× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55e866cc8580e5f9f7f6560e478f3b37b3362e9f94e88439beef6026c86c80be
File name: 6c3e6143ab699d6b78551d417c0a1a45_Cryptowall3.0Candidate.kaf
Detection ratio: 4 / 57
Analysis date: 2015-01-13 20:48:55 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.CVDS 20150113
Kaspersky UDS:DangerousObject.Multi.Generic 20150113
Malwarebytes Trojan.Agent.0BGen 20150113
Tencent Win32.Trojan.Bp-generic.Wpav 20150113
Ad-Aware 20150113
AegisLab 20150113
Yandex 20150113
AhnLab-V3 20150113
Alibaba 20150113
ALYac 20150113
Antiy-AVL 20150112
Avast 20150113
AVG 20150113
Avira (no cloud) 20150110
AVware 20150113
Baidu-International 20150113
BitDefender 20150113
Bkav 20150113
ByteHero 20150113
CAT-QuickHeal 20150113
ClamAV 20150113
CMC 20150113
Comodo 20150113
Cyren 20150113
DrWeb 20150113
Emsisoft 20150113
F-Prot 20150113
F-Secure 20150113
Fortinet 20150113
GData 20150113
Ikarus 20150113
Jiangmin 20150113
K7AntiVirus 20150113
K7GW 20150113
Kingsoft 20150113
McAfee 20150113
McAfee-GW-Edition 20150113
Microsoft 20150113
eScan 20150113
NANO-Antivirus 20150113
Norman 20150113
nProtect 20150113
Panda 20150113
Qihoo-360 20150113
Rising 20150113
Sophos AV 20150113
SUPERAntiSpyware 20150113
Symantec 20150113
TheHacker 20150112
TotalDefense 20150113
TrendMicro 20150113
TrendMicro-HouseCall 20150113
VBA32 20150113
VIPRE 20150113
ViRobot 20150113
Zillya 20150113
Zoner 20150112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-13 11:59:57
Entry Point 0x00004239
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegDeleteValueW
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueA
RegSetValueExW
LookupPrivilegeValueA
RegSetValueA
RegCreateKeyW
AdjustTokenPrivileges
RegQueryValueExA
RegDeleteKeyW
RegOpenKeyExA
RegSetValueW
RegCreateKeyA
GetUserNameW
RegQueryValueExW
RegQueryValueW
CreateToolbarEx
ImageList_Destroy
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIconSize
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
ImageList_Add
ChooseColorA
GetOpenFileNameW
GetSaveFileNameW
ChooseFontA
CommDlgExtendedError
AddFontResourceA
GetCharABCWidthsFloatW
TextOutW
CreatePen
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
SetStretchBltMode
GetPixel
Rectangle
GetObjectA
CreateDCA
LineTo
DeleteDC
SetBkMode
StretchBlt
SetPixel
EndDoc
PtInRegion
StartPage
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
MoveToEx
ExtTextOutW
GetTextExtentPoint32W
CreateFontA
GetStockObject
CreateDIBitmap
SetPixelV
ExtTextOutA
GetDIBits
SetTextAlign
SelectClipRgn
CreateCompatibleDC
StartDocW
StretchDIBits
EndPage
CreateRectRgn
RemoveFontResourceA
GetBkColor
GetTextExtentPoint32A
AbortDoc
StartDocA
GetTextColor
CreateSolidBrush
ExtCreatePen
SelectObject
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindNextFileA
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
UnhandledExceptionFilter
OpenFileMappingA
FreeEnvironmentStringsW
lstrcatW
HeapSize
SetStdHandle
GetFileTime
GetCPInfo
lstrcmpiA
GetStringTypeA
LocalFree
_hwrite
GetTempPathW
_lopen
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
SetEvent
QueryDosDeviceA
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
GetStringTypeExA
SetLastError
GetSystemTime
DeviceIoControl
InterlockedDecrement
LocalLock
WriteProcessMemory
FindNextVolumeA
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
RaiseException
EnumCalendarInfoA
GetVolumeInformationA
LoadLibraryExA
SetThreadPriority
lstrcpynW
TerminateProcess
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
FormatMessageA
SetFilePointer
CreateThread
MoveFileExW
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
SetPriorityClass
GetDiskFreeSpaceExA
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
HeapCreate
WriteConsoleW
CloseHandle
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
CopyFileW
GlobalSize
GetStartupInfoA
SystemTimeToFileTime
GetFileSize
LCMapStringW
OpenProcess
DeleteFileA
FormatMessageW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
_lread
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CompareStringW
lstrcpyW
GetFileSizeEx
GlobalReAlloc
RemoveDirectoryW
_hread
lstrcmpA
FindNextFileW
lstrcpyA
GetProfileStringA
CompareStringA
FindFirstFileW
GlobalMemoryStatus
lstrcmpW
GetProcAddress
GetTimeZoneInformation
FindFirstVolumeA
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LocalUnlock
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GlobalDeleteAtom
VirtualAllocEx
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
GetShortPathNameA
VirtualFree
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
GetCPInfoExA
WinExec
GetCommandLineA
GetCurrentThread
SuspendThread
_lcreat
QueryPerformanceFrequency
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
FindFirstFileA
EnumSystemCodePagesA
lstrcpynA
GetACP
GetModuleHandleW
GetLongPathNameW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
GetLongPathNameA
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
SHGetFileInfoA
DragQueryFileW
DragFinish
ExtractIconA
DragAcceptFiles
ShellExecuteW
DragQueryPoint
SHGetFileInfoW
ExtractIconW
ExtractAssociatedIconA
SHGetFolderPathW
ShellExecuteA
RedrawWindow
SetDlgItemTextA
DrawTextW
DrawStateA
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
OemToCharBuffA
CountClipboardFormats
DispatchMessageA
EndPaint
CharUpperBuffA
WindowFromPoint
DrawIcon
CharUpperBuffW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetMenuStringW
SendMessageW
GetWindowTextLengthA
SendMessageA
GetClientRect
DefWindowProcW
GetDlgItemTextW
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
IsClipboardFormatAvailable
DestroyCaret
GetKeyboardState
GetActiveWindow
GetWindowTextW
EnumClipboardFormats
LoadImageA
GetWindowTextLengthW
ScrollWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
CheckRadioButton
CreateCaret
ShowWindow
SetClassLongA
DrawFrameControl
CharToOemBuffA
GetClipboardFormatNameA
DestroyIcon
TranslateMDISysAccel
EnableWindow
GetDlgItemTextA
PeekMessageA
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetDlgItemInt
RegisterClassW
CreatePopupMenu
LoadStringA
SetParent
SetClipboardData
CharLowerA
IsZoomed
DestroyWindow
DrawMenuBar
IsWindow
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
FillRect
CharNextA
GetSysColorBrush
GetClassInfoW
CreateWindowExW
GetWindowLongW
CharToOemA
IsDialogMessageA
SetFocus
EmptyClipboard
SetCapture
BeginPaint
OffsetRect
SetCaretPos
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
CharLowerW
SetWindowLongA
SetKeyboardState
CheckDlgButton
WaitMessage
SetWindowTextA
ShowCaret
GetSubMenu
DrawIconEx
SetWindowTextW
CreateWindowExA
GetDlgItem
CharLowerBuffW
BringWindowToTop
AppendMenuA
GetClassLongA
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
IsDlgButtonChecked
GetMenuState
GetSystemMenu
GetDC
SetForegroundWindow
ExitWindowsEx
OpenClipboard
GetAsyncKeyState
DrawTextA
IntersectRect
EndDialog
LoadMenuA
HideCaret
GetDlgCtrlID
FindWindowA
MessageBeep
CheckMenuItem
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
DefFrameProcW
RegisterClassExW
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
DialogBoxParamW
CallWindowProcA
MessageBoxA
AppendMenuW
GetWindowDC
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
SystemParametersInfoA
EnableMenuItem
CreateMDIWindowW
IsWindowVisible
WinHelpW
SetCursorPos
WinHelpA
DeleteMenu
InvalidateRect
AnimateWindow
CharNextW
CallWindowProcW
GetClassNameW
TranslateAcceleratorA
CharLowerBuffA
ModifyMenuW
DefMDIChildProcW
GetClassNameA
GetFocus
CreateMenu
CloseClipboard
ModifyMenuA
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoA
VerQueryValueA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_STRING 13
RT_GROUP_CURSOR 10
RT_CURSOR 10
RT_MESSAGETABLE 1
Number of PE resources by language
ENGLISH US 33
LITHUANIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:13 12:59:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
71168

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
184320

SubsystemVersion
5.0

EntryPoint
0x4239

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6c3e6143ab699d6b78551d417c0a1a45
SHA1 982fba11585d81bb3ec5146bd97de7a4aa7d99e7
SHA256 55e866cc8580e5f9f7f6560e478f3b37b3362e9f94e88439beef6026c86c80be
ssdeep
6144:SkshJ487MXC6c5YyBwVrXbXec/0hHMpsINvRm:S491bO72pm

authentihash 9cff4cd2f85822f56d9d088436ce13a6d17714c5ededa46e2b756f918a17dfe3
imphash b423e8d7e8a2d49b2982a4148020ebe5
File size 250.5 KB ( 256512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-13 20:48:55 UTC ( 3 years, 11 months ago )
Last submission 2018-03-03 11:43:27 UTC ( 9 months, 2 weeks ago )
File names Cryptowall3_candidate.bin
ransomware4.exe
6c3e6143ab699d6b78551d417c0a1a45_Cryptowall3.0Candidate.kaf
00.exe
6c3e6143ab699d6b78551d417c0a1a45_Cryptowall3.0Candidate.exe
6c3e6143ab699d6b78551d417c0a1a45_Cryptowall3.0Candidate.kaf
a7e9fc4a1e0dc15a76981a37b92b57fa965e8d3d.exe
e08de37d2f8f6d0aa323837b89c7aa7e63564221.dll
vti-rescan
exe.ex
e67961cb4cd574d9d45527863b0417d8f35e5991.exe
55e866cc8580e5f9f7f6560e478f3b37b3362e9f94e88439beef6026c86c80be.exe
55e866cc8580e5f9f7f6560e478f3b37b3362e9f94e88439beef6026c86c80be.exe
5021603.exe
55e866cc8580e5f9f7f6560e478f3b37b3362e9f94e88439beef6026c86c80be.bin
cryptowall3_unpacked.exe
6c3e6143ab699d6b78551d417c0a1a45.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs