× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f22703a8d709be91614e6f71a0bfc683f13b44b8dcb8c5b6cabff70b59fda39e
File name: f22703a8d709be91614e6f71a0bfc683f13b44b8dcb8c5b6cabff70b59fda39e
Detection ratio: 54 / 63
Analysis date: 2017-08-19 01:29:44 UTC ( 3 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4299148 20170818
AegisLab Troj.Ransom.W32.Locky!c 20170818
AhnLab-V3 Trojan/Win32.Kovter.C1768380 20170818
ALYac Trojan.GenericKD.4299148 20170819
Antiy-AVL Trojan[Ransom]/Win32.Locky 20170819
Arcabit Trojan.Generic.D41998C 20170819
Avast Win32:Malware-gen 20170819
AVG Win32:Malware-gen 20170819
Avira (no cloud) TR/Crypt.ZPACK.ltizv 20170818
AVware Trojan.Win32.Generic!BT 20170818
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9972 20170817
BitDefender Trojan.GenericKD.4299148 20170819
CAT-QuickHeal TrojanRansom.Locky 20170818
ClamAV Win.Trojan.Agent-5749902-0 20170818
Comodo TrojWare.Win32.Locky.~C 20170819
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170819
Cyren W32/Trojan.IIGS-7211 20170819
DrWeb Trojan.Encoder.3976 20170819
Emsisoft Trojan.GenericKD.4299148 (B) 20170818
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/Filecoder.Locky.C 20170818
F-Secure Trojan.GenericKD.4299148 20170819
Fortinet W32/Filecoder_Locky.C!tr 20170818
GData Trojan.GenericKD.4299148 20170819
Ikarus Trojan.Win32.Filecoder 20170818
Sophos ML heuristic 20170818
Jiangmin Trojan.Locky.dfp 20170818
K7AntiVirus Trojan ( 004f00a01 ) 20170818
K7GW Trojan ( 004f00a01 ) 20170817
Kaspersky Trojan-Ransom.Win32.Locky.dma 20170818
MAX malware (ai score=100) 20170818
McAfee GenericR-JFU!273C23E73735 20170818
McAfee-GW-Edition BehavesLike.Win32.Worm.fc 20170819
Microsoft Ransom:Win32/Locky!rfn 20170818
eScan Trojan.GenericKD.4299148 20170818
NANO-Antivirus Trojan.Win32.Locky.ellsuy 20170819
Palo Alto Networks (Known Signatures) generic.ml 20170819
Panda Trj/CI.A 20170818
Qihoo-360 Trojan.Generic 20170819
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170819
Symantec Ransom.TeslaCrypt 20170818
Tencent Trojan.Win32.YY.Gen.3 20170819
TheHacker Trojan/Filecoder.Locky.c 20170817
TrendMicro Ransom_LOCKY.DLDTASD 20170819
TrendMicro-HouseCall Ransom_LOCKY.DLDTASD 20170819
VBA32 Hoax.Locky 20170818
VIPRE Trojan.Win32.Generic!BT 20170819
ViRobot Trojan.Win32.Z.Agent.348672.CP 20170818
Webroot W32.Ransomware.Locky 20170819
Yandex Trojan.Locky! 20170818
Zillya Trojan.Filecoder.Win32.4065 20170817
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.dma 20170818
Alibaba 20170818
CMC 20170818
F-Prot 20170819
Kingsoft 20170819
Malwarebytes 20170818
nProtect 20170819
SUPERAntiSpyware 20170819
Symantec Mobile Insight 20170818
TotalDefense 20170818
Trustlook 20170819
WhiteArmor 20170817
Zoner 20170819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
� EZB Systems, Inc.

Product UltraISO v9.6.5.3237
File version 9.6.5.37
Description UltraISO v9.6.5.37
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-01 04:25:47
Entry Point 0x0000BD11
Number of sections 4
PE sections
PE imports
CloseServiceHandle
ReadEventLogA
OpenServiceA
CloseEventLog
GetCurrentHwProfileA
StartServiceA
OpenEventLogW
OpenSCManagerA
GetOldestEventLogRecord
RegisterServiceCtrlHandlerA
EnumServicesStatusExA
ReplaceTextA
FindTextA
PlayEnhMetaFileRecord
CreatePolygonRgn
PathToRegion
CreateMetaFileA
CreatePen
CreateRectRgnIndirect
CombineRgn
GetObjectA
CreateDCA
LineTo
DeleteDC
SetBkMode
GetRegionData
BitBlt
CreateDIBSection
SetTextColor
ChoosePixelFormat
ExtTextOutW
CreateEllipticRgn
MoveToEx
GetStockObject
ExtTextOutA
OffsetViewportOrgEx
ExtCreateRegion
SetPixelFormat
SetTextAlign
CreateCompatibleDC
EnumICMProfilesA
CreateRectRgn
SelectObject
GetTextExtentPoint32A
Arc
Polyline
SetBkColor
DeleteObject
Ellipse
EnumFontFamiliesExA
gluOrtho2D
ImmGetDefaultIMEWnd
GetTcpTable
EnumUILanguagesA
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
PurgeComm
EncodePointer
SetConsoleCursorPosition
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
FillConsoleOutputCharacterA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
LocalFree
InitializeCriticalSection
TlsGetValue
SetLastError
GetUserDefaultUILanguage
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
GetPrivateProfileStringA
SetThreadPriority
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
CreatePipe
EnumSystemLanguageGroupsA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetDateFormatA
GetStartupInfoW
BackupWrite
WaitForMultipleObjects
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
GetProcessHeap
GlobalReAlloc
lstrcpyA
GetProfileStringA
GetTimeFormatA
GetProcAddress
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GetCommState
FileTimeToLocalFileTime
GetCurrentProcessId
WideCharToMultiByte
GetCPInfoExA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
EnumSystemCodePagesA
GetACP
GlobalLock
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
WNetGetConnectionA
OleCreatePictureIndirect
wglDeleteContext
glTranslatef
glClear
glColor3f
glClearColor
glVertex3f
wglCreateContext
glViewport
glShadeModel
glMatrixMode
glEnd
glEnableClientState
glBegin
glLoadIdentity
wglMakeCurrent
RasEnumConnectionsA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SHParseDisplayName
StrChrA
wnsprintfA
SetFocus
TrackPopupMenuEx
SetWindowRgn
UpdateWindow
BeginPaint
HideCaret
GetParent
DefWindowProcA
KillTimer
DestroyMenu
RegisterClassExA
RegisterWindowMessageA
DefMDIChildProcA
CreatePopupMenu
SetWindowPos
RemoveMenu
GetSystemMetrics
IsWindow
GetWindowRect
EndPaint
ScrollWindowEx
EnumChildWindows
WindowFromPoint
MessageBoxA
SetWindowLongA
PostQuitMessage
GetWindow
GetSysColor
SetScrollInfo
InsertMenuItemA
GetCursorPos
ReleaseDC
LoadMenuA
SetWindowTextA
DefFrameProcA
GetSubMenu
ShowWindow
EnumDisplayDevicesA
BeginDeferWindowPos
SendMessageA
DrawTextA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
CharLowerBuffA
SetCursorPos
SetRect
InvalidateRect
InsertMenuA
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
GetUpdateRgn
GetWindowTextW
GetSysColorBrush
CallWindowProcA
GetDC
GetWindowTextA
ChangeDisplaySettingsA
SetCursor
PostThreadMessageA
PtInRect
EnumPrintersA
getsockopt
bind
WSACleanup
WSAStartup
ntohs
inet_ntoa
closesocket
socket
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSFreeMemory
SCardGetProviderIdW
GdipCreateFromHDC
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromFileICM
GdipLoadImageFromFile
GdipDrawImageI
GdipFree
GdipDeleteGraphics
CoUnmarshalInterface
CoInitializeEx
CLSIDFromString
CoInitialize
OleInitialize
CreateStreamOnHGlobal
StringFromCLSID
CoCreateInstance
CoInitializeSecurity
CoMarshalInterface
GetHGlobalFromStream
CoCreateGuid
OleCreateStaticFromData
OleDuplicateData
OleSetClipboard
StringFromGUID2
OleIsCurrentClipboard
PdhBrowseCountersA
SnmpUtilIdsToA
PE exports
Number of PE resources by type
RT_BITMAP 13
RT_STRING 11
Struct(2110) 6
UNICODEDATA 4
RT_DIALOG 4
BIN 3
Struct(240) 3
PNG 3
MAD 2
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 53
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.6.5.37

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
237056

EntryPoint
0xbd11

MIMEType
application/octet-stream

LegalCopyright
EZB Systems, Inc.

FileVersion
9.6.5.37

TimeStamp
2017:02:01 05:25:47+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
9.6.5.37

FileDescription
UltraISO v9.6.5.37

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
EZB Systems, Inc.

CodeSize
110592

ProductName
UltraISO v9.6.5.3237

ProductVersionNumber
9.6.5.37

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 273c23e73735fd3d0db438edafe52287
SHA1 0c660ed417994b1630edc3a73599e30ce69a5d65
SHA256 f22703a8d709be91614e6f71a0bfc683f13b44b8dcb8c5b6cabff70b59fda39e
ssdeep
6144:GZMwdvrdioduxxHhNEDj+AOREpHLAv+RLryz8t3NZe4r1tvxRY//lIizj:8ioduxxH0CvElLAv+1NQ2rxiaoj

authentihash 6ef6b5083cc3ce02edf05e29529dfa0ff5151194cc85c442f17c11076eceeb99
imphash ab6f7dd97a209567c501c4d4872e9abb
File size 340.5 KB ( 348672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2017-02-03 02:50:56 UTC ( 6 months, 2 weeks ago )
Last submission 2017-08-19 01:29:44 UTC ( 3 days ago )
File names 15.exe
273c23e73735fd3d0db438edafe52287.exe
15 (2).exe
f22703a8d709be91614e6f71a0bfc683f13b44b8dcb8c5b6cabff70b59fda39e
1.exe
1.exe
273c23e73735fd3d0db438edafe52287.exe
de4a473859ed4e3e61f55aa5f5bdd82842874700
B73ECAB.pdf
aa
output.107000822.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Opened service managers
Opened services
Runtime DLLs
UDP communications