× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03363f9f6938f430a58f3f417829aa3e98875703eb4c2ae12feccc07fff6ba47
File name: MM_0.BIN.exe
Detection ratio: 8 / 61
Analysis date: 2017-05-12 03:18:01 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20170512
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
CrowdStrike Falcon (ML) malicious_confidence_93% (W) 20170130
Sophos ML trojandownloader.win32.cutwail.bs 20170413
Kaspersky UDS:DangerousObject.Multi.Generic 20170512
Palo Alto Networks (Known Signatures) generic.ml 20170512
Symantec Trojan.Gen.8!cloud 20170511
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170512
Ad-Aware 20170512
AhnLab-V3 20170511
Alibaba 20170512
ALYac 20170512
Antiy-AVL 20170512
Arcabit 20170512
Avast 20170512
AVG 20170512
Avira (no cloud) 20170511
AVware 20170512
BitDefender 20170512
Bkav 20170511
CAT-QuickHeal 20170511
ClamAV 20170511
CMC 20170511
Comodo 20170512
Cyren 20170512
DrWeb 20170512
Emsisoft 20170512
Endgame 20170503
ESET-NOD32 20170512
F-Prot 20170512
F-Secure 20170512
Fortinet 20170512
GData 20170512
Ikarus 20170511
Jiangmin 20170510
K7AntiVirus 20170511
K7GW 20170512
Kingsoft 20170512
Malwarebytes 20170512
McAfee 20170512
McAfee-GW-Edition 20170511
Microsoft 20170512
eScan 20170512
NANO-Antivirus 20170512
nProtect 20170512
Panda 20170511
Qihoo-360 20170512
Rising 20170512
SentinelOne (Static ML) 20170330
Sophos AV 20170512
SUPERAntiSpyware 20170511
Symantec Mobile Insight 20170511
Tencent 20170512
TheHacker 20170508
TrendMicro 20170512
TrendMicro-HouseCall 20170512
Trustlook 20170512
VBA32 20170511
VIPRE 20170512
ViRobot 20170511
Webroot 20170512
WhiteArmor 20170502
Yandex 20170510
Zillya 20170511
Zoner 20170512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © b q jxpol g

Product Wwgx hch
Original name Vupsewssx
Internal name Vupsewssx
File version 7.677
Description Z keumqhao nbxxtj
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 13:11:17
Entry Point 0x0001EF6E
Number of sections 4
PE sections
PE imports
ConvertSecDescriptorToVariant
ADsOpenObject
PropVariantToAdsType2
ADsEnumerateNext
AdsTypeToPropVariant2
ConvertSecurityDescriptorToSecDes
AdsFreeAdsValues
ADsBuildEnumerator
BinarySDToSecurityDescriptor
SecurityDescriptorToBinarySD
PropVariantToAdsType
LsaDelete
RegLoadKeyW
capCreateCaptureWindowA
AppCleanup
capGetDriverDescriptionA
SetBitmapBits
RealizePalette
SetBkColor
RoundRect
CreateCompatibleBitmap
GetRandomRgn
SetFileAttributesA
SetFilePointer
RaiseException
ReadConsoleInputW
GetModuleHandleA
ResumeThread
FindResourceExW
GetStartupInfoA
CloseHandle
SetConsoleCursorPosition
GetProcAddress
SetCommTimeouts
VirtualAlloc
LoadLibraryA
Process32FirstW
SetThreadExecutionState
__p__fmode
_scalb
_outpw
_wctime64
__dllonexit
fopen
_except_handler3
_errno
_ismbbalnum
_onexit
exit
_XcptFilter
_mbctolower
__setusermatherr
__threadhandle
__p__commode
_acmdln
_wexeclpe
_adjust_fdiv
getwchar
_ismbcsymbol
__getmainargs
_lrotl
_controlfp
signal
wcsxfrm
_getdiskfree
_initterm
_exit
__set_app_type
RtlEqualUnicodeString
RtlMoveMemory
RtlWriteRegistryValue
bsearch
_CIcos
RtlFreeOemString
SQLGetInfoW
SQLSetParam
SQLErrorA
SQLGetInfoA
SQLParamData
VFreeErrors
SQLSetScrollOptions
SQLNativeSqlA
SQLPrimaryKeysW
SQLCopyDesc
SQLFetchScroll
PostODBCError
SQLPrimaryKeysA
SQLAllocEnv
SQLGetConnectAttrA
SQLSetDescFieldW
SQLSetStmtAttrW
ODBCSetTryWaitValue
SQLGetDiagRecW
GetODBCSharedData
SQLColAttributeA
SQLBindParam
PostComponentError
VRetrieveDriverErrorsRowCol
SQLAllocHandleStd
SQLGetConnectOptionA
ValidateErrorQueue
SQLDriverConnectW
SQLDescribeColA
SQLProceduresA
SQLDataSourcesA
SQLProceduresW
RasGetConnectionStatistics
RasSetCredentialsA
SHChangeNotification_Lock
PathRemoveBlanksA
SHAutoComplete
SHFreeShared
GetWindowRgn
SetWindowTextW
ValidateRgn
SetWindowsHookExA
Number of PE resources by type
RT_ICON 2
RT_STRING 2
RT_GROUP_ICON 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.677.0.0

LanguageCode
Unknown (0001)

FileFlagsMask
0x003f

FileDescription
Z keumqhao nbxxtj

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (0009)

InitializedDataSize
118784

EntryPoint
0x1ef6e

OriginalFileName
Vupsewssx

MIMEType
application/octet-stream

LegalCopyright
Copyright b q jxpol g

FileVersion
7.677

TimeStamp
2017:05:11 14:11:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Vupsewssx

ProductVersion
7.677

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hazpfml uauogkb isztos

CodeSize
126976

ProductName
Wwgx hch

ProductVersionNumber
7.677.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ab5f53278c24077be9bba7c7af9951e9
SHA1 d148f8f990efcba6c49d73d33fc438185f61d6f2
SHA256 03363f9f6938f430a58f3f417829aa3e98875703eb4c2ae12feccc07fff6ba47
ssdeep
3072:vfrrEO2hXyVTsZeEQf7vxDLF9UpIN8XqiVMOcoQbdvgshbzKD8ECcNM3W:vfr47GTs27vdFaU25hQb5

authentihash d1fd439d4d77233146e12b0ea6d04b40cff3e1d983801ec2301f3e297b6824e2
imphash adac3b663c199e592110f2ec0e35e7ee
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 5.0 (43.7%)
Win32 Executable MS Visual C++ (generic) (22.4%)
Win64 Executable (generic) (19.9%)
Win32 Dynamic Link Library (generic) (4.7%)
Win32 Executable (generic) (3.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-11 22:59:09 UTC ( 1 year, 7 months ago )
Last submission 2018-10-08 04:19:40 UTC ( 2 months, 1 week ago )
File names ratchet20.exe
SGW.exe
03363f9f6938f430a58f3f417829aa3e98875703eb4c2ae12feccc07fff6ba47.bin
ratchet20.exe
Vupsewssx
MM_0.BIN.exe
ab5f53278c24077be9bba7c7af9951e9.exe
ratchet20.exe.3432.dr
ab5f53278c24077be9bba7c7af9951e9
77g643.dec
03363f9f6938f430a58f3f417829aa3e98875703eb4c2ae12feccc07fff6ba47
03363f9f6938f430a58f3f417829aa3e98875703eb4c2ae12feccc07fff6ba47
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Deleted files
HTTP requests
DNS requests
TCP connections
UDP communications