× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87915f2f6c1ac2a8354b55bb98d5f85f5de7a4acb2021a579ffa701cd42f452b
File name: bff29fd7fcc923087977aacec721e37e
Detection ratio: 21 / 67
Analysis date: 2018-04-01 16:45:36 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Generic.Ransom.HDDCrypt.6053887E 20180401
ALYac Generic.Ransom.HDDCrypt.6053887E 20180401
Arcabit Generic.Ransom.HDDCrypt.D5C5FFFE 20180401
BitDefender Generic.Ransom.HDDCrypt.6053887E 20180401
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20170201
Cybereason malicious.7fcc92 20180225
Cylance Unsafe 20180401
Emsisoft Generic.Ransom.HDDCrypt.6053887E (B) 20180401
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Filecoder.DCryptor.D 20180401
GData Win32.Trojan-Ransom.Mamba.B 20180401
Sophos ML heuristic 20180121
Kaspersky HEUR:Trojan.Win32.Generic 20180401
MAX malware (ai score=82) 20180401
McAfee Artemis!BFF29FD7FCC9 20180401
McAfee-GW-Edition BehavesLike.Win32.BadFile.tc 20180401
Microsoft Ransom:Win32/Mambretor.D 20180401
eScan Generic.Ransom.HDDCrypt.6053887E 20180401
Sophos AV Mal/Generic-S 20180401
Symantec Ransom.HDDCryptor 20180331
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180401
AegisLab 20180331
AhnLab-V3 20180401
Alibaba 20180330
Antiy-AVL 20180401
Avast 20180401
Avast-Mobile 20180401
AVG 20180401
Avira (no cloud) 20180401
AVware 20180401
Baidu 20180330
Bkav 20180331
CAT-QuickHeal 20180401
ClamAV 20180401
CMC 20180401
Comodo 20180401
Cyren 20180401
DrWeb 20180401
eGambit 20180401
F-Prot 20180401
F-Secure 20180401
Fortinet 20180401
Jiangmin 20180401
K7AntiVirus 20180401
K7GW 20180401
Kingsoft 20180401
Malwarebytes 20180401
NANO-Antivirus 20180401
nProtect 20180331
Palo Alto Networks (Known Signatures) 20180401
Panda 20180401
Qihoo-360 20180401
Rising 20180406
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180401
Symantec Mobile Insight 20180311
Tencent 20180401
TheHacker 20180330
TotalDefense 20180401
TrendMicro 20180401
TrendMicro-HouseCall 20180401
Trustlook 20180401
VBA32 20180330
VIPRE 20180401
ViRobot 20180401
WhiteArmor 20180324
Yandex 20180331
Zillya 20180330
Zoner 20180331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-27 13:35:05
Entry Point 0x00015C56
Number of sections 5
PE sections
PE imports
ChangeServiceConfig2W
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenSCManagerW
AdjustTokenPrivileges
StartServiceCtrlDispatcherW
LookupPrivilegeValueW
CreateServiceW
GetNativeSystemInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
OutputDebugStringW
GetLocaleInfoW
GetModuleFileNameW
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetCPInfo
SetStdHandle
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetConsoleMode
HeapSize
GetCurrentProcessId
GetUserDefaultLCID
LockResource
GetCommandLineW
WideCharToMultiByte
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetProcessHeap
ExitProcess
RaiseException
UnhandledExceptionFilter
CreateThread
TlsFree
GetModuleHandleA
GetSystemDirectoryW
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
ReadConsoleW
GetOEMCP
TerminateProcess
GetConsoleCP
CreateEventW
GetSystemTimeAsFileTime
GetModuleHandleExW
IsValidCodePage
LoadResource
FindResourceW
CreateFileW
GetConsoleWindow
GetStringTypeW
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
WriteConsoleW
AreFileApisANSI
SetLastError
LeaveCriticalSection
ShellExecuteW
ShellExecuteA
PathFileExistsW
ShowWindow
ExitWindowsEx
Number of PE resources by type
64DCCON.EXE 1
32DCCON.EXE 1
32DCAPI.DLL 1
32DCINST.EXE 1
64DCINST.EXE 1
RT_MANIFEST 1
64DCAPI.DLL 1
64DCRYPT.SYS 1
SQLITE3.DLL 1
32DCRYPT.SYS 1
Number of PE resources by language
ENGLISH UK 9
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:27 14:35:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
174592

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x15c56

InitializedDataSize
1440256

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 bff29fd7fcc923087977aacec721e37e
SHA1 84390c1b7d404b67712eaea17e265f14d1237355
SHA256 87915f2f6c1ac2a8354b55bb98d5f85f5de7a4acb2021a579ffa701cd42f452b
ssdeep
24576:Dy2y8JTpF/HHsRn49iWMWQ89uh9xVCjZrR6mx8lYx4sFhxNhoNhwDbUjzLv9YNhY:s8JTIF4g29MxUPzxjhxN6N8UPRYN6Nd

authentihash 438b32db68dfd52b09119d92c375d9327fe97672ed540bc8a259ef35d6541d4b
imphash 6bb0d756705c14a4524e0207d83d76ef
File size 1.5 MB ( 1607168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-01 16:45:36 UTC ( 5 months, 3 weeks ago )
Last submission 2018-04-05 07:54:36 UTC ( 5 months, 3 weeks ago )
File names bff29fd7fcc923087977aacec721e37e
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files