× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87f202a4c28b27437f505873d8dcbe1cc966a27efa4d79b440704cf341ab4a22
File name: petya.exe
Detection ratio: 15 / 57
Analysis date: 2016-03-25 23:51:53 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.FU.euX@aKaMhFe 20160325
AegisLab Backdoor.W32.Gen 20160325
Arcabit Trojan.Heur.FU.E9A9F3 20160325
Avast Win32:Evo-gen [Susp] 20160325
AVG Ransom_r.DD 20160325
Avira (no cloud) TR/Crypt.ZPACK.Gen 20160325
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160325
BitDefender Gen:Trojan.Heur.FU.euX@aKaMhFe 20160325
Bkav W32.HfsAutoB.AA6A 20160325
Emsisoft Gen:Trojan.Heur.FU.euX@aKaMhFe (B) 20160325
ESET-NOD32 a variant of Win32/Diskcoder.B 20160325
F-Secure Gen:Trojan.Heur.FU.euX@aKaMhFe 20160325
GData Gen:Trojan.Heur.FU.euX@aKaMhFe 20160325
eScan Gen:Trojan.Heur.FU.euX@aKaMhFe 20160325
Qihoo-360 QVM19.1.Malware.Gen 20160326
Yandex 20160316
AhnLab-V3 20160325
Alibaba 20160323
ALYac 20160325
Antiy-AVL 20160325
AVware 20160325
Baidu-International 20160325
ByteHero 20160326
CAT-QuickHeal 20160325
ClamAV 20160325
CMC 20160322
Comodo 20160325
Cyren 20160325
DrWeb 20160325
F-Prot 20160326
Fortinet 20160326
Ikarus 20160325
Jiangmin 20160325
K7AntiVirus 20160325
K7GW 20160323
Kaspersky 20160325
Kingsoft 20160326
Malwarebytes 20160325
McAfee 20160326
McAfee-GW-Edition 20160325
Microsoft 20160325
NANO-Antivirus 20160326
nProtect 20160325
Panda 20160325
Rising 20160326
Sophos AV 20160325
SUPERAntiSpyware 20160326
Symantec 20160325
Tencent 20160326
TheHacker 20160325
TrendMicro 20160325
TrendMicro-HouseCall 20160325
VBA32 20160325
VIPRE 20160325
ViRobot 20160325
Zillya 20160325
Zoner 20160325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-23 20:07:25
Entry Point 0x00009113
Number of sections 5
PE sections
Overlays
MD5 b4202f7fe985b9648b4676e6f70832bd
File type ASCII text
Offset 70144
Size 3584
Entropy 0.00
PE imports
LookupPrivilegeValueA
CryptReleaseContext
OpenProcessToken
CryptAcquireContextA
CryptGenRandom
AdjustTokenPrivileges
DeviceIoControl
GetModuleHandleA
HeapFree
SetFilePointer
GetLastError
ReadFile
WriteFile
GetCurrentProcess
HeapAlloc
CloseHandle
SetFilePointerEx
CreateFileA
GetTickCount
GetSystemDirectoryA
GetProcAddress
GetProcessHeap
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:23 21:07:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
33792

LinkerVersion
12.0

EntryPoint
0x9113

InitializedDataSize
13312

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 963486416ccffc798c476656157bfa1e
SHA1 f522b3ab9e1adc72a6d1140ef974ccbe3de3193d
SHA256 87f202a4c28b27437f505873d8dcbe1cc966a27efa4d79b440704cf341ab4a22
ssdeep
768:JQbZC54xMsPpWnEr647bBK7cYmhQ3Ep+hjZOpi+KbZ7AdQWvM3EZGS86lxzCWBeI:T2dknUXnTtpCSi+Kl/S8EMW4sx

authentihash 0e5351f1d5bcb98d23e36f808b80a8464cabba60050167bfe6b6a01f3ba0b32c
imphash bf02c8f08fcffad0436a06debe90f32e
File size 72.0 KB ( 73728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-25 23:51:53 UTC ( 1 year, 6 months ago )
Last submission 2016-05-14 04:21:36 UTC ( 1 year, 5 months ago )
File names petya.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!