× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998
File name: 33FB.tmp
Detection ratio: 48 / 61
Analysis date: 2017-07-01 20:05:21 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5502103 20170701
AegisLab Uds.Dangerousobject.Multi!c 20170701
AhnLab-V3 Trojan/Win32.Petya.R203330 20170701
ALYac Trojan.Ransom.Petya 20170701
Arcabit Trojan.Generic.D53F497 20170701
Avira (no cloud) TR/Mimipet.airfqba 20170701
AVware Trojan.Win32.Generic!BT 20170701
BitDefender Trojan.GenericKD.5502103 20170701
Bkav W32.eHeur.Malware11 20170701
CAT-QuickHeal Trojanpws.Wincred 20170701
ClamAV Win.Trojan.Mimikatz-6331391-0 20170701
Comodo UnclassifiedMalware 20170701
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/Petya.VKHI-2239 20170701
DrWeb Tool.Mimikatz.64 20170701
Emsisoft Trojan.GenericKD.5502103 (B) 20170701
Endgame malicious (high confidence) 20170629
ESET-NOD32 a variant of Win32/RiskWare.Mimikatz.U 20170701
F-Prot W32/Petya.S 20170701
F-Secure Trojan:W32/Petya.H 20170701
Fortinet Riskware/Mimikatz 20170629
GData Win32.Trojan-Ransom.Petya.LZFBDH 20170701
Ikarus Trojan-Ransom.Petrwrap 20170701
Jiangmin Trojan.Petya.e 20170701
K7AntiVirus Riskware ( 00510e051 ) 20170701
K7GW Riskware ( 00510e051 ) 20170701
Kaspersky Trojan-PSW.Win32.WinCred.dg 20170701
McAfee Ransom-Petya 20170701
McAfee-GW-Edition Ransom-Petya 20170701
Microsoft Trojan:Win32/Petya.B!rsm 20170701
eScan Trojan.GenericKD.5502103 20170701
NANO-Antivirus Riskware.Win32.Mimikatz.eqnxjb 20170701
nProtect Ransom/W32.Petya.47616 20170701
Palo Alto Networks (Known Signatures) generic.ml 20170701
Panda Trj/CryptoPetya.B 20170701
Qihoo-360 Trojan.Generic 20170701
Rising Malware.Undefined!8.C (cloud:Y7zzKaAi0uC) 20170701
Sophos AV Troj/Mimikatz-A 20170701
Symantec Ransom.Petya 20170701
Tencent Win32.Trojan.Dropper.Ojmh 20170701
TrendMicro HKTL_MIMIKATZ 20170701
TrendMicro-HouseCall HKTL_MIMIKATZ 20170701
VBA32 BScope.Trojan-Dropper.Injector 20170630
VIPRE Trojan.Win32.Generic!BT 20170701
ViRobot Trojan.Win32.S.Petya.47616 20170701
Webroot W32.Ransomware.Petrwrap 20170701
Yandex Trojan.PWS.WinCred! 20170630
ZoneAlarm by Check Point Trojan-PSW.Win32.WinCred.dg 20170701
Alibaba 20170701
Antiy-AVL 20170630
Avast 20170701
AVG 20170701
Baidu 20170630
CMC 20170701
Sophos ML 20170607
Kingsoft 20170701
Malwarebytes 20170701
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170701
Symantec Mobile Insight 20170630
TheHacker 20170628
Trustlook 20170701
WhiteArmor 20170627
Zillya 20170701
Zoner 20170701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-06 13:31:37
Entry Point 0x00003B6C
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
IsTextUnicode
InitializeSecurityDescriptor
DeviceIoControl
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
WriteProcessMemory
SetHandleCount
LoadLibraryW
GetLastError
GetComputerNameW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
FreeEnvironmentStringsW
GetCurrentProcessId
LCMapStringW
OpenProcess
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
ReadProcessMemory
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetModuleFileNameW
WaitNamedPipeW
GetCPInfo
MapViewOfFile
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
TerminateProcess
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
LocalFree
IsWow64Process
IsValidCodePage
UnmapViewOfFile
CreateFileW
GetStringTypeW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
HeapCreate
SetLastError
InterlockedIncrement
StrChrW
StrCmpIW
wsprintfW
IsCharAlphaNumericW
NtQuerySystemInformation
RtlInitUnicodeString
RtlEqualUnicodeString
RtlGetNtVersionNumbers
RtlGetCurrentPeb
RtlAdjustPrivilege
NtQueryInformationProcess
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:06:06 15:31:37+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3b6c

InitializedDataSize
22016

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

PCAP parents
File identification
MD5 2813d34f6197eb4df42c886ec7f234a1
SHA1 56c03d8e43f50568741704aee482704a4f5005ad
SHA256 eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998
ssdeep
768:iHPCOxKFqsGzquqCGOCBkGFzBUHfDlAhTH4n2iEDQhd1Q6xQae:8TRsGzq/Ji2zBUHfDqKhQ2O

authentihash 38b8d996715c09c01706b9689eadd1c11846dd121695f3e6babc83f73a8b018e
imphash 7252c78bdebc14803d5bcf971ffddadd
File size 46.5 KB ( 47616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-27 14:39:25 UTC ( 1 year, 11 months ago )
Last submission 2019-04-29 15:47:06 UTC ( 3 weeks, 5 days ago )
File names tKPpS2.dot
f5240768.exe_BAD
eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998.exe
eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c99.exe
19AEC.exe
eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998.bin
NotPetya_RCData_1
907E.tmp
19AEC.exe
eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998.exe.000
5573.tmp
t.exe
2813d34f6197eb4df42c886ec7f234a1
33FB.tmp
FD.tmp
petya2.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications