× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2
File name: SDFormatter
Detection ratio: 60 / 68
Analysis date: 2018-06-20 00:15:27 UTC ( 1 day ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2846605 20180619
AegisLab Troj.Ransom.W32.Cryptodef!c 20180619
AhnLab-V3 Trojan/Win32.CryptoWall.R212496 20180619
ALYac Trojan.Ransom.CryptoWall 20180619
Antiy-AVL Trojan/Win32.SGeneric 20180620
Arcabit Trojan.Generic.D2B6F8D 20180619
Avast Win32:CryptoWall-AF [Trj] 20180619
AVG Win32:CryptoWall-AF [Trj] 20180619
Avira (no cloud) TR/FileCoder.319488 20180619
AVware Trojan.Win32.Generic!BT 20180618
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
BitDefender Trojan.GenericKD.2846605 20180619
Bkav W32.JeringarLTAI.Worm 20180619
CAT-QuickHeal Ransom.Crowti.TS1 20180619
ClamAV Win.Virus.CryptoWall4-2 20180619
CMC Trojan.Win32.Inject!O 20180619
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cybereason malicious.2e3a2b 20180225
Cylance Unsafe 20180620
Cyren W32/Cryptodef.FHHF-2809 20180620
DrWeb Trojan.DownLoader17.39349 20180619
Emsisoft Trojan.GenericKD.2846605 (B) 20180619
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Filecoder.CryptoWall.C 20180619
F-Prot W32/Cryptodef.A 20180619
F-Secure Trojan.GenericKD.2846605 20180620
Fortinet W32/Kryptik.EDFO!tr 20180619
GData Win32.Trojan.Agent.TQG1S9 20180619
Ikarus Trojan.Win32.Filecoder 20180619
Jiangmin Trojan.Cryptodef.gc 20180619
K7AntiVirus Trojan ( 004dc66a1 ) 20180619
K7GW Trojan ( 004dc66a1 ) 20180620
Kaspersky Trojan.Win32.Inject.vmtw 20180619
MAX malware (ai score=100) 20180620
McAfee Ransom-CWall.b 20180619
McAfee-GW-Edition Ransom-CWall.b 20180619
Microsoft Ransom:Win32/Crowti 20180619
eScan Trojan.GenericKD.2846605 20180619
NANO-Antivirus Trojan.Win32.Cryptodef.efhcwq 20180619
Palo Alto Networks (Known Signatures) generic.ml 20180620
Panda Trj/WLT.B 20180619
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20180620
Rising Trojan.Spy.Win32.Crowti.ic (CLASSIC) 20180619
SentinelOne (Static ML) static engine - malicious 20180618
Sophos AV Troj/Ransom-BPB 20180620
SUPERAntiSpyware Trojan.Agent/Gen-Ransom 20180619
Symantec Ransom.Cryptowall.B 20180619
TACHYON Trojan/W32.Cryptodef.319488 20180619
Tencent Win32.Trojan.Raas.Auto 20180620
TheHacker Trojan/Filecoder.co 20180619
TrendMicro Ransom_CRYPWALL.XXUAB 20180619
TrendMicro-HouseCall Ransom_CRYPWALL.XXUAB 20180620
VBA32 Hoax.Cryptodef 20180619
VIPRE Trojan.Win32.Generic!BT 20180619
ViRobot Trojan.Win32.CryptoWall.319488 20180619
Webroot Trojan.Dropper.Gen 20180620
Yandex Trojan.Cryptodef! 20180618
Zillya Trojan.Filecoder.Win32.1234 20180619
ZoneAlarm by Check Point Trojan.Win32.Inject.vmtw 20180619
Zoner Trojan.Cryptodef 20180619
Alibaba 20180619
Avast-Mobile 20180619
Babable 20180406
Comodo 20180620
eGambit 20180620
Sophos ML 20180601
Kingsoft 20180620
Malwarebytes 20180619
Symantec Mobile Insight 20180619
TotalDefense 20180619
Trustlook 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) Panasonic and TRENDY Co.

