× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e173f9e6bcdd0f7be77d2d557d68f02d64586477da73cc530e52f22c225e5690
File name: 1.bin
Detection ratio: 5 / 59
Analysis date: 2017-03-07 22:00:22 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170307
CrowdStrike Falcon (ML) malicious_confidence_97% (D) 20170130
Sophos ML trojanspy.win32.skeeyah.a!rfn 20170203
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170307
Symantec ML.Attribute.HighConfidence 20170307
Ad-Aware 20170307
AegisLab 20170307
AhnLab-V3 20170307
Alibaba 20170228
ALYac 20170307
Antiy-AVL 20170307
Arcabit 20170307
Avast 20170307
AVG 20170307
Avira (no cloud) 20170307
AVware 20170307
BitDefender 20170307
Bkav 20170307
CAT-QuickHeal 20170307
ClamAV 20170307
CMC 20170307
Comodo 20170307
Cyren 20170307
DrWeb 20170307
Emsisoft 20170307
Endgame 20170222
ESET-NOD32 20170307
F-Prot 20170307
F-Secure 20170307
Fortinet 20170307
GData 20170307
Ikarus 20170307
Jiangmin 20170307
K7AntiVirus 20170307
K7GW 20170307
Kaspersky 20170307
Kingsoft 20170307
Malwarebytes 20170307
McAfee 20170307
McAfee-GW-Edition 20170307
Microsoft 20170307
eScan 20170307
NANO-Antivirus 20170307
nProtect 20170307
Palo Alto Networks (Known Signatures) 20170307
Panda 20170307
Rising 20170307
Sophos AV 20170307
SUPERAntiSpyware 20170307
Tencent 20170307
TheHacker 20170305
TrendMicro 20170307
Trustlook 20170307
VBA32 20170307
VIPRE 20170307
ViRobot 20170307
Webroot 20170307
WhiteArmor 20170303
Yandex 20170306
Zillya 20170307
ZoneAlarm by Check Point 20170307
Zoner 20170307
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-07 21:37:52
Entry Point 0x00009315
Number of sections 6
PE sections
PE imports
CreateProcessAsUserA
GetSecurityDescriptorOwner
RegConnectRegistryA
GetFileSecurityA
capGetDriverDescriptionA
ImageList_Create
ImageList_AddMasked
GetOpenFileNameA
ChooseColorA
ChooseFontA
GetEnhMetaFileA
SetMapMode
CreatePen
TextOutA
CreateFontIndirectA
Rectangle
GetDeviceGammaRamp
SetBkMode
CreateDIBSection
SetTextColor
MoveToEx
GetStockObject
SetViewportOrgEx
ExtTextOutA
CreateEnhMetaFileA
SetTextAlign
GetDCOrgEx
CreateCompatibleDC
SelectObject
Polyline
DeleteObject
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
OpenEventA
lstrlenA
GetConsoleCP
GetOEMCP
VirtualProtect
DeleteCriticalSection
EncodePointer
DisableThreadLibraryCalls
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
CopyFileW
HeapAlloc
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetStringTypeW
LocalAlloc
UnhandledExceptionFilter
GetCommandLineW
WideCharToMultiByte
EnumResourceTypesA
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
IsDebuggerPresent
GetCommandLineA
GetProcAddress
_lread
InitializeSListHead
FlushInstructionCache
FormatMessageA
SetStdHandle
_lclose
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
FindFirstFileExA
WTSGetActiveConsoleSessionId
SetUnhandledExceptionFilter
WriteFile
_lopen
CloseHandle
IsProcessorFeaturePresent
FindNextFileA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
FreeLibrary
LocalFree
FindResourceA
TerminateProcess
QueryPerformanceCounter
GetModuleHandleExW
IsValidCodePage
LoadResource
SetLastError
CreateFileW
GetConsoleWindow
FindClose
TlsGetValue
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayCreateVector
SysFreeString
SafeArrayPutElement
SysAllocStringByteLen
VariantInit
EnumPageFilesA
ExtractIconExA
Shell_NotifyIconA
SetFocus
MapWindowPoints
GetParent
GetMessageA
EndDialog
BeginPaint
CreateDialogIndirectParamA
TrackMouseEvent
DefWindowProcA
LoadBitmapA
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
GetWindowRect
DispatchMessageA
EndPaint
MessageBoxIndirectA
CallWindowProcA
SetRect
MessageBoxA
SetWindowLongA
SetProcessWindowStation
TranslateMessage
IsWindowEnabled
GetSysColor
GetDC
RegisterClassExA
ReleaseDC
GetDlgCtrlID
DestroyIcon
GetSubMenu
SendMessageA
SetThreadDesktop
GetDlgItem
IsWindow
OpenDesktopA
InvalidateRect
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
InflateRect
LoadImageA
EnableWindow
DestroyWindow
PtInRect
GetWindowTheme
OpenThemeData
CloseThemeData
Ord(201)
WSAStartup
getaddrinfo
listen
closesocket
WSACleanup
WTSQueryUserToken
GdipDeleteGraphics
GdiplusStartup
GdipCreateFromHDC
GdipSetTextRenderingHint
OleUninitialize
CoCreateInstance
OleInitialize
Ord(106)
Ord(104)
Ord(105)
Number of PE resources by type
RCDATA 10
VCLSTYLE 9
RT_RCDATA 9
RT_STRING 8
RT_ICON 7
PNG 7
RT_BITMAP 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 55
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:03:07 22:37:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
117248

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
251392

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x9315

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 94778886714fe9b9ecc54a0c9b172700
SHA1 7156218ca97779feff0fc5065f541c5bc7410cc8
SHA256 e173f9e6bcdd0f7be77d2d557d68f02d64586477da73cc530e52f22c225e5690
ssdeep
6144:Q7Nl1C99qPsj9EP5t2c9G8IWprhEETDtRe/fgq2GBCT+uZQ+ZsH5XAqn:Q7Xw9qPsaPX2FkhEETDXe3XnsTNZvS9v

authentihash c4fffea73dec6424f602228bb97e990d71a7a56658ee04b517417c56292421af
imphash 4e71c97fae6a258472382baf5331dbe9
File size 361.0 KB ( 369664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-07 22:00:22 UTC ( 1 year, 11 months ago )
Last submission 2017-04-08 02:06:41 UTC ( 1 year, 10 months ago )
File names 8bee51e0f7f3f2.png
23.exe
2bde.png
7187544030af.png
981c9.png
b1252eef834.png
781f2b939b540.png
0e6df885815e716d.png
0ec78836.png
aa747.png
afba24c4dd6164.png
23.exe
7408532.png
11abb195781e0443b48cf610ed8bed5ab3d2cdb9
e173f9e6bcdd0f7be77d2d557d68f02d64586477da73cc530e52f22c225e5690.exe
1.bin
766dbfbf3.png
23.exe
output.109542633.txt
locky.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications