× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
File name: 84c82835a5d21bbcf75a61706d8ab549
Detection ratio: 13 / 61
Analysis date: 2017-05-12 07:31:10 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.369176 20170512
ALYac Gen:Variant.Graftor.369176 20170512
Arcabit Trojan.Graftor.D5A218 20170512
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9973 20170503
BitDefender Gen:Variant.Graftor.369176 20170512
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb BACKDOOR.Trojan 20170512
Emsisoft Gen:Variant.Graftor.369176 (B) 20170512
F-Secure Gen:Variant.Graftor.369176 20170512
GData Gen:Variant.Graftor.369176 20170512
Kaspersky UDS:DangerousObject.Multi.Generic 20170512
eScan Gen:Variant.Graftor.369176 20170512
Qihoo-360 HEUR/QVM41.1.1667.Malware.Gen 20170512
AegisLab 20170512
AhnLab-V3 20170512
Alibaba 20170512
Antiy-AVL 20170512
Avast 20170512
AVG 20170512
Avira (no cloud) 20170512
AVware 20170512
Bkav 20170511
CAT-QuickHeal 20170512
ClamAV 20170512
CMC 20170511
Comodo 20170512
Cyren 20170512
Endgame 20170503
ESET-NOD32 20170512
F-Prot 20170512
Fortinet 20170512
Ikarus 20170512
Sophos ML 20170413
Jiangmin 20170512
K7AntiVirus 20170512
K7GW 20170512
Kingsoft 20170512
Malwarebytes 20170512
McAfee 20170512
McAfee-GW-Edition 20170511
Microsoft 20170512
NANO-Antivirus 20170512
nProtect 20170512
Palo Alto Networks (Known Signatures) 20170512
Panda 20170511
Rising 20170512
SentinelOne (Static ML) 20170330
Sophos AV 20170512
SUPERAntiSpyware 20170512
Symantec 20170511
Symantec Mobile Insight 20170512
Tencent 20170512
TheHacker 20170508
TrendMicro 20170512
TrendMicro-HouseCall 20170512
VBA32 20170511
VIPRE 20170512
ViRobot 20170512
Webroot 20170512
WhiteArmor 20170502
Yandex 20170510
Zillya 20170511
ZoneAlarm by Check Point 20170512
Zoner 20170512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name diskpart.exe
Internal name diskpart.exe
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description DiskPart
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-20 09:05:05
Entry Point 0x000077BA
Number of sections 4
PE sections
Overlays
MD5 5822a94206522fe5382d2f00acc5cadf
File type data
Offset 65536
Size 1572864
Entropy 8.00
PE imports
CloseServiceHandle
CryptReleaseContext
RegCloseKey
OpenServiceA
CreateServiceA
RegQueryValueExA
RegCreateKeyW
RegSetValueExA
StartServiceA
OpenSCManagerA
InitializeCriticalSection
HeapFree
EnterCriticalSection
LoadLibraryA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
HeapAlloc
SetFileTime
VirtualProtect
GetFileAttributesW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
SystemTimeToFileTime
SizeofResource
GetWindowsDirectoryW
GetFileSize
LockResource
CreateDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
CreateDirectoryW
GetProcAddress
GetProcessHeap
OpenMutexA
GetComputerNameW
SetFilePointer
GetFileSizeEx
GetModuleHandleA
ReadFile
GetTempPathW
CloseHandle
GetFullPathNameA
GetExitCodeProcess
TerminateProcess
CreateProcessA
SetCurrentDirectoryW
LoadResource
WriteFile
GlobalAlloc
VirtualFree
LocalFileTimeToFileTime
Sleep
IsBadReadPtr
SetFileAttributesW
CreateFileA
FindResourceA
VirtualAlloc
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
rand
malloc
??0exception@@QAE@ABV0@@Z
_acmdln
realloc
srand
fclose
strcat
_stricmp
_controlfp
swprintf
memset
fopen
strlen
_except_handler3
??2@YAPAXI@Z
fwrite
??0exception@@QAE@ABQBD@Z
__p__commode
wcslen
exit
sprintf
memcmp
strrchr
__setusermatherr
_local_unwind2
wcsrchr
_XcptFilter
__CxxFrameHandler
fread
??1exception@@UAE@XZ
_adjust_fdiv
??3@YAXPAX@Z
__p___argc
wcscat
_CxxThrowException
free
__getmainargs
calloc
__p___argv
memcpy
strcpy
__p__fmode
??1type_info@@UAE@XZ
_initterm
_exit
__set_app_type
strcmp
_mbsstr
wsprintfA
Number of PE resources by type
XIA 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3481600

EntryPoint
0x77ba

OriginalFileName
diskpart.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2010:11:20 10:05:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
diskpart.exe

ProductVersion
6.1.7601.17514

FileDescription
DiskPart

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
28672

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 84c82835a5d21bbcf75a61706d8ab549
SHA1 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256 ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
ssdeep
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

authentihash 4b2c4c7f06f5ffaeea6efc537f0aa66b0a30c7ccd7979c86c7f4f996002b99fd
imphash 68f013d7437aa653a8a98a05807afeb1
File size 3.4 MB ( 3514368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe via-tor overlay

VirusTotal metadata
First submission 2017-05-12 07:31:10 UTC ( 5 months, 1 week ago )
Last submission 2017-10-18 20:00:47 UTC ( 2 days, 23 hours ago )
File names 부스타빗.EXE
test.exe
Busywin 17.XX Universal Patch.EXE
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
setup.EXE
wcry.exe
CYBERE~1.EXE
tasksche.exe
trojanfull.exe
WannaCrypt0r.exe1
chrme os.EXE
wcry2.exe
TransformiceNoLag.EXE
1.exe
video_player.exe
domsday.EXE
1 (47).exe
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.bin
Wannacry
WannaCry 2.0.EXE
163999.exe
Setup.exe.EXE
123.EXE
Decrypt.EXE
Free RP LOL.EXE
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
TCP connections
UDP communications