Product SD Formatter V4.0.0.0
Original name SDFormatter.exe
Internal name SDFormatter
File version 4, 0, 0, 0
Description Format Tool for SD Card [Normal Area Only]
Comments SD Formatter Version 3.1.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-17 17:53:24
Entry Point 0x0002E44B
Number of sections 4
PE sections
PE imports
FreeConsole
GetConsoleOutputCP
InterlockedPopEntrySList
GetOverlappedResult
WaitForSingleObject
GetDriveTypeA
SetConsoleCursorPosition
GetStdHandle
GetCurrentProcess
GetLocaleInfoA
GetVolumeInformationW
GetSystemDirectoryW
GetThreadContext
EnumResourceLanguagesW
IsDBCSLeadByteEx
GetTempPathA
WideCharToMultiByte
GetTempPathW
ReleaseActCtx
SetFileAttributesA
InterlockedPushEntrySList
OutputDebugStringW
AllocConsole
TlsGetValue
MoveFileW
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
PeekNamedPipe
GetLargestConsoleWindowSize
CopyFileA
EnumCalendarInfoA
InterlockedExchangeAdd
CreateActCtxW
GetPrivateProfileStringA
SetConsoleCtrlHandler
FindClose
UnhandledExceptionFilter
SetFilePointerEx
FlushInstructionCache
SetFileAttributesW
GlobalAddAtomW
SetEnvironmentVariableW
GetSystemDefaultUILanguage
CreateSemaphoreW
ConvertDefaultLocale
ReadFile
IsProcessorFeaturePresent
GetSystemDirectoryA
MoveFileExA
GlobalMemoryStatus
WriteConsoleA
GetModuleHandleExW
SearchPathA
VirtualQueryEx
GetVersion
AreFileApisANSI
EnterCriticalSection
GetSystemTime
SetHandleCount
GetVersionExW
FreeLibrary
IsBadWritePtr
TlsAlloc
VirtualProtect
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
ReadProcessMemory
DeleteFileW
WaitForMultipleObjects
GetTimeFormatW
HeapValidate
GetTimeFormatA
GetTempFileNameA
IsValidLocale
DuplicateHandle
GetBinaryTypeA
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
LeaveCriticalSection
SetStdHandle
UnmapViewOfFile
GetSystemInfo
lstrlenA
GetThreadLocale
lstrlenW
GetShortPathNameA
CompareFileTime
SetFileTime
HeapQueryInformation
GetCPInfo
HeapSize
InterlockedCompareExchange
OpenMutexA
SuspendThread
QueryPerformanceFrequency
SetSystemPowerState
GlobalFlags
CloseHandle
OpenMutexW
EnumResourceTypesW
SetDllDirectoryW
DeleteVolumeMountPointA
HeapCreate
FindResourceExW
TransactNamedPipe
IsBadStringPtrA
GetProcessVersion
OpenEventA
CreateDialogParamW
SendDlgItemMessageA
SetInternalWindowPos
LoadCursorA
GetSysColor
GetPropA
DefDlgProcA
TranslateAccelerator
WaitForInputIdle
SetUserObjectSecurity
GetAltTabInfo
GetMenuStringA
DisplayExitWindowsWarnings
SetSystemMenu
GetAncestor
LoadMenuW
GetDC
PtInRect
Number of PE resources by type
RT_STRING 20
RT_CURSOR 17
RT_GROUP_CURSOR 16
RT_DIALOG 7
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
JAPANESE DEFAULT 52
ENGLISH US 14
PE resources
ExifTool file metadata
SpecialBuild
TRENDY Corporation

SubsystemVersion
4.0

Comments
SD Formatter Version 3.1.0.0

InitializedDataSize
69632

ImageVersion
0.0

ProductName
SD Formatter V4.0.0.0

FileVersionNumber
4.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

PrivateBuild
TRENDY Corporation

FileTypeExtension
exe

OriginalFileName
SDFormatter.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4, 0, 0, 0

TimeStamp
2015:07:17 18:53:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SDFormatter

ProductVersion
4, 0, 0, 0

FileDescription
Format Tool for SD Card [Normal Area Only]

OSVersion
4.0

FileOS
Win32

LegalCopyright
(C) Panasonic and TRENDY Co.

MachineType
Intel 386 or later, and compatibles

CompanyName
TRENDY Corporation

CodeSize
245760

FileSubtype
0

ProductVersionNumber
4.0.0.0

EntryPoint
0x2e44b

ObjectFileType
Executable application

File identification
MD5 5384f752e3a2b59fad9d0f143ce0215a
SHA1 949f1903642e72575e107ee492faba670c8e0006
SHA256 bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2
ssdeep
6144:iT+yNR5UrrQzuSMsoIE38RvvYLyH/rhcM9Ua8YLC39VQKgb5WrZa:nyNXU/QmIE38RvvNTKQ7C39yKgb5W

authentihash e3c79cf36396e23b1c534f9388a429c61a20cda013f1c18d5921371416a0ee4f
imphash af149e51499bf8892a701b93f1faf50c
File size 312.0 KB ( 319488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-03 14:52:11 UTC ( 2 years, 7 months ago )
Last submission 2018-05-14 23:55:53 UTC ( 1 month, 1 week ago )
File names 949f1903642e72575e107ee492faba670c8e0006.exe
126977153.exe
Cryptowall-v4.exe
bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2.bin
bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2.exe
1a6ea899bb.exe.150484.DROPPED
CryptoWall 4.0.exe
analitics.exe
bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2.exe
filename
abc.jpg
MY VIRUS.bat
949f1903642e72575e107ee492faba670c8e0006.exe_
bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2 (1).exe
cryptowall-v4.exe
syria.exe
cryptowall
2015-11-04-Cryptowall-v4.exe
5384f752e3a2b59fad9d0f143ce0215a.exe
c2f4e91b1a5e6787080901cb21aca63c1c72f21a.exe
analitics.exe
1a6ea899bb.exe
cwall-2.exe
cryptowallv4.bin
4e02912585.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1104.

Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs