× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f22703a8d709be91614e6f71a0bfc683f13b44b8dcb8c5b6cabff70b59fda39e
File name: 15 (2).exe
Detection ratio: 49 / 58
Analysis date: 2017-04-30 21:14:17 UTC ( 3 weeks, 3 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4299148 20170430
AegisLab Troj.Ransom.W32.Locky.tnkF 20170430
AhnLab-V3 Trojan/Win32.Kovter.C1768380 20170430
ALYac Trojan.GenericKD.4299148 20170430
Arcabit Trojan.Generic.D41998C 20170430
Avast Win32:Malware-gen 20170430
AVG Generic_r.RDT 20170430
Avira (no cloud) TR/Crypt.ZPACK.ltizv 20170430
AVware Trojan.Win32.Generic!BT 20170430
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9972 20170428
BitDefender Trojan.GenericKD.4299148 20170430
CAT-QuickHeal TrojanRansom.Locky 20170430
ClamAV Win.Trojan.Agent-5749902-0 20170430
Comodo TrojWare.Win32.Locky.~C 20170430
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.IIGS-7211 20170430
DrWeb Trojan.Encoder.3976 20170430
Emsisoft Trojan.GenericKD.4299148 (B) 20170430
Endgame malicious (high confidence) 20170419
ESET-NOD32 Win32/Filecoder.Locky.C 20170430
F-Secure Trojan.GenericKD.4299148 20170430
Fortinet W32/Filecoder_Locky.C!tr 20170430
GData Trojan.GenericKD.4299148 20170430
Ikarus Trojan.Win32.Filecoder 20170430
Invincea virus.win32.ramnit.ah 20170413
Jiangmin Trojan.Locky.dfp 20170428
K7AntiVirus Trojan ( 004f00a01 ) 20170430
K7GW Trojan ( 004f00a01 ) 20170426
Kaspersky Trojan-Ransom.Win32.Locky.dma 20170430
McAfee GenericR-JFU!273C23E73735 20170430
McAfee-GW-Edition BehavesLike.Win32.Worm.fc 20170430
Microsoft Ransom:Win32/Locky!rfn 20170430
eScan Trojan.GenericKD.4299148 20170430
NANO-Antivirus Trojan.Win32.Locky.ellsuy 20170430
Palo Alto Networks (Known Signatures) generic.ml 20170430
Panda Trj/CI.A 20170430
Qihoo-360 Trojan.Generic 20170430
Rising Trojan.Crypto!8.364 (cloud:h0Ghynmiip) 20170430
Sophos Mal/Generic-S 20170430
Symantec Ransom.TeslaCrypt 20170430
Tencent Win32.Trojan.Raas.Auto 20170430
TheHacker Trojan/Filecoder.Locky.c 20170429
TrendMicro-HouseCall Ransom_LOCKY.DLDTASD 20170430
VBA32 Hoax.Locky 20170429
VIPRE Trojan.Win32.Generic!BT 20170430
ViRobot Trojan.Win32.Z.Agent.348672.CP[h] 20170430
Webroot W32.Ransomware.Locky 20170430
Yandex Trojan.Locky! 20170428
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.dma 20170430
Alibaba 20170428
F-Prot 20170430
Kingsoft 20170430
Malwarebytes 20170430
nProtect 20170430
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170430
TotalDefense 20170426
TrendMicro 20170430
Trustlook 20170430
WhiteArmor 20170409
Zoner 20170430
The file being studied is a Portable Executable file! More specifically, it is a unknown file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
? EZB Systems, Inc.

Product UltraISO v9.6.5.3237
File version 9.6.5.37
Description UltraISO v9.6.5.37
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-01 04:25:47
Entry Point 0x0000BD11
Number of sections 4
PE sections
PE imports
CloseServiceHandle
ReadEventLogA
OpenServiceA
CloseEventLog
GetCurrentHwProfileA
StartServiceA
OpenEventLogW
OpenSCManagerA
GetOldestEventLogRecord
RegisterServiceCtrlHandlerA
EnumServicesStatusExA
ReplaceTextA
FindTextA
PlayEnhMetaFileRecord
CreatePolygonRgn
PathToRegion
CreateMetaFileA
CreatePen
CreateRectRgnIndirect
CombineRgn
GetObjectA
CreateDCA
LineTo
DeleteDC
SetBkMode
GetRegionData
BitBlt
CreateDIBSection
SetTextColor
ChoosePixelFormat
ExtTextOutW
CreateEllipticRgn
MoveToEx
GetStockObject
ExtTextOutA
OffsetViewportOrgEx
ExtCreateRegion
SetPixelFormat
SetTextAlign
CreateCompatibleDC
EnumICMProfilesA
CreateRectRgn
SelectObject
GetTextExtentPoint32A
Arc
Polyline
SetBkColor
DeleteObject
Ellipse
EnumFontFamiliesExA
gluOrtho2D
ImmGetDefaultIMEWnd
GetTcpTable
EnumUILanguