× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0
File name: a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0....
Detection ratio: 47 / 60
Analysis date: 2017-05-23 15:52:24 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5079895 20170523
AegisLab Ml.Attribute.Gen!c 20170523
AhnLab-V3 Win-Trojan/MDA.630F094C 20170523
ALYac Worm.EternalRocks 20170523
Arcabit Trojan.Generic.D4D8357 20170523
Avast Win32:Malware-gen 20170523
Avira (no cloud) TR/ShadowBrokers.jjadk 20170523
AVware Trojan.Win32.Generic!BT 20170523
BitDefender Trojan.GenericKD.5079895 20170523
CAT-QuickHeal Trojan.Shadowbrokers 20170523
ClamAV Win.Worm.EternalRocks-6320367-0 20170523
Comodo TrojWare.Win32.EternalRock.XST 20170523
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.VWTY-4281 20170523
DrWeb BackDoor.Spy.3365 20170523
Emsisoft Trojan.GenericKD.5079895 (B) 20170523
Endgame malicious (moderate confidence) 20170515
ESET-NOD32 a variant of MSIL/Agent.ON 20170523
F-Prot W32/Trojan5.PHW 20170523
F-Secure Trojan.GenericKD.5079895 20170523
Fortinet W32/ShadowBrokers.CQ!tr 20170523
GData Trojan.GenericKD.5079895 20170523
Ikarus Worm.DoomsDay 20170523
Sophos ML virus.win32.expiro.cx 20170519
Jiangmin Worm.EternalRocks.h 20170523
K7AntiVirus Trojan ( 00361abb1 ) 20170523
K7GW Trojan ( 00361abb1 ) 20170523
Kaspersky Trojan.Win32.ShadowBrokers.cq 20170523
Malwarebytes Exploit.EternalRocks 20170523
McAfee Trojan-Bluedoom!198F27F5AB97 20170523
McAfee-GW-Edition BehavesLike.Win32.Spybot.tc 20170523
Microsoft TrojanDropper:MSIL/Eterock.A 20170523
eScan Trojan.GenericKD.5079895 20170523
nProtect Trojan/W32.ShadowBrokers.5277184 20170523
Palo Alto Networks (Known Signatures) generic.ml 20170523
Panda Trj/GdSda.A 20170522
Qihoo-360 Trojan.Generic 20170523
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Eterocks-A 20170523
Symantec W32.Eternalrocks 20170523
Tencent Win32.Trojan.Shadowbrokers.Dzkp 20170523
TrendMicro TROJ_ETEROCK.A 20170523
TrendMicro-HouseCall TROJ_ETEROCK.A 20170523
VIPRE Trojan.Win32.Generic!BT 20170523
ViRobot Trojan.Win32.Agent.5277184[h] 20170523
Webroot W32.Trojan.Gen 20170523
ZoneAlarm by Check Point Trojan.Win32.ShadowBrokers.cq 20170523
Alibaba 20170523
Antiy-AVL 20170523
AVG 20170523
Bkav 20170523
CMC 20170523
Kingsoft 20170523
NANO-Antivirus 20170523
Rising 20170523
SUPERAntiSpyware 20170523
Symantec Mobile Insight 20170523
TheHacker 20170522
Trustlook 20170523
VBA32 20170523
WhiteArmor 20170517
Yandex 20170518
Zillya 20170523
Zoner 20170523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2017

Product EternalRocks
Original name EternalRocks.exe
Internal name EternalRocks.exe
File version 1.0.0.0
Description EternalRocks
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 21:50:22
Entry Point 0x0051000A
Number of sections 5
.NET details
Module Version ID a4ddbe4f-d823-45f5-9b16-515b5f261da4
TypeLib ID 3f701d4b-9b5d-40f1-bb00-40757ddc1634
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
4739072

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
EternalRocks

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x51000a

OriginalFileName
EternalRocks.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2017

FileVersion
1.0.0.0

TimeStamp
2017:05:11 23:50:22+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
EternalRocks.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
537088

ProductName
EternalRocks

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 198f27f5ab972bfd99e89802e40d6ba7
SHA1 e8b40f35af4d5bb24d73faa5a4babb86191b5310
SHA256 a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0
ssdeep
98304:aE8msmmmnWH92McSBfvSG/hux95f1nsK0HYHHHAzoqu:aJd2M5BfJqf1n70toP

authentihash dc825bffc7541711597c1f2e8a0d05e299a863e44f27c2e66660bc72dbbab26c
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 5.0 MB ( 5277184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-05-16 07:54:42 UTC ( 2 years ago )
Last submission 2019-03-14 07:14:01 UTC ( 2 months, 1 week ago )
File names 2
a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0.bin
e8b40f35af4d5bb24d73faa5a4babb86191b5310.exe
a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0.exe
a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0
taskhost.exe
e8b40f35af4d5bb24d73faa5a4babb86191b5310.exe
a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0.__.exe
EternalRocks.exe
a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0.exe
a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0.exe
a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0.exe
aa.exe
EternalRocks network worm Second stage (3)
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!