Trojan.Virlock.GLA
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 9,556 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 328 |
| First Seen: | May 22, 2023 |
| Last Seen: | April 20, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Virlock.GLA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
f003263a8edda1e2e71ea53f8cc67c6f
SHA1:
0ffaba3093f77c7d17d67330587c53adaee819bb
SHA256:
D66C140C0403D754038661909CB5282D830FBE18F0ACA1A6C834DA7B90BD7860
File Size:
2.35 MB, 2345472 bytes
|
|
MD5:
4bb439232285094937ebedeb33c255c6
SHA1:
0971486c1cf7d2b8b3447d327a4364af3367ff2b
SHA256:
1B6BA08FF414EF7CC28C96BB3A6E9EF69EB744DCDFDFEDC1D42A8181283D5DE3
File Size:
2.59 MB, 2585088 bytes
|
|
MD5:
91ce94abf2e7f3690694804afd19c650
SHA1:
be14a12f7014306c207445cab38db06699239767
SHA256:
427DAC62F9A0B6ABEDD4EDAFF07A0C9EFA5C0FDE6CB18D2436208E2F909ADBB5
File Size:
2.35 MB, 2345472 bytes
|
|
MD5:
f150a764e005caf66bc5a851f875df9b
SHA1:
31794771780a871cc86e8a37525b0e0a8e6641ac
SHA256:
9D2C7CC09911ED53C98F8B486212B9CDE56E08BB9CA5B8CE82DFC2165B15F8A2
File Size:
3.91 MB, 3909535 bytes
|
|
MD5:
64fe8a9f970630f9559c4fabd6e2a21e
SHA1:
26064b14ba7100082c1d0f8cdf06a0ecca5d1504
SHA256:
0D308BDFC5C31401387977A7EEA02339685854288DF50B94620531E91BD941FE
File Size:
2.35 MB, 2345472 bytes
|
Show More
|
MD5:
58a76f810837a0226a3b3ca30695a33f
SHA1:
7b398105e570328f73fb1da93bd6de753a0fac57
SHA256:
1E569A521D9C03F0FD9E6A0020E03C84BE8D38BD5AB55CA0CA9FA541A6E50417
File Size:
1.70 MB, 1699356 bytes
|
|
MD5:
c3707123db9e9aba80d6fce744e7341c
SHA1:
3594d38e8c5425b1ad89ea3a2340b5e392e8e6a8
SHA256:
3974205A7FD770031C36613AF1052169B09BA7DE89F2A988E8200D2F5ACE63D6
File Size:
1.89 MB, 1890691 bytes
|
|
MD5:
6ec98ed409c43ba6952432f40ea4f755
SHA1:
4eb0962b02bb5b0af2ba4c98ca08bedb67fb0483
SHA256:
E187C2D76E20E0FCBD7CB8A0B016367C7C9BBDD31F058ADF718F185801955D2E
File Size:
2.35 MB, 2345472 bytes
|
|
MD5:
0ad30362b251e3a121b317df806d7290
SHA1:
d024497ea88b27cd0840f992de4a5c8e248aff81
SHA256:
33D68BDECDFDCE04AC63A1068F7914E61C7DCEF5FDF1D59017FD0C07CF983E87
File Size:
1.62 MB, 1618432 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments |
|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks | RG |
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- 2+ executable sections
- big overlay
- packed
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,173 |
|---|---|
| Potentially Malicious Blocks: | 12 |
| Whitelisted Blocks: | 284 |
| Unknown Blocks: | 877 |
Visual Map
?
?
?
?
?
0
?
?
?
0
?
?
0
?
?
0
?
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
0
?
0
?
0
?
0
?
?
?
?
?
?
?
?
?
?
0
?
0
?
?
?
?
?
?
?
0
?
?
?
?
0
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
?
0
0
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
0
0
?
?
?
?
0
?
?
0
?
?
?
?
0
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
?
?
0
?
?
?
?
0
?
?
?
0
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
0
1
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
0
?
?
0
0
0
0
0
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
0
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
0
0
?
?
?
?
?
?
0
1
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
0
0
0
?
0
0
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
?
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
0
?
?
x
?
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
x
?
x
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
x
?
x
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
0
?
?
?
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
?
?
0
0
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
x
?
?
?
?
?
?
?
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
