× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5886e013b81f9fbd08d90e4bc27afae05f85a68d54c0420b0f06c6d1ce26cd3b
File name: 2015-07-21-Angler-EK-CryptoWall-Payload.exe
Detection ratio: 2 / 55
Analysis date: 2015-07-21 05:47:44 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Panda Trj/Chgt.O 20150720
ViRobot Trojan.Win32.R.Agent.278628[h] 20150721
Ad-Aware 20150721
AegisLab 20150720
Yandex 20150720
AhnLab-V3 20150720
Alibaba 20150721
ALYac 20150721
Antiy-AVL 20150721
Arcabit 20150721
Avast 20150721
AVG 20150721
Avira (no cloud) 20150721
AVware 20150721
Baidu-International 20150720
BitDefender 20150721
Bkav 20150720
ByteHero 20150721
CAT-QuickHeal 20150721
ClamAV 20150720
Comodo 20150721
Cyren 20150721
DrWeb 20150721
Emsisoft 20150721
ESET-NOD32 20150721
F-Prot 20150721
F-Secure 20150721
Fortinet 20150721
GData 20150721
Ikarus 20150721
Jiangmin 20150720
K7AntiVirus 20150720
K7GW 20150721
Kaspersky 20150721
Kingsoft 20150721
Malwarebytes 20150721
McAfee 20150721
McAfee-GW-Edition 20150721
Microsoft 20150721
eScan 20150721
NANO-Antivirus 20150721
nProtect 20150720
Qihoo-360 20150721
Rising 20150720
Sophos 20150721
SUPERAntiSpyware 20150721
Symantec 20150721
Tencent 20150721
TheHacker 20150717
TrendMicro 20150721
TrendMicro-HouseCall 20150721
VBA32 20150721
VIPRE 20150721
Zillya 20150720
Zoner 20150721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-28 11:13:10
Entry Point 0x0001F804
Number of sections 5
PE sections
Overlays
MD5 0577d7a3a98c6ff9c5d9a0841c6d31a8
File type data
Offset 278528
Size 100
Entropy 5.38
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
RegQueryValueExW
CloseServiceHandle
GetFileSecurityW
OpenProcessToken
GetSecurityDescriptorGroup
RegOpenKeyExW
LsaEnumerateAccountRights
IsValidSid
RegisterServiceCtrlHandlerW
LsaClose
LsaFreeMemory
SetNamedSecurityInfoA
ChangeServiceConfigA
ReportEventW
DeregisterEventSource
StartServiceCtrlDispatcherW
RegEnumValueA
ReportEventA
SetClusterGroupName
GetClusterNetInterface
ClusterRegQueryValue
MoveClusterGroup
CloseCluster
ClusterRegSetValue
AddClusterResourceDependency
ClusterGroupCloseEnum
CloseClusterNetInterface
RemoveClusterResourceNode
ClusterRegEnumValue
DeleteClusterResource
ClusterNetworkControl
ClusterRegDeleteKey
ClusterCloseEnum
ChangeClusterResourceGroup
GetClusterNetInterfaceState
AddClusterResourceNode
CloseClusterGroup
GetClusterResourceTypeKey
ClusterResourceCloseEnum
EvictClusterNode
OpenCluster
OpenClusterNetwork
ClusterNetworkOpenEnum
SetClusterNetworkPriorityOrder
OpenClusterGroup
GetClusterResourceNetworkName
ClusterResourceControl
SetClusterGroupNodeList
OpenClusterResource
GetClusterResourceState
CreateClusterGroup
OnlineClusterResource
ClusterRegCloseKey
GetClusterNodeKey
GetClusterGroupState
PauseClusterNode
ClusterRegSetKeySecurity
CanResourceBeDependent
GetClusterNodeId
ClusterNodeOpenEnum
OfflineClusterResource
ClusterGroupOpenEnum
ClusterGroupControl
SetClusterName
OpenClusterNode
GetClusterNotify
ClusterRegOpenKey
GetClusterNetworkKey
ClusterOpenEnum
OpenClusterNetInterface
GetClusterInformation
CreateClusterResourceType
ClusterNetworkCloseEnum
ClusterNetworkEnum
ClusterResourceTypeControl
ClusterNodeCloseEnum
OnlineClusterGroup
CreateClusterResource
CreateClusterNotifyPort
DeleteClusterGroup
GetClusterResourceKey
ClusterNetInterfaceControl
GetClusterNetworkId
GetClusterQuorumResource
ClusterNodeControl
GetClusterNodeState
ClusterResourceEnum
ClusterRegCreateKey
GetClusterGroupKey
ClusterRegEnumKey
ImageList_GetImageCount
PropertySheetA
ImageList_Destroy
CreateStatusWindowW
_TrackMouseEvent
ImageList_SetBkColor
ImageList_ReplaceIcon
CreateToolbarEx
ImageList_AddMasked
CreatePropertySheetPageW
ImageList_Create
DestroyPropertySheetPage
ImageList_Remove
ImageList_DrawEx
PropertySheetW
ImageList_GetIcon
CreatePropertySheetPageA
ImageList_LoadImageW
ImageList_Draw
ImageList_GetIconSize
CreateRoundRectRgn
DeviceIoControl
GetTempFileNameA
GetConsoleOutputCP
GetProfileStringW
GetConsoleCP
GetVersionExW
GetDriveTypeA
GetEnvironmentStringsW
CopyFileA
GlobalGetAtomNameA
GetHandleInformation
FlushViewOfFile
CreateNamedPipeA
CreateRemoteThread
HeapAlloc
GetStartupInfoA
GetDateFormatA
CompareFileTime
GetConsoleMode
CreateDirectoryA
GetConsoleScreenBufferInfo
GetLocaleInfoW
GlobalSize
EnumResourceNamesW
GetModuleHandleA
EnumResourceNamesA
CompareStringA
FreeConsole
CreateFileMappingA
FindFirstFileW
EnumSystemLocalesA
GetACP
GetVersion
GetProcessHeap
GetDiskFreeSpaceExA
ConnectNamedPipe
FreeLibraryAndExitThread
GetEnvironmentVariableA
FindResourceW
GetLastError
CreateEventA
GetPrivateProfileStringA
GetCurrentThread
GetFileAttributesExA
DeleteAtom
GetCurrentThreadId
FindResourceA
GetOEMCP
GradientFill
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_exit
__set_app_type
Ord(51)
Ord(171)
Ord(170)
Ord(22)
Ord(55)
Ord(21)
Ord(67)
Ord(54)
Ord(41)
SysStringByteLen
VarBoolFromR4
VarDecFromStr
SafeArrayGetRecordInfo
SafeArrayCreate
VarCyFromI1
SafeArrayGetElemsize
VarDecFromDate
SafeArrayGetLBound
VarXor
LPSAFEARRAY_UserMarshal
VarI1FromUI2
VarBoolFromDate
SafeArrayPtrOfIndex
VarCySub
VarUI1FromUI2
BSTR_UserUnmarshal
OleLoadPictureEx
VarUI4FromDec
VarUI4FromCy
SafeArrayCopy
VarCyCmpR8
VarI2FromDisp
VarDateFromUdate
SystemTimeToVariantTime
VarBstrFromDisp
VarI4FromR4
VarI2FromR4
VarI4FromR8
VariantCopy
VarUI2FromUI1
VarEqv
VarDateFromBool
VarCyMul
VariantInit
SafeArrayGetIID
VarDateFromR4
CreateDispTypeInfo
VarDateFromR8
VarI1FromBool
GetRecordInfoFromGuids
VarCyMulI4
VarR4FromDisp
SafeArrayGetUBound
VarCyFromDec
VarCyAbs
GetRecordInfoFromTypeInfo
SysFreeString
VarI4FromCy
VarInt
VarFormatCurrency
VarUI4FromI1
VarDecFix
VARIANT_UserMarshal
VarDecMul
DispGetIDsOfNames
VarI4FromBool
SysAllocStringLen
VarR4FromR8
VarDecAbs
VarR8FromDec
RegisterActiveObject
VarCyFromBool
VARIANT_UserSize
VarI4FromDisp
VariantTimeToDosDateTime
VarR4FromI4
VarR4FromI1
VarCyFromR8
VarCyRound
VarBoolFromI1
SafeArrayAllocData
VarBstrFromI4
VarUI2FromBool
SafeArrayUnaccessData
OaBuildVersion
LoadTypeLib
LoadRegTypeLib
VariantChangeType
VarAbs
VarFormatNumber
VarUI1FromDec
VarUI1FromCy
VarR4FromDate
VarI4FromDec
SysStringLen
VarDateFromDisp
SafeArrayAllocDescriptor
VarDecNeg
VARIANT_UserUnmarshal
VarUI4FromUI1
RevokeActiveObject
VarI2FromI1
VarI4FromStr
VarBstrFromDate
VarBstrFromUI2
VarBstrFromUI4
LHashValOfNameSysA
VarUI4FromI2
GetActiveObject
VarUI1FromUI4
VarIdiv
CreateTypeLib2
VarR8FromUI1
SafeArrayCreateEx
VarR8FromUI2
VarR8FromUI4
SafeArraySetRecordInfo
VarUI4FromDisp
VarUI2FromDec
VectorFromBstr
VarR4FromUI4
DispCallFunc
VarI1FromDisp
SafeArrayRedim
BSTR_UserSize
VarI4FromUI1
VarRound
VarAdd
VarDecDiv
VarR8FromCy
VarUI1FromDisp
GetAltMonthNames
CreateStdDispatch
VarDateFromUI1
RasSetEntryPropertiesA
RasDeleteEntryW
RasGetErrorStringW
RasValidateEntryNameA
RasRenameEntryW
RasEnumEntriesW
RasCreatePhonebookEntryW
RasDialW
RasGetProjectionInfoW
RasGetEntryPropertiesA
RasGetErrorStringA
RasGetConnectStatusA
RasEnumConnectionsW
RasGetCountryInfoW
RasSetEntryPropertiesW
RasGetEntryDialParamsA
RasEditPhonebookEntryW
RasGetProjectionInfoA
RasHangUpA
VerInstallFileA
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
mixerGetLineControlsA
OleInitialize
PdhUpdateLogW
PdhEnumMachinesW
PdhFormatFromRawValue
PdhEnumObjectItemsW
PdhEnumObjectItemsA
PdhGetFormattedCounterValue
PdhBrowseCountersW
PdhUpdateLogA
PdhBrowseCountersA
PdhAddCounterA
PdhParseCounterPathA
PdhLookupPerfIndexByNameA
PdhAddCounterW
PdhExpandCounterPathA
PdhMakeCounterPathA
PdhSetCounterScaleFactor
PdhLookupPerfIndexByNameW
PdhParseCounterPathW
PdhValidatePathW
PdhGetDllVersion
PdhGetDataSourceTimeRangeA
PdhComputeCounterStatistics
PdhOpenQueryA
PdhCollectQueryData
PdhConnectMachineA
PdhMakeCounterPathW
PdhGetDefaultPerfObjectW
PdhSelectDataSourceA
PdhGetFormattedCounterArrayW
PdhReadRawLogRecord
PdhOpenQueryW
PdhGetDataSourceTimeRangeW
PdhGetCounterTimeBase
PdhGetLogFileSize
PdhGetFormattedCounterArrayA
PdhSelectDataSourceW
PdhConnectMachineW
PdhExpandCounterPathW
PdhGetRawCounterArrayA
PdhEnumObjectsA
PdhGetCounterInfoW
PdhLookupPerfNameByIndexA
PdhGetDefaultPerfCounterA
PdhCloseLog
PdhGetCounterInfoA
PdhGetRawCounterArrayW
PdhEnumObjectsW
PdhGetDefaultPerfCounterW
PdhParseInstanceNameW
PdhLookupPerfNameByIndexW
Number of PE resources by type
RT_ICON 7
RT_MENU 7
RT_DIALOG 6
RT_VERSION 1
Th40t888 1
F718KV 1
h67A18t74j1N 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH BELIZE 10
ENGLISH CAN 9
ENGLISH AUS 6
PE resources
Debug information
ExifTool file metadata
SpecialBuild
Similitude

LegalTrademarks
Notaries

SubsystemVersion
4.0

Comments
Recommencing

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.236.188.46

LanguageCode
German (Austrian)

FileFlagsMask
0x003f

FileDescription
Phosphors

CharacterSet
Unicode

InitializedDataSize
802816

PrivateBuild
Officers

EntryPoint
0x1f804

OriginalFileName
Roofing.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1514

FileVersion
116, 31, 153, 212

TimeStamp
2005:06:28 12:13:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Notes

ProductVersion
9, 140, 26, 219

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alice Systems AB

CodeSize
126976

ProductName
Reforestation Scald

ProductVersionNumber
0.109.202.167

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 136d398098f312f57cb37dfa3e3a3a98
SHA1 b329176cabfb55a922346b7ff1d61fcb3bcec8fd
SHA256 5886e013b81f9fbd08d90e4bc27afae05f85a68d54c0420b0f06c6d1ce26cd3b
ssdeep
6144:7UyaIB7HFTnUWz9uF6ZIBZH1zQlRNjnev/0Z4URwkqIYKE:/aqLUWz9uF6ZIBZH1zQlRNjnetURwRr/

authentihash 874131469ab7690bb073c7b3402b6e798d9de43344598608b973baa91fd8a2d4
imphash e239c6a6dc7bf591fad1c63f2bfaea47
File size 272.1 KB ( 278628 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-07-21 04:17:53 UTC ( 1 year, 9 months ago )
Last submission 2017-01-24 11:22:20 UTC ( 3 months ago )
File names 5886e013b81f9fbd08d90e4bc27afae05f85a68d54c0420b0f06c6d1ce26cd3b.tmp.bin
47CA.tm_
2c8a869d.exe
2015-07-21-Angler-EK-CryptoWall-Payload.exe
5886e013b81f9fbd08d90e4bc27afae05f85a68d54c0420b0f06c6d1ce26cd3b.exe
74441dcd.exe
5886e013b81f9fbd08d90e4bc27afae05f85a68d54c0420b0f06c6d1ce26cd3b.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened service managers