Ppb68sYg89cXY7ymZvrxYOTqwtA+z4s6n8cnun7jys3Bi689/zdf39awOug7eyDyeSd6vomun+h5JnN/AGhvHsPO3h75vLyurWF1cClXjcxfX8Smjk7r+zo1OI7GdCVODY6j7+wBtDWsRmO60npvZ28PupeuxbER85vh+Ytr4nKs7+wBbOroxJyk4Y3zoxWYk8xb2+pcHtlEBfQvM4YIys80DN/SMh0tLdPx8qHr1vsVl69iy579OPgW0LZjP86PVmDFIuDN5x5C7ecZVFy+GmKiU4Pj8tplnsHTBWQTFVGPI9Q1Py8MoonHopgfABbXxHHwLfv+B98yjL/7DHBspDAh8/M6H/NnRuPIjMbRmK5E3V0pLKwF7sgVZLttTRzV9eY+u88YQZEdMteeH62Q5weAurtSIeYHgHXtU0Uop1u+Zr1Hpv/W47/F+VEjyN587iEsXl7LU/h9x/ijdY7D
jUpk/6FseR4e/WfHARB4YtM92vb/evtJBy7zalse55bPl7gueH9+nrg+wt970AGA+599xAEQuP/ZR5yEAHEtANYVP/t4HhLgH5uG0zTgrdfd4/zlnV149vE8a3fSBJAiUFuWJZFNgfIr3HQH//hn8yswdrgbADR0Fs9PaCuJSwBcCwLPr5qOzKEOHGmN8hqBudVh2Qbc12LheKfasiz1/IXnoir6WnjODcSMHe5G6942CMvIqvkvtQk8GTcA+Goa26/rzzeRWbhQMr6nbxbGzNqYW9EuDtCFg0MrIdX6SWx5PVusipbIZNanPI/CyXL9lPeXx7W2IVIIQNf8ASQ0/l/e2eVw8CDgrTRiTXNtWZaSzEdaozjSGnUOnC/C/kPZWBqJofyKs44c3y2pMj+IF17Y42zZtA1HWqNO69427Dt0xgGAfYfOOCdjudh36AyOtEYRzosjOhzEkdaoQ2FSmR/E+l/+p5N4LgcA2ve5lkDmUIfTurcN2YEhVNYW4sTb76moa8bgafV++rRTmHJjCQRoyRSOmua/mK24bZQuGEhNfiFCwJb7N7X/pRJ+RgxG/V7J/GY3a35O5hCfOznZryAn+xUHcLtApVrP+8n1iXVO4lrW+xv7ZnYLxn66z2He33iOtOsBOCdjuU4QQEBK+bqKoJoExB/7X97Z5VxzvoV4Zs3nMiOZ5eVTVYAioY3V+XKQh2B8a9SdwZa51WHUlmXhliv7UDDaj4LRfjy/aroCb2z9ONmwkz39AK1NtEcCHuyKYdk/TiARIzBx04GBq8LIGDyNwnNRiJSlaQmpEWAAtGrAS0GTYcQLbRpqy/1z/SX0/VNpTJtG9KwzmNSqGVOtN+9nYe5U6+W+bR2M75Fqvfm8DsT3m8R6BMvLpzoyiERgwq3X3eNkDnXgtnkDTmPjfETK57EzCTUr5FbS7HCRMsVHQhnOYM5MDObMRF1FEDNCI2gfisuXw0m73N/VE8LJWK5Ky4wd7kZ0OKi68D7zm8+4v/CmAAAgAElEQVQQ
EQBZZX]]
ZBWAeBC^UIT
BAYX^T_CTMe
B@]SC^ABUG
xx BC^BUCGCTIS
B@[FC\tT@
YCQVU\TOT
]RCBUTIT
]SBY\A
BH_RBX]P
xx \KVTCZE^A@^EUM\
PRnEADR
YFHUA]BBBCcWJT
IWEBFVZV_RIT
\IUTBZE^FBUGOPRT
_RPDE^DFUC
aV\FBFRTIT
X^_EDGR
PV_EEGS
e_QAGSTIT
SPKTWXIRZnW[UUIT
ER\K]R^YWXR.TJW
XyBC^U
]LJH]U
\HB@ZU
ZIMTOT
BFSRZrTAWCFXRTTIS
X_W^FPD]
xx \ASRSTBBTIS
^_T_YEU
oDF^^_ZTIT
IVFTEA_A.TJW
B@ZBUGOKTOT
EXTSPE
EY@nUW@SYCUTIT
FXYF^GdWJT
F^DU@T]
./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
internal
sysrandom
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='highestAvailable' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
jjjjjjjj
Cjjjjjj
jjjjjjj
DRIVE_REMOVABLE
DRIVE_FIXED
DRIVE_REMOTE
\??\%.2s\
\??\UNC%s\
\??\%s\
Network
Network share
Network Dir
Network Dir
TSoftware\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
g g g o n e123
g g g o n e123
eC:\Windows\%s.png
.venus
Classes
SOFTWARE
%s\%s\%s
DefaultIcon
 All your files has been encrypted 
 All information how to make decrypt you can find in 
 README file
Times New Roman
Control Panel\Desktop
Wallpaper
TrustedInstaller
winsta0\default
SeDebugPrivilege
SeImpersonatePrivilege
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
\cmd.exe
winlogon.exe
TrustedInstaller.exe
Print$
ADMIN$
Default share
\??\UNC\%s\%s\
Remote UNC
Remote UNC
README.html
README.txt
README.html
Tor Browser
Windows
dropbox
iexplorer
%s%x%x%x%x.goodgame
Diff th work
kernel32.dll
SystemDrive
decryptdata@onionmail.org
Nq31Dn87own5ge3wC9PwFimg
Nq31Dn87own5ge3wC9PwFimg
decryptdata@onionmail.org
%s;%s;%s;%s;
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
"OS": "%s",
"CompName": "%s",
"ext": "%s"
"processes":[
svchost.exe
{ "drives":{ 
\??\%.2s\
"%s\": "%I64d\\%I64dGB" 
,"%s\": "%I64d\\%I64dGB" 
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
.venus
SeDebugPrivilege
SeTcbPrivilege
SeTakeOwnershipPrivilege
SeSecurityPrivilege
SOFTWARE\Microsoft\Windows\CurrentVersion
ntdll.dll
ntdll.dll
entdll.dll
ntdll.dll
ntdll.dll
ntdll.dll
entdll.dll
ntdll.dll
ntdll.dll
ntdll.dll
ntdll.dll
ntdll.dll
ntdll.dll
ntdll.dll
\??\UNC%s\
\??\%s\
TempWorking
SysListView32
Size done
Done ?
344 TP
Custom
Button
STATIC
Segoe Print

Antivirus	Signature
Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Venus.j!c
Elastic	malicious (high confidence)
ClamAV	Win.Ransomware.Bandook-9978067-1
CMC	Clean
CAT-QuickHeal	Ransom.Venus.S28803801
Skyhigh	BehavesLike.Win32.Dropper.dc
ALYac	Trojan.Ransom.Filecoder
Cylance	Unsafe
Zillya	Trojan.Filecoder.Win32.26814
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/Venus.97c020e1
K7GW	Ransomware ( 005a59901 )
K7AntiVirus	Ransomware ( 005a59901 )
huorong	Ransom/LockFile.ay
Baidu	Clean
VirIT	Trojan.Win32.GenusT.DYBR
Paloalto	generic.ml
Symantec	Downloader
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Filecoder.Venus.E
APEX	Malicious
Avast	Win32:RansomX-gen [Ransom]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Ransom.Win32.Generic
BitDefender	Trojan.Ransom.Venus.A
NANO-Antivirus	Virus.Win32.Gen.ccmw
ViRobot	Trojan.Win.Z.Venus.230912.B
MicroWorld-eScan	Trojan.Ransom.Venus.A
Tencent	Trojan-Ransom.Win32.Filecoder.ha
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.Encoder.33303
VIPRE	Trojan.Ransom.Venus.A
TrendMicro	Ransom.Win32.VENUS.THIABBB
McAfeeD	ti!0A4E5832841F
Trapmine	malicious.high.ml.score
CTX	exe.ransomware.venus
Emsisoft	Trojan.Ransom.Venus.A (B)
Ikarus	Trojan-Ransom.Venus
FireEye	Generic.mg.eae3f9f84a8b6756
Jiangmin	Trojan.Generic.hmtxt
Webroot	W32.Ransom.Venus
Varist	W32/Filecoder.DT.gen!Eldorado
Avira	TR/Crypt.XPACK.Gen
Fortinet	W32/Filecoder.OBQ!tr.ransom
Antiy-AVL	Trojan[Ransom]/Win32.Venus
Kingsoft	Win32.Troj.Generic.jm
Gridinsoft	Ransom.Win32.AI.oa!s2
Xcitium	Malware@#aio56u0t6vdi
Arcabit	Trojan.Ransom.Venus.A
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Ransom:Win32/Venus.A!dha
Google	Detected
AhnLab-V3	Ransomware/Win.Venus.C5220541
Acronis	Clean
McAfee	GenericRXUD-MP!EAE3F9F84A8B
TACHYON	Ransom/W32.Venus.230912
VBA32	TrojanRansom.Venus
Malwarebytes	Clean
Panda	Trj/GdSda.A
Zoner	Clean
TrendMicro-HouseCall	Ransom.Win32.VENUS.THIABBB
Rising	Ransom.Venus!1.E132 (CLASSIC)
Yandex	Trojan.Filecoder!JMNnXkU+Kag
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.10307848.susgen
GData	Win32.Trojan-Ransom.VenusLocker.B
AVG	Win32:RansomX-gen [Ransom]
DeepInstinct	MALICIOUS
alibabacloud	Ransomware:Win/Venus.E

IRMA	Signature
Trend Micro SProtect (Linux)	Ransom.Win32.VENUS.THIABBB
Avast Core Security (Linux)	Win32:RansomX-gen [Ransom]
C4S ClamAV (Linux)	Win.Ransomware.Bandook-9978067-1
Trellix (Linux)	GenericRXUD-MP
Sophos Anti-Virus (Linux)	Mal/Generic-S
Bitdefender Antivirus (Linux)	Trojan.Ransom.Venus.A
G Data Antivirus (Windows)	Virus: Trojan.Ransom.Venus.A (Engine A), Win32.Trojan-Ransom.VenusLocker.B (Engine B)
WithSecure (Linux)	Trojan.TR/Crypt.XPACK.Gen
ESET Security (Windows)	a variant of Win32/Filecoder.Venus.E trojan
DrWeb Antivirus (Linux)	Trojan.Encoder.33303
ClamAV (Linux)	Win.Ransomware.Bandook-9978067-1
eScan Antivirus (Linux)	Trojan.Ransom.Venus.A(DB)
Kaspersky Standard (Windows)	HEUR:Trojan-Ransom.Win32.Generic
Emsisoft Commandline Scanner (Windows)	Trojan.Ransom.Venus.A (B)

Browser recommendation

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports

Browser recommendation

PE Compile Time

PE Imphash

Sections

Resources

Imports

Feedback