× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690
File name: b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690
Detection ratio: 55 / 66
Analysis date: 2018-05-26 17:41:57 UTC ( 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3826045 20180526
AegisLab Troj.Ransom.W32!c 20180526
AhnLab-V3 Trojan/Win32.Agent.C1697484 20180525
ALYac Trojan.Ransom.GoldenEye 20180526
Antiy-AVL Trojan[Ransom]/Win32.Petr 20180526
Arcabit Trojan.Generic.D3A617D 20180526
Avast Win32:Trojan-gen 20180526
AVG Win32:Trojan-gen 20180526
Avira (no cloud) TR/Ransom.paibg 20180526
AVware Trojan.Win32.Generic!BT 20180526
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180526
BitDefender Trojan.GenericKD.3826045 20180526
Bkav W32.CespicodLTH.Trojan 20180525
CAT-QuickHeal Ransom.GoldenEye.A5 20180525
Comodo TrojWare.Win32.Petya.D 20180526
Cylance Unsafe 20180526
Cyren W32/GoldenEye.JKEJ-2494 20180526
DrWeb Trojan.MBRlock.265 20180526
Emsisoft Trojan-Ransom.GoldenEye (A) 20180526
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win32/Diskcoder.Petya.D 20180526
F-Prot W32/GoldenEye.A 20180526
F-Secure Trojan.GenericKD.3826045 20180526
Fortinet W32/Petya.D!tr.ransom 20180526
GData Win32.Trojan-Ransom.Petya.S 20180526
Ikarus Trojan-Ransom.GoldenEye 20180526
Sophos ML heuristic 20180503
Jiangmin Trojan.DiskWriter.bp 20180526
K7AntiVirus Trojan ( 004ffb661 ) 20180526
K7GW Trojan ( 004ffb661 ) 20180526
Kaspersky Trojan-Ransom.Win32.Petr.eu 20180526
Malwarebytes Ransom.Petya 20180526
MAX malware (ai score=100) 20180526
McAfee Generic.aaf 20180526
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20180526
Microsoft Ransom:Win32/Petya 20180526
eScan Trojan.GenericKD.3826045 20180526
NANO-Antivirus Trojan.Win32.Ransom.ejgwkv 20180526
nProtect Ransom/W32.Petya.260608 20180526
Palo Alto Networks (Known Signatures) generic.ml 20180526
Panda Trj/Ransom.CD 20180525
Qihoo-360 Trojan.Generic 20180526
Rising Trojan.Win32.Petrx.a (KTSE) 20180525
Sophos AV Troj/Petya-Z 20180526
Symantec Ransom.Goldeneye 20180526
Tencent Win32.Trojan.Petya.Nkgi 20180526
TrendMicro Ransom_GOLDENEYE.A 20180526
TrendMicro-HouseCall Ransom_GOLDENEYE.A 20180526
VBA32 Trojan.MBRlock 20180525
VIPRE Trojan.Win32.Generic!BT 20180526
ViRobot Trojan.Win32.Z.Petya.260608 20180526
Webroot W32.Trojan.Gen 20180526
Yandex Trojan.Agent!47ebzK+A2ug 20180524
ZoneAlarm by Check Point Trojan-Ransom.Win32.Petr.eu 20180526
Zoner Trojan.Petya 20180526
Alibaba 20180525
Avast-Mobile 20180525
Babable 20180406
ClamAV 20180526
CMC 20180526
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180526
Kingsoft 20180526
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180526
Symantec Mobile Insight 20180525
TheHacker 20180524
TotalDefense 20180526
Trustlook 20180526
Zillya 20180525
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-18 21:01:49
Entry Point 0x0000C424
Number of sections 5
PE sections
PE imports
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
GetOpenFileNameA
PrintDlgA
GetSaveFileNameA
ChooseFontA
Polygon
CreatePen
CreateFontIndirectA
SetStretchBltMode
Rectangle
SetMapMode
GetObjectA
CreateDCA
LineTo
DeleteDC
SetBkMode
EndDoc
StartPage
BitBlt
SetTextColor
GetDeviceCaps
CreateBitmap
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
SetROP2
EndPage
SelectObject
StartDocA
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
Ellipse
GetStdHandle
GetFileAttributesA
WaitForSingleObject
SetEndOfFile
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
LoadLibraryExW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
LoadResource
InterlockedDecrement
FormatMessageA
SetLastError
OutputDebugStringW
GetModuleFileNameW
Beep
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetThreadPriority
EnumSystemLocalesW
TlsGetValue
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
CreateSemaphoreW
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
ReadConsoleW
GetVersion
LeaveCriticalSection
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
DeleteFileA
GetDateFormatW
GetStartupInfoW
GetProcAddress
GetProcessHeap
GetTimeFormatW
GetCurrentThreadId
IsValidLocale
GetUserDefaultLCID
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
Sleep
SetConsoleCtrlHandler
FindResourceA
AlphaBlend
ShellExecuteA
Shell_NotifyIconA
MapWindowPoints
RedrawWindow
GetForegroundWindow
GetParent
EnableWindow
UpdateWindow
UnregisterHotKey
EndDialog
BeginPaint
GetDlgItem
SetFocus
FindWindowW
DefWindowProcA
KillTimer
DestroyMenu
ClipCursor
ShowWindow
PostQuitMessage
FindWindowA
SetWindowPos
GetSysColorBrush
TrackPopupMenu
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
GetMessageExtraInfo
GetDlgItemTextA
MessageBoxA
DialogBoxParamA
ChildWindowFromPoint
SetWindowLongA
TranslateMessage
GetAsyncKeyState
GetSysColor
SetActiveWindow
GetDC
GetKeyState
GetCursorPos
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
GetClipCursor
SetClipboardData
IsWindowVisible
EnumDisplaySettingsA
CloseClipboard
GetClientRect
CreateWindowExA
SetCursorPos
CreateDialogParamA
SetCursor
BringWindowToTop
RegisterClassA
SetRect
InvalidateRect
InsertMenuA
GetWindowLongA
SetTimer
LoadCursorA
LoadIconA
DrawTextA
ChangeDisplaySettingsExA
SetWindowTextA
FillRect
RegisterHotKey
IsDlgButtonChecked
SendMessageA
CheckDlgButton
GetDesktopWindow
InflateRect
EmptyClipboard
TranslateAcceleratorA
SetForegroundWindow
LoadAcceleratorsA
DestroyWindow
GetMessageA
DialogBoxIndirectParamA
OpenClipboard
PlaySoundA
GdipSetInterpolationMode
GdipDrawImageRectRect
GdiplusShutdown
GdipSetPixelOffsetMode
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCreateBitmapFromFileICM
GdipSaveImageToFile
GdiplusStartup
GdipCloneImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipFree
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:06:18 22:01:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
194560

