× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 483abe5ff97706ad855b7cdbc55e17318d561316fdb3120afc71977c72a61c63
File name: 2015-12-01-Angler-EK-Payload-CryptoWall.exe
Detection ratio: 11 / 55
Analysis date: 2015-12-02 04:26:36 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Baidu-International Trojan.Win32.Filecoder.FJ 20151201
BitDefender Trojan.GenericKD.2904533 20151202
Bkav HW32.Packed.1AC5 20151201
ESET-NOD32 Win32/Filecoder.FJ 20151202
Kaspersky Trojan.Win32.Yakes.npmo 20151202
Malwarebytes Ransom.CryptoWall 20151202
McAfee Artemis!3ABBA64FF704 20151202
McAfee-GW-Edition BehavesLike.Win32.Skintrim.dc 20151202
eScan Trojan.GenericKD.2904533 20151202
Qihoo-360 QVM07.1.Malware.Gen 20151202
Sophos Mal/Generic-S 20151202
Ad-Aware 20151130
AegisLab 20151201
Yandex 20151201
AhnLab-V3 20151201
Alibaba 20151201
ALYac 20151202
Antiy-AVL 20151202
Arcabit 20151202
Avast 20151202
AVG 20151130
Avira (no cloud) 20151201
AVware 20151202
ByteHero 20151202
CAT-QuickHeal 20151201
ClamAV 20151201
CMC 20151201
Comodo 20151202
Cyren 20151202
DrWeb 20151202
Emsisoft 20151202
F-Prot 20151202
F-Secure 20151202
Fortinet 20151201
GData 20151202
Ikarus 20151201
Jiangmin 20151201
K7AntiVirus 20151201
K7GW 20151202
Microsoft 20151202
NANO-Antivirus 20151202
nProtect 20151201
Panda 20151201
Rising 20151129
SUPERAntiSpyware 20151202
Symantec 20151201
Tencent 20151202
TheHacker 20151127
TrendMicro 20151202
TrendMicro-HouseCall 20151202
VBA32 20151201
VIPRE 20151202
ViRobot 20151201
Zillya 20151201
Zoner 20151202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-01 16:41:33
Entry Point 0x0000D5AC
Number of sections 4
PE sections
PE imports
IsValidSid
GetSidSubAuthorityCount
SetSecurityDescriptorGroup
SetSecurityInfo
AdjustTokenGroups
ImageList_SetBkColor
ImageList_Duplicate
CreateMetaFileA
GdiGetBatchLimit
GetSystemDefaultLangID
GetModuleHandleA
GlobalHandle
LZOpenFileW
GlobalLock
GetCurrentThreadId
GetLocalTime
LZDone
perror
_hypot
__p__commode
_getdcwd
_execve
_putw
div
_j0
__getmainargs
_initterm
__setusermatherr
_controlfp
__set_app_type
LPSAFEARRAY_UserFree
Number of PE resources by type
Struct(15) 13
RT_ACCELERATOR 10
RT_ICON 9
RT_GROUP_ICON 9
RT_MENU 4
RT_DIALOG 2
WvXPJ0 1
RT_VERSION 1
TE44WO11h5 1
Number of PE resources by language
PORTUGUESE BRAZILIAN 27
ENGLISH AUS 23
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
2375680

ImageVersion
0.0

ProductName
Unapt Unsurfaced

FileVersionNumber
0.133.128.72

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0,111,80,192

TimeStamp
2007:10:01 17:41:33+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,68,141,92

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Wheelbarrows (C) 2018

MachineType
Intel 386 or later, and compatibles

CompanyName
Idea2

CodeSize
53248

FileSubtype
0

ProductVersionNumber
0.63.203.141

EntryPoint
0xd5ac

ObjectFileType
Executable application

File identification
MD5 3abba64ff7043510d5a3c211c80bb749
SHA1 94ca2ffb528f0726468895e4f57d846d8389134b
SHA256 483abe5ff97706ad855b7cdbc55e17318d561316fdb3120afc71977c72a61c63
ssdeep
6144:QF/XNQX8TipJhOyyac/zcj6jdP08QHtoxc5sfMo1Sgbli:iSCYJ7egu089fMoUgxi

authentihash bf0dc9138d5778c9aa89ccc40af0c1d362398ced4ee79949f104d685e62fd071
imphash a77d10771c576f98ae1a30a6c922e350
File size 276.0 KB ( 282624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-01 18:58:28 UTC ( 1 year, 4 months ago )
Last submission 2016-10-18 05:01:33 UTC ( 6 months, 1 week ago )
File names 2015-12-01-Angler-Ek-Payload-CryptoWall.exe
Angler-Ek-Payload-CryptoWall.exe
8e1d2.exe
BB34.tmp.exe
BB34.tmp.exe
Angler-Ek-Payload-CryptoWall.exe
Angler-Ek-Payload-CryptoWall.exe
BB34.tmp.exe
2015-12-01-Angler-EK-Payload-CryptoWall.exe
BB34.tmp.exe
Angler-Ek-Payload-CryptoWall.exe
64C8.tmp.exe
CryptZpack4.exe.save
Angler-Ek-Payload-CryptoWall.exe
BB34.tmp.exe
BB34.tmp.exe
BB34.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Runtime DLLs