× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f09bc20aacdb9ac6a051a8c44694d772ccb3fe3855728ec2b50586c3ca65d24
File name: 97.exe
Detection ratio: 3 / 53
Analysis date: 2015-12-17 12:02:00 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Emsisoft Trojan-Ransom.Win32.Tesla (A) 20151217
Kaspersky UDS:DangerousObject.Multi.Generic 20151217
Symantec Suspicious.Cloud.5 20151216
Ad-Aware 20151217
AegisLab 20151217
Yandex 20151217
AhnLab-V3 20151217
Alibaba 20151208
ALYac 20151217
Antiy-AVL 20151217
Arcabit 20151217
Avast 20151217
AVG 20151217
AVware 20151217
Baidu-International 20151217
BitDefender 20151217
Bkav 20151217
ByteHero 20151217
CAT-QuickHeal 20151217
ClamAV 20151217
CMC 20151217
Comodo 20151217
Cyren 20151217
DrWeb 20151217
ESET-NOD32 20151217
F-Prot 20151217
F-Secure 20151217
Fortinet 20151217
GData 20151217
Ikarus 20151217
Jiangmin 20151217
K7AntiVirus 20151217
K7GW 20151217
Malwarebytes 20151217
McAfee 20151217
McAfee-GW-Edition 20151217
Microsoft 20151217
eScan 20151217
NANO-Antivirus 20151217
nProtect 20151217
Panda 20151215
Rising 20151217
Sophos AV 20151217
SUPERAntiSpyware 20151217
Tencent 20151217
TheHacker 20151215
TrendMicro 20151217
TrendMicro-HouseCall 20151217
VBA32 20151216
VIPRE 20151217
ViRobot 20151217
Zillya 20151217
Zoner 20151217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-17 10:05:08
Entry Point 0x00005C52
Number of sections 4
PE sections
PE imports
GetTokenInformation
CryptGetKeyParam
OpenProcessToken
CryptAcquireContextA
OpenSCManagerA
CryptDecrypt
CryptCreateHash
AVIFileInit
AVIStreamOpenFromFileA
AVIFileExit
ImageList_Draw
Ord(17)
SetMapMode
CreatePen
SaveDC
CreateFontIndirectA
Rectangle
GetDeviceCaps
DeleteDC
RestoreDC
SetBkMode
SetWindowOrgEx
ChoosePixelFormat
BitBlt
CreateDIBSection
SetTextColor
GetCurrentObject
DescribePixelFormat
FrameRgn
CreateFontA
GetStockObject
ExtTextOutA
SetPixelFormat
SetTextAlign
CreateCompatibleDC
CreateRectRgn
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
SetConsoleCursorPosition
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InterlockedDecrement
SetLastError
GetSystemTime
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FillConsoleOutputCharacterA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
GetWindowsDirectoryA
GetProcAddress
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
GetProcessHeap
CreateFileMappingW
lstrcpyA
GlobalLock
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetConsoleTitleA
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GradientFill
OleSavePictureFile
VariantChangeType
VariantClear
OleLoadPicture
UuidCreateSequential
PathStripToRootA
SetFocus
GetMessageA
GetForegroundWindow
UpdateWindow
GetScrollInfo
BeginPaint
PostQuitMessage
DefWindowProcA
FindWindowA
MessageBeep
SetWindowPos
GetWindowThreadProcessId
SendDlgItemMessageA
BeginDeferWindowPos
DispatchMessageA
RegisterClipboardFormatA
SetWindowLongA
TranslateMessage
RedrawWindow
SetScrollInfo
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
SetWindowTextA
GetWindowLongA
ShowWindow
SendMessageA
GetClientRect
GetDlgItem
wsprintfA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
DeferWindowPos
CallWindowProcA
GetFocus
GetDC
ReleaseDC
GetWindowTextA
InsertMenuItemA
IsDialogMessageA
GetFileVersionInfoW
WSAStartup
WSAEnumProtocolsA
WSAGetLastError
WSACleanup
DegaussMonitor
GetMonitorDisplayAreaPosition
CreateStreamOnHGlobal
Number of PE resources by type
RT_ICON 16
RT_BITMAP 6
RT_MENU 5
RT_RCDATA 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:12:17 11:05:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
259584

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
281600

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, Large address aware, 32-bit, No debug, Net run from swap, Uniprocessor only

EntryPoint
0x5c52

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 895a48f0b688c58484bcca4c3f8833f4
SHA1 a5002a9ef149e032ba82367369d7c16efa5b0da6
SHA256 0f09bc20aacdb9ac6a051a8c44694d772ccb3fe3855728ec2b50586c3ca65d24
ssdeep
6144:ii0KclpG2oegd4vZBQ+zc1G50YjTyEbYv0yW0VbpG4QcuXg6ScTXeaYKUBIpP0O:5VcleoZBt5NyEbbyNVcbcMgselUMO

authentihash 8fa8f9a32bbf4db3ae84e0fe11bd17499f9378b85df2b258e6cd3a217f57c7ce
imphash 65c5a62617c403b407b5c2b4441fb1fd
File size 529.5 KB ( 542208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (38.2%)
Win32 Executable MS Visual C++ (generic) (27.7%)
Win64 Executable (generic) (24.5%)
Win32 Executable (generic) (4.0%)
OS/2 Executable (generic) (1.8%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-17 10:28:25 UTC ( 3 years, 5 months ago )
Last submission 2018-10-09 14:11:24 UTC ( 7 months, 1 week ago )
File names ransom
895A48F0B688C58484BCCA4C3F8833F4
a5002a9ef149e032ba82367369d7c16efa5b0da6
97.exe
No_nameSfk3qwkriO_vIo
97.exe.bin
bc20aacdb9ac6a051a8c44694d772ccb3fe3855728ec2b50586c3ca65d24.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Searched windows
Opened service managers
Runtime DLLs
UDP communications