× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 729a25f8ff0b40f816c85da75b5d29425f9685f8c006ba54d73292c214fe3db1
File name: Win32.Ransom.Locky@729a25f8ff0b40f816c85da75b5d29425f9685f8c006ba...
Detection ratio: 30 / 59
Analysis date: 2017-02-21 03:01:34 UTC ( 1 year, 12 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4435683 20170221
AegisLab Ml.Attribute.Gen!c 20170220
AhnLab-V3 Trojan/Win32.Locky.C1798510 20170220
Arcabit Trojan.Generic.D43AEE3 20170221
AVG Ransom_r.BPE 20170221
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9992 20170220
BitDefender Trojan.GenericKD.4435683 20170221
CAT-QuickHeal TrojanRansom.Locky 20170220
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.Encoder.10121 20170221
Emsisoft Trojan.GenericKD.4435683 (B) 20170220
ESET-NOD32 a variant of Generik.NWPWBPV 20170221
F-Secure Trojan.GenericKD.4435683 20170221
Fortinet W32/Locky.XMX!tr 20170221
GData Trojan.GenericKD.4435683 20170220
Sophos ML virus.win32.ramnit.ah 20170203
K7AntiVirus Riskware ( 0040eff71 ) 20170220
K7GW Riskware ( 0040eff71 ) 20170220
Kaspersky Trojan-Ransom.Win32.Locky.xmx 20170221
Malwarebytes Ransom.Locky 20170220
McAfee Artemis!E7D31CE93A3E 20170220
McAfee-GW-Edition BehavesLike.Win32.Dropper.fh 20170221
eScan Trojan.GenericKD.4435683 20170220
nProtect Ransom/W32.Locky.391168 20170221
Symantec Trojan.Gen 20170220
Tencent Win32.Trojan.Locky.Amvr 20170221
TrendMicro Ransom_LOCKY.F117BK 20170221
TrendMicro-HouseCall Ransom_LOCKY.F117BK 20170220
ViRobot Trojan.Win32.Locky.391168[h] 20170221
Webroot Malicious 20170221
Alibaba 20170220
ALYac 20170220
Antiy-AVL 20170221
Avast 20170221
Avira (no cloud) 20170220
AVware 20170221
Bkav 20170220
ClamAV 20170221
CMC 20170220
Comodo 20170221
Cyren 20170221
Endgame 20170217
F-Prot 20170220
Ikarus 20170220
Jiangmin 20170221
Kingsoft 20170221
Microsoft 20170220
NANO-Antivirus 20170220
Panda 20170220
Qihoo-360 20170221
Rising 20170217
Sophos AV 20170220
SUPERAntiSpyware 20170220
TheHacker 20170220
TotalDefense 20170220
Trustlook 20170221
VBA32 20170220
VIPRE 20170221
WhiteArmor 20170215
Yandex 20170220
Zillya 20170220
Zoner 20170221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C)calibre-ebook.com 2007-2015

Product SongsViewport3d
Original name SongsViewport3d.exe
Internal name SongsViewport3d
File version 6.9.6.4
Description Controllers Acknowledged Controversy Chaologists Incorporation
Comments Controllers Acknowledged Controversy Chaologists Incorporation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-19 12:45:18
Entry Point 0x0000FE22
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
LookupAccountNameW
RegCloseKey
OpenProcessToken
RegSetValueExW
LsaClose
FreeSid
SetNamedSecurityInfoA
AddAccessAllowedAce
RegOpenKeyExW
InitializeSecurityDescriptor
OpenThreadToken
InitializeAcl
SetEntriesInAclA
AllocateAndInitializeSid
RegCreateKeyExA
GetNamedSecurityInfoA
GetTokenInformation
SetFileSecurityA
RegQueryValueExW
PrintDlgA
ChooseFontA
CryptUIWizImport
SetGraphicsMode
SetMapMode
PatBlt
SetViewportExtEx
CreatePen
SaveDC
TextOutA
SetDCBrushColor
GetTextMetricsA
CreateRectRgnIndirect
LPtoDP
CombineRgn
SetStretchBltMode
ModifyWorldTransform
Rectangle
GetDeviceCaps
CreateDCA
DeleteDC
EndDoc
SetDCPenColor
SetBkMode
SetWorldTransform
CreateSolidBrush
StartPage
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
GetObjectA
GetCurrentObject
FillRgn
CreateBitmap
CreateBrushIndirect
SetViewportOrgEx
SetArcDirection
CreateCompatibleDC
ExtEscape
SetBrushOrgEx
EndPage
CreateFontIndirectA
SelectObject
StartDocA
SetWindowExtEx
RestoreDC
SetWindowOrgEx
DPtoLP
GetStockObject
SetBkColor
DeleteObject
CreateCompatibleBitmap
gluPerspective
ImmAssociateContext
GetStdHandle
GetDriveTypeA
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
QueryDosDeviceA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
DeleteFileA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
FindFirstFileA
lstrcpyA
GetComputerNameA
IsValidLocale
GetProcAddress
CreateFileW
GetConsoleWindow
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetConsoleTitleA
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
NetServerEnum
NetUserAdd
NetShareGetInfo
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayCreate
SysFreeString
VariantInit
glViewport
glMatrixMode
glLoadIdentity
RasSetEntryPropertiesA
RasGetEntryPropertiesA
CM_Request_Device_EjectW
CM_Get_Parent
SHGetFolderLocation
SHGetFolderPathA
SHGetMalloc
ShellExecuteA
SHGetDesktopFolder
StrRetToBufA
PathRemoveFileSpecA
PathAppendA
PathRemoveExtensionA
AcquireCredentialsHandleA
AcceptSecurityContext
LockWindowUpdate
UpdateWindow
EndDialog
PostQuitMessage
SetSysColors
SetSystemCursor
FindWindowA
DefWindowProcA
ShowWindow
SetWindowPos
GetDesktopWindow
GetWindowRect
EndPaint
MoveWindow
SetUserObjectInformationA
SetRect
ScreenToClient
SetDlgItemInt
MessageBoxA
OpenWindowStationA
SetWindowLongA
SetProcessWindowStation
DialogBoxParamA
GetSysColor
GetDlgItemInt
GetScrollInfo
SetScrollInfo
GetCursorPos
SystemParametersInfoA
BeginPaint
SendDlgItemMessageA
PtInRect
SendMessageA
GetClientRect
GetDCEx
IsIconic
RegisterClassA
OpenDesktopA
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
ShowCursor
GetSysColorBrush
LoadImageA
wsprintfA
GetDC
ReleaseDC
ScrollWindow
SetCursor
DestroyWindow
timeEndPeriod
timeGetTime
timeBeginPeriod
socket
inet_addr
send
WSACleanup
WSAStartup
connect
htons
recv
MiniDumpWriteDump
EapHostPeerFreeMemory
EapHostPeerFreeErrorMemory
EapHostPeerGetMethods
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipGetImageGraphicsContext
CoUninitialize
CoInitialize
GetRunningObjectTable
CoCreateInstance
CreateBindCtx
CoTaskMemFree
PE exports
Number of PE resources by type
Struct(240) 8
RT_ICON 5
AVI 5
UNICODEDATA 4
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 28
PE resources
ExifTool file metadata
CodeSize
141312

SubsystemVersion
5.1

Comments
Controllers Acknowledged Controversy Chaologists Incorporation

InitializedDataSize
248832

ImageVersion
0.0

ProductName
SongsViewport3d

FileVersionNumber
6.9.6.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

PrivateBuild
6.9.6.4

FileTypeExtension
exe

OriginalFileName
SongsViewport3d.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.9.6.4

TimeStamp
2017:02:19 13:45:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SongsViewport3d

ProductVersion
6.9.6.4

FileDescription
Controllers Acknowledged Controversy Chaologists Incorporation

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
(C)calibre-ebook.com 2007-2015

MachineType
Intel 386 or later, and compatibles

CompanyName
calibre-ebook.com

LegalTrademarks
(C)calibre-ebook.com 2007-2015

FileSubtype
0

ProductVersionNumber
6.9.6.4

EntryPoint
0xfe22

ObjectFileType
Executable application

File identification
MD5 e7d31ce93a3ea6217ab3079d0869b3e1
SHA1 05c611dcd6780f15326421f7ce2b394274613e40
SHA256 729a25f8ff0b40f816c85da75b5d29425f9685f8c006ba54d73292c214fe3db1
ssdeep
6144:n/Ck+qlznX2BtX2kM+hN3lQMaGcU3ywT68GKdHyuXeOUU9ICSSSm:n/CkXNnX2BtX2kM+blS9wT6YsuODU9u4

authentihash be650e852e4a30fed35455d9f4c80fecb43d4675739944860b3a04e89132e704
imphash 440137ac9bf5e2df272a062156cc0084
File size 382.0 KB ( 391168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-19 16:08:04 UTC ( 2 years ago )
Last submission 2017-02-20 02:18:37 UTC ( 2 years ago )
File names SongsViewport3d.exe
11[1].exe
SongsViewport3d
Win32.Ransom.Locky@729a25f8ff0b40f816c85da75b5d29425f9685f8c006ba54d73292c214fe3db1.bin
11.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
UDP communications