× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 828b97f7be10840f2d749fa2658c702ba499a69200b7a00c184e80e98931f07a
File name: sata.exe
Detection ratio: 57 / 63
Analysis date: 2017-08-18 04:43:35 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zbot.191 20170818
AegisLab Troj.W32.Generic!c 20170818
AhnLab-V3 Malware/Win32.Generic.C1768929 20170817
ALYac Gen:Variant.Zbot.191 20170818
Antiy-AVL Trojan/Win32.AGeneric 20170818
Arcabit Trojan.Zbot.191 20170818
Avast HLLP-5136 [Trj] 20170818
AVG HLLP-5136 [Trj] 20170818
Avira (no cloud) TR/Dropper.Gen2 20170818
AVware Trojan.Win32.Generic!BT 20170818
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9967 20170817
BitDefender Gen:Variant.Zbot.191 20170818
CAT-QuickHeal Trojan.Dynamer.S467543 20170817
ClamAV Win.Ransomware.Satan-5713061-0 20170818
Comodo TrojWare.Win32.Lepoh.A 20170818
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170818
Cyren W32/Ransom.Satan.A.gen!Eldorado 20170818
DrWeb Trojan.Packed2.39908 20170818
Emsisoft Trojan-Ransom.Satan (A) 20170818
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/Filecoder.Natas.A 20170818
F-Prot W32/Ransom.Satan.A.gen!Eldorado 20170818
F-Secure Gen:Variant.Zbot.191 20170818
Fortinet W32/Generic.AC.3D6041!tr 20170818
GData Gen:Variant.Zbot.191 20170818
Ikarus Trojan-Ransom.Satan 20170817
Sophos ML heuristic 20170818
Jiangmin Trojan.Generic.aslcn 20170818
K7AntiVirus Trojan ( 005043871 ) 20170818
K7GW Trojan ( 005043871 ) 20170817
Kaspersky HEUR:Trojan.Win32.Generic 20170818
Malwarebytes Ransom.Satan 20170818
MAX malware (ai score=89) 20170818
McAfee GenericRXAY-GP!C9C0E385CE10 20170818
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20170818
Microsoft Trojan:Win32/Lepoh!rfn 20170818
eScan Gen:Variant.Zbot.191 20170818
NANO-Antivirus Trojan.Win32.DKPS.elolak 20170818
Palo Alto Networks (Known Signatures) generic.ml 20170818
Panda Trj/Genetic.gen 20170817
Qihoo-360 Win32/Trojan.BO.91d 20170818
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Troj/Ransom-ECZ 20170818
SUPERAntiSpyware Ransom.Satan/Variant 20170818
Symantec Trojan.Gen 20170818
Tencent Win32.Trojan.Raas.Auto 20170818
TheHacker Trojan/Injector.dkps 20170817
TrendMicro Ransom_NATAS.SM1 20170818
TrendMicro-HouseCall Ransom_NATAS.SM1 20170818
VBA32 Trojan.Inject 20170817
VIPRE Trojan.Win32.Generic!BT 20170818
ViRobot Trojan.Win32.Z.Satan.189335.D 20170818
Webroot W32.Malware.gen 20170818
Yandex Trojan.Agent!ZiqTRmsoX64 20170817
Zillya Trojan.Injector.Win32.474808 20170817
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170818
Alibaba 20170818
CMC 20170818
Kingsoft 20170818
nProtect 20170818
Symantec Mobile Insight 20170818
TotalDefense 20170818
Trustlook 20170818
WhiteArmor 20170817
Zoner 20170818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 19:28:24
Entry Point 0x000013B9
Number of sections 4
PE sections
Overlays
MD5 6d77db7a9688fa6d46e2a40a8bf8d052
File type data
Offset 102400
Size 86935
Entropy 8.00
PE imports
CryptReleaseContext
GetUserNameW
CryptGetHashParam
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptCreateHash
CreateToolhelp32Snapshot
HeapFree
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RtlUnwind
Process32NextW
VirtualFree
GetCurrentProcess
GetFileSize
OpenProcess
GetCommandLineW
UnhandledExceptionFilter
DeleteFileW
GetProcAddress
GetThreadContext
Process32FirstW
GetProcessHeap
LoadLibraryW
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
CloseHandle
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
AddVectoredExceptionHandler
CreateFileW
VirtualQuery
CreateProcessW
Sleep
ExitProcess
GetCurrentThread
VirtualAlloc
RemoveVectoredExceptionHandler
FindWindowW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:23 20:28:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
18432

LinkerVersion
12.0

EntryPoint
0x13b9

InitializedDataSize
84992

SubsystemVersion
5.1

ImageVersion
1.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c9c0e385ce10c9d7a7416fbf691939d3
SHA1 67db3c47a8f15fbb8acec353da9ad7b5db897d5f
SHA256 828b97f7be10840f2d749fa2658c702ba499a69200b7a00c184e80e98931f07a
ssdeep
3072:HyIBtQnE7OhssdWJ5jy392aCmCbBqRlBk1xbkNwSazxfqROoGj8EngNdXtQZK:7qvhssdu5jyYaCmCQRlBoRNqR1FEngNN

authentihash f4b023d55d3ff60219ec81820ceee074e05b0efa837f73c5173f2139b0a376b1
imphash 65e9607e6f28a7852bb41a6e2e439a92
File size 184.9 KB ( 189335 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-05-28 11:30:06 UTC ( 4 months, 4 weeks ago )
Last submission 2017-06-27 23:45:16 UTC ( 3 months, 4 weeks ago )
File names c9c0e385.exe
sata.exe
Désinstallateur de virus 4.0.exe
c9c0e385ce10c9d7a7416fbf691939d3.exe
ransomware.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications