× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c
File name: 4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.bin
Detection ratio: 55 / 70
Analysis date: 2019-02-06 16:08:17 UTC ( 1 week, 3 days ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.AUC 20190206
AhnLab-V3 Malware/Win32.Generic.C1386051 20190206
ALYac Trojan.Ransom.Petya 20190206
Arcabit Trojan.Ransom.AUC 20190206
Avast Win32:Patched-AWP [Trj] 20190206
AVG Win32:Patched-AWP [Trj] 20190206
Avira (no cloud) TR/AD.Petya.Y.hhcl 20190206
BitDefender Trojan.Ransom.AUC 20190206
Bkav W32.LuspitoLTY.Trojan 20190201
CAT-QuickHeal Ransom.Petya.MUE.S6 20190206
ClamAV Win.Trojan.Petya-6312160-0 20190206
CMC Trojan-Ransom.Win32.Petr!O 20190206
Comodo Malware@#3o4z9hhlvmp31 20190206
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.3a1b3b 20190109
Cylance Unsafe 20190206
Cyren W32/Trojan.XMFF-8835 20190206
DrWeb Trojan.MBRlock.245 20190206
Emsisoft Trojan.Ransom.AUC (B) 20190206
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 Win32/Diskcoder.Petya.A 20190206
F-Prot W32/Petya.G 20190206
F-Secure Trojan.TR/AD.Petya.Y.hhcl 20190206
Fortinet W32/Petya.C!tr.ransom 20190206
GData Win32.Trojan-Ransom.Petya.H 20190206
K7AntiVirus Trojan ( 004e1c831 ) 20190206
K7GW Trojan ( 004e1c831 ) 20190206
Kaspersky Trojan-Ransom.Win32.Petr.l 20190206
Malwarebytes Ransom.Petya 20190206
MAX malware (ai score=100) 20190206
McAfee Generic.ys 20190206
McAfee-GW-Edition BehavesLike.Win32.Adware.bh 20190206
Microsoft Ransom:Win32/Petya 20190206
eScan Trojan.Ransom.AUC 20190206
NANO-Antivirus Trojan.Win32.AD.ebjjem 20190206
Palo Alto Networks (Known Signatures) generic.ml 20190206
Panda Trj/WLT.B 20190206
Qihoo-360 Trojan.Generic 20190206
Rising Ransom.Petr!8.4667 (CLOUD) 20190206
Sophos AV Troj/Petya-C 20190206
SUPERAntiSpyware Ransom.Petya/Variant 20190130
Symantec Ransom.Petya 20190205
TACHYON Trojan/W32.Petr.806912 20190205
Tencent Win32.Trojan.Petr.Llrb 20190206
TheHacker Trojan/Diskcoder.Petya.a 20190203
Trapmine malicious.high.ml.score 20190123
TrendMicro Ransom_PETYA.E 20190206
TrendMicro-HouseCall Ransom_PETYA.E 20190206
VBA32 Trojan.MBRlock 20190206
ViRobot Trojan.Win32.S.Petya.806912 20190206
Webroot Ransomware.Petya.Gen 20190206
Yandex Trojan.Petr! 20190206
Zillya Trojan.Petr.Win32.5 20190206
ZoneAlarm by Check Point Trojan-Ransom.Win32.Petr.l 20190206
Zoner Trojan.Win32.42050 20190206
Acronis 20190130
AegisLab 20190206
Alibaba 20180921
Antiy-AVL 20190206
Avast-Mobile 20190206
Babable 20180917
Baidu 20190201
eGambit 20190206
Sophos ML 20181128
Jiangmin 20190206
Kingsoft 20190206
SentinelOne (Static ML) 20190203
TotalDefense 20190205
Trustlook 20190206
VIPRE 20190202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-30 02:56:43
Entry Point 0x0004D37D
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
CopySid
RegQueryValueExA
RegCreateKeyExA
CryptHashData
CryptCreateHash
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
RegOpenKeyExA
ConvertSidToStringSidW
GetTokenInformation
CryptReleaseContext
CryptAcquireContextA
RegQueryInfoKeyW
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
CryptDestroyHash
CryptGetHashParam
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
GetWindowsAccountDomainSid
InitCommonControlsEx
CryptUnprotectData
CryptStringToBinaryA
CertCloseStore
CryptBinaryToStringA
CryptQueryObject
CryptProtectData
CertFindCertificateInStore
CryptMsgGetParam
CertGetNameStringW
CryptMsgClose
GetDeviceCaps
GetStockObject
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
LoadLibraryExW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
QueryPerformanceFrequency
HeapSetInformation
EnumSystemLocalesA
LoadLibraryExA
GetUserDefaultLCID
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
SetFilePointer
InterlockedExchangeAdd
CreateThread
GetSystemDefaultUILanguage
CreatePipe
GetExitCodeThread
SetUnhandledExceptionFilter
DecodePointer
ReadFile
IsProcessorFeaturePresent
ExitThread
SetHandleInformation
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetModuleHandleExA
WriteConsoleW
MulDiv
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
FreeLibrary
MoveFileExA
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
CreateDirectoryW
GetProcAddress
GetProcessHeap
CompareStringW
GetFileInformationByHandle
lstrcmpA
FindFirstFileA
lstrcpyA
ResetEvent
FindNextFileA
IsValidLocale
FindFirstFileExW
WaitForMultipleObjects
SetEvent
RemoveDirectoryA
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
IsDBCSLeadByte
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
SetDllDirectoryA
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
OpenEventA
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
FindResourceA
VirtualAlloc
VarUI4FromStr
VariantChangeType
SysStringByteLen
VariantClear
SysAllocString
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
SHGetFolderPathW
ShellExecuteExA
SHGetFolderPathA
FindExecutableA
Shell_NotifyIconA
Ord(12)
SetFocus
GetMessageA
GetParent
PostQuitMessage
SetWindowTextW
DefWindowProcW
GetMessageW
DefWindowProcA
ShowWindow
SetWindowPos
GetClassInfoExW
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassExW
LoadStringA
PostMessageA
IsWindowUnicode
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
MsgWaitForMultipleObjectsEx
DispatchMessageW
GetDC
RegisterClassExA
GetCursorPos
ReleaseDC
CreatePopupMenu
wsprintfA
SendMessageA
GetClientRect
EnableMenuItem
RegisterClassA
SetRect
GetWindowLongA
CreateWindowExA
LoadCursorA
TrackPopupMenu
CharNextA
GetDesktopWindow
LoadImageA
GetSystemMenu
GetFocus
CreateWindowExW
GetWindowLongW
SetForegroundWindow
GetAncestor
IsChild
DestroyWindow
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
VerQueryValueW
HttpSendRequestA
InternetTimeToSystemTime
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetGetConnectedState
InternetErrorDlg
HttpQueryInfoA
InternetCrackUrlA
InternetTimeFromSystemTime
WinVerifyTrust
Ord(204)
Ord(44)
Ord(168)
Ord(159)
Ord(158)
Ord(91)
Ord(141)
Ord(67)
Ord(31)
Ord(117)
Ord(189)
Ord(115)
Ord(8)
Ord(137)
Ord(160)
CoInitializeEx
OleUninitialize
CoUninitialize
IIDFromString
OleInitialize
OleSetContainedObject
CoTaskMemRealloc
CoCreateInstance
OleRun
CoInitialize
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:30 03:56:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
457728

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x4d37d

InitializedDataSize
359424

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 a92f13f3a1b3b39833d3cc336301b713
SHA1 d1c62ac62e68875085b62fa651fb17d4d7313887
SHA256 4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c
ssdeep
24576:z0wz1d5bAbWhrc56zQ9T4Ole+5PIuklOjB:Hd5Vhr4IMTbeGPJHjB

authentihash 7510320f2fc181cb9f6acb10ece8bcc4c7f004af2e0f8d64f2a3d28bdf00d03c
imphash bf084102e13441ce39f8d51d9bf55857
File size 788.0 KB ( 806912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (37.8%)
Win64 Executable (generic) (33.4%)
Windows screen saver (15.8%)
Win32 Executable (generic) (5.4%)
OS/2 Executable (generic) (2.4%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2016-04-01 05:19:20 UTC ( 2 years, 10 months ago )
Last submission 2019-01-30 05:29:47 UTC ( 2 weeks, 4 days ago )
File names ai_copied_temp_file_x8zajxfw.exe
Petya1.infected
Copy
4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1)
ai_downloaded_temp_file_ivqe49t1.exe
petya_4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1)
4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe
PETYA2.EXE
????? ???????? ???????? ??????? ??????? ? ????? ???????.bin.exe
Hack lol By Mohamed Ahmed.bin.exe
virus.exe
ai_downloaded_temp_file_gqsxzte0.exe
Gesu ti aiuti.exe
ai_downloaded_temp_file_l6aajkck.exe
4.exe
Petya ransomware.exe
Petya1.exe
Petya (2).exe
ai_downloaded_temp_file_9pete5jy.exe
4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1).1
invoice.exe
output.113841668.txt
BewerbungsmappePDF.2c.ex_
4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.zip
petya1.exe.dontrun
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!