LinkerVersion
11.0

EntryPoint
0xc424

InitializedDataSize
75264

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e068ee33b5e9cb317c1af7cecc1bacb5
SHA1 ef3d2563fa3e29c1be76a149ff91398ab9987775
SHA256 b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690
ssdeep
3072:rTAjnioLO7WpLyLNZ45OlTZHiKb8ljJ3ijAviJcfM698RyOiy12KJ3I4YgTl:r6nrD0ZvRcjcOiJ+98X2sYXg

authentihash 553ac1dc3ebb1caac920a221ed517d6ed6b28fc45532fd7b3fcdcd3bc2e817ab
imphash eadbe699c9f56194b9bbdf2dd7631233
File size 254.5 KB ( 260608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-06 09:28:55 UTC ( 1 year, 6 months ago )
Last submission 2018-05-26 17:41:57 UTC ( 4 weeks ago )
File names b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690.exe
rad8FE4F.ex$
GoldenEye.exe
bad2.exe
radF1016.exe
radBA016.exe
e068ee33b5e9cb317c1af7cecc1bacb5
b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690
radF3E9A.exe
rad6E140.exe
radF1016.exe-attention
Kopie_von_rad6F11F.exe.2.bin.exe
b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690
Kopie_von_rad6F11F.exe
b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690.bin
goldeneye.exe.dontrun
Trojan.Ransom.GoldenEye.exe
goldeye.exe
rad859C9.exe.VIRUS
b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690(2).bin
rad20B9E.exe
goldeneye no spreader.exe
Kopie_von_rad6F11F.exe.2.bin.exe
rad6E6BE.exe
radD6E08.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!