× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac
File name: samsam.exe
Detection ratio: 54 / 69
Analysis date: 2018-12-21 08:25:34 UTC ( 3 weeks, 4 days ago )
Antivirus Result Update
Ad-Aware Generic.Ransom.SamSam.12451789 20181221
AegisLab Trojan.MSIL.Samas.j!c 20181221
AhnLab-V3 Trojan/Win32.Samas.C1342294 20181220
ALYac Trojan.Ransom.Samas 20181221
Antiy-AVL Trojan/Win32.SGeneric 20181221
Arcabit Generic.Ransom.SamSam.DBDFFCD 20181221
Avast Win32:Ransom-AYG [Trj] 20181221
AVG Win32:Ransom-AYG [Trj] 20181221
Avira (no cloud) TR/Ransom.lhumd 20181220
BitDefender Generic.Ransom.SamSam.12451789 20181221
CAT-QuickHeal Trojan.Inject.TL3 20181220
ClamAV Win.Trojan.Samas-1 20181221
Comodo Malware@#1ktdd4kwurrdt 20181220
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.9014b1 20180225
Cylance Unsafe 20181221
Cyren W32/SamSam.D.gen!Eldorado 20181221
DrWeb Trojan.Encoder.3969 20181221
Emsisoft Generic.Ransom.SamSam.12451789 (B) 20181221
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 MSIL/Filecoder.AR 20181221
F-Prot W32/SamSam.D.gen!Eldorado 20181221
F-Secure Trojan:W32/NomadSnore.D 20181221
Fortinet MSIL/FilecoderSamas.A!tr.ransom 20181221
GData Generic.Ransom.SamSam.12451789 20181221
Ikarus Trojan-Ransom.SamSam 20181221
Sophos ML heuristic 20181128
Jiangmin Trojan.MSIL.aoil 20181221
K7AntiVirus Trojan ( 700000121 ) 20181221
K7GW Trojan ( 700000121 ) 20181221
Kaspersky Trojan-Ransom.MSIL.Samas.f 20181221
MAX malware (ai score=100) 20181221
McAfee Ransomware-SAMAS!A14EA969014B 20181221
McAfee-GW-Edition Ransomware-SAMAS!A14EA969014B 20181221
Microsoft Ransom:MSIL/Samas.A 20181221
eScan Generic.Ransom.SamSam.12451789 20181221
NANO-Antivirus Trojan.Win32.Ransom.eamswz 20181221
Palo Alto Networks (Known Signatures) generic.ml 20181221
Panda Generic Malware 20181220
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20181221
Rising Ransom.Samas!8.1C0E (CLOUD) 20181221
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/RansmSam-A 20181221
SUPERAntiSpyware Ransom.SamSam/Variant 20181220
Symantec Trojan.Gen.2 20181221
TheHacker Trojan/Filecoder.ar 20181220
TrendMicro Ransom_CRYPSAM.B 20181221
TrendMicro-HouseCall Ransom_CRYPSAM.B 20181221
VBA32 Trojan-Ransom.MSIL.Samas 20181220
ViRobot Trojan.Win32.Z.Agent.218624.AI 20181220
Webroot W32.Trojan.Gen 20181221
Yandex Trojan.Agent!D4SyxCvxoKM 20181220
Zillya Dropper.Agent.Win32.229787 20181219
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Tpyn.gen 20181221
Acronis 20180726
Alibaba 20180921
Avast-Mobile 20181220
Babable 20180918
Baidu 20181207
Bkav 20181220
CMC 20181220
eGambit 20181221
Kingsoft 20181221
Malwarebytes 20181221
Symantec Mobile Insight 20181215
TACHYON 20181221
Tencent 20181221
Trapmine 20181205
Trustlook 20181221
Zoner 20181221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014

Product MicrosoftSAM
Original name samsam.exe
Internal name samsam.exe
File version 2.4.8.4
Description MicrosoftSAM
Comments MicrosoftSAM
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-06 00:14:43
Entry Point 0x00036AAE
Number of sections 3
.NET details
Module Version ID 5f8b96a7-d54f-4827-afcc-20fac7d8cc20
TypeLib ID b83df556-b2ab-4b0c-9301-33efb43cafe3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
MicrosoftSAM

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.4.8.4

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
MicrosoftSAM

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x36aae

OriginalFileName
samsam.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
2.4.8.4

TimeStamp
2016:01:06 01:14:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
samsam.exe

ProductVersion
2.4.8.4

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
216064

ProductName
MicrosoftSAM

ProductVersionNumber
2.4.8.4

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
8.2.8.8

File identification
MD5 a14ea969014b1145382ffcd508d10156
SHA1 ff6aa732320d21697024994944cf66f7c553c9cd
SHA256 0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac
ssdeep
3072:ZVdp01i6vcHV1LI5FLV0pZeZKfOJizjrBnNtRg+ur199J+n9fCbP:Za1i6UHVyLV0poZa1jrD099on9

authentihash 22b3975472d4d8ce3b573e1537b8b05c0ad5e93fc65385891d1d05e3c802696f
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 213.5 KB ( 218624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-01-14 00:00:26 UTC ( 3 years ago )
Last submission 2018-08-02 12:03:51 UTC ( 5 months, 2 weeks ago )
File names SAMSAM.bin
0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac.bin
A14EA969014B1145382FFCD508D10156
0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac.exe
0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac.exe
samsam.exe
samas.exe
0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac.exe
foo.exe
8.exe
0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac.exe
samas 0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac.exe
a.exe
Win32.Ransom.FileCryptor@0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!