× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 729a25f8ff0b40f816c85da75b5d29425f9685f8c006ba54d73292c214fe3db1
File name: 11[1].exe
Detection ratio: 8 / 59
Analysis date: 2017-02-19 21:30:09 UTC ( 2 years ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170219
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9992 20170217
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Sophos ML virus.win32.ramnit.ah 20170203
Kaspersky Trojan-Ransom.Win32.Locky.xmx 20170219
Rising Malware.Generic.6!tfe (thunder:6:WvzyCyRissS) 20170219
Symantec ML.Attribute.HighConfidence 20170219
Webroot Malicious 20170219
Ad-Aware 20170219
AhnLab-V3 20170219
Alibaba 20170217
ALYac 20170219
Antiy-AVL 20170219
Arcabit 20170219
Avast 20170219
AVG 20170219
Avira (no cloud) 20170219
AVware 20170219
BitDefender 20170219
Bkav 20170218
CAT-QuickHeal 20170218
ClamAV 20170219
CMC 20170219
Comodo 20170219
Cyren 20170219
DrWeb 20170219
Emsisoft 20170219
Endgame 20170217
ESET-NOD32 20170219
F-Prot 20170219
F-Secure 20170219
Fortinet 20170219
GData 20170219
Ikarus 20170219
Jiangmin 20170218
K7AntiVirus 20170219
K7GW 20170219
Kingsoft 20170219
Malwarebytes 20170219
McAfee 20170219
McAfee-GW-Edition 20170219
Microsoft 20170219
eScan 20170219
NANO-Antivirus 20170219
nProtect 20170219
Panda 20170219
Qihoo-360 20170219
Sophos AV 20170219
SUPERAntiSpyware 20170219
Tencent 20170219
TheHacker 20170218
TotalDefense 20170219
TrendMicro 20170219
TrendMicro-HouseCall 20170219
Trustlook 20170219
VBA32 20170217
VIPRE 20170219
ViRobot 20170219
WhiteArmor 20170215
Yandex 20170219
Zillya 20170218
Zoner 20170219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C)calibre-ebook.com 2007-2015

Product SongsViewport3d
Original name SongsViewport3d.exe
Internal name SongsViewport3d
File version 6.9.6.4
Description Controllers Acknowledged Controversy Chaologists Incorporation
Comments Controllers Acknowledged Controversy Chaologists Incorporation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-19 12:45:18
Entry Point 0x0000FE22
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
LookupAccountNameW
RegCloseKey
OpenProcessToken
RegSetValueExW
LsaClose
FreeSid
SetNamedSecurityInfoA
AddAccessAllowedAce
RegOpenKeyExW
InitializeSecurityDescriptor
OpenThreadToken
InitializeAcl
SetEntriesInAclA
AllocateAndInitializeSid
RegCreateKeyExA
GetNamedSecurityInfoA
GetTokenInformation
SetFileSecurityA
RegQueryValueExW
PrintDlgA
ChooseFontA
CryptUIWizImport
SetGraphicsMode
SetMapMode
PatBlt
SetViewportExtEx
CreatePen
SaveDC
TextOutA
SetDCBrushColor
GetTextMetricsA
CreateRectRgnIndirect
LPtoDP
CombineRgn
SetStretchBltMode
ModifyWorldTransform
Rectangle
GetDeviceCaps
CreateDCA
DeleteDC
EndDoc
SetDCPenColor
SetBkMode
SetWorldTransform
CreateSolidBrush
StartPage
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
GetObjectA
GetCurrentObject
FillRgn
CreateBitmap
CreateBrushIndirect
SetViewportOrgEx
SetArcDirection
CreateCompatibleDC
ExtEscape
SetBrushOrgEx
EndPage
CreateFontIndirectA
SelectObject
StartDocA
SetWindowExtEx
RestoreDC
SetWindowOrgEx
DPtoLP
GetStockObject
SetBkColor
DeleteObject
CreateCompatibleBitmap
gluPerspective
ImmAssociateContext
GetStdHandle
GetDriveTypeA
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
QueryDosDeviceA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
DeleteFileA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
FindFirstFileA
lstrcpyA
GetComputerNameA
IsValidLocale
GetProcAddress
CreateFileW
GetConsoleWindow
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetConsoleTitleA
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
NetServerEnum
NetUserAdd
NetShareGetInfo
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayCreate
SysFreeString
VariantInit
glViewport
glMatrixMode
glLoadIdentity
RasSetEntryPropertiesA
RasGetEntryPropertiesA
CM_Request_Device_EjectW
CM_Get_Parent
SHGetFolderLocation
SHGetFolderPathA
SHGetMalloc
ShellExecuteA
SHGetDesktopFolder
StrRetToBufA
PathRemoveFileSpecA
PathAppendA
PathRemoveExtensionA
AcquireCredentialsHandleA
AcceptSecurityContext
LockWindowUpdate
UpdateWindow
EndDialog
PostQuitMessage
SetSysColors
SetSystemCursor
FindWindowA
DefWindowProcA
ShowWindow
SetWindowPos
GetDesktopWindow
GetWindowRect
EndPaint
MoveWindow
SetUserObjectInformationA
SetRect
ScreenToClient
SetDlgItemInt
MessageBoxA
OpenWindowStationA
SetWindowLongA
SetProcessWindowStation
DialogBoxParamA
GetSysColor
GetDlgItemInt
GetScrollInfo
SetScrollInfo
GetCursorPos
SystemParametersInfoA
BeginPaint
SendDlgItemMessageA
PtInRect
SendMessageA
GetClientRect
GetDCEx
IsIconic
RegisterClassA
OpenDesktopA
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
ShowCursor
GetSysColorBrush
LoadImageA
wsprintfA
GetDC
ReleaseDC
ScrollWindow
SetCursor
DestroyWindow
timeEndPeriod
timeGetTime
timeBeginPeriod
socket
inet_addr
send
WSACleanup
WSAStartup
connect
htons
recv
MiniDumpWriteDump
EapHostPeerFreeMemory
EapHostPeerFreeErrorMemory
EapHostPeerGetMethods
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipGetImageGraphicsContext
CoUninitialize
CoInitialize
GetRunningObjectTable
CoCreateInstance
CreateBindCtx
CoTaskMemFree
PE exports
Number of PE resources by type
Struct(240) 8
RT_ICON 5
AVI 5
UNICODEDATA 4
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 28
PE resources
ExifTool file metadata
CodeSize
141312

SubsystemVersion
5.1

Comments
Controllers Acknowledged Controversy Chaologists Incorporation

InitializedDataSize
248832

ImageVersion
0.0

ProductName
SongsViewport3d

FileVersionNumber
6.9.6.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

PrivateBuild
6.9.6.4

FileTypeExtension
exe

OriginalFileName
SongsViewport3d.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.9.6.4

TimeStamp
2017:02:19 13:45:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SongsViewport3d

ProductVersion
6.9.6.4

FileDescription
Controllers Acknowledged Controversy Chaologists Incorporation

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
(C)calibre-ebook.com 2007-2015

MachineType
Intel 386 or later, and compatibles

CompanyName
calibre-ebook.com

LegalTrademarks
(C)calibre-ebook.com 2007-2015

FileSubtype
0

ProductVersionNumber
6.9.6.4

EntryPoint
0xfe22

ObjectFileType
Executable application

File identification
MD5 e7d31ce93a3ea6217ab3079d0869b3e1
SHA1 05c611dcd6780f15326421f7ce2b394274613e40
SHA256 729a25f8ff0b40f816c85da75b5d29425f9685f8c006ba54d73292c214fe3db1
ssdeep
6144:n/Ck+qlznX2BtX2kM+hN3lQMaGcU3ywT68GKdHyuXeOUU9ICSSSm:n/CkXNnX2BtX2kM+blS9wT6YsuODU9u4

authentihash be650e852e4a30fed35455d9f4c80fecb43d4675739944860b3a04e89132e704
imphash 440137ac9bf5e2df272a062156cc0084
File size 382.0 KB ( 391168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-19 16:08:04 UTC ( 2 years ago )
Last submission 2017-02-20 02:18:37 UTC ( 2 years ago )
File names SongsViewport3d.exe
11[1].exe
SongsViewport3d
Win32.Ransom.Locky@729a25f8ff0b40f816c85da75b5d29425f9685f8c006ba54d73292c214fe3db1.bin
11.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
UDP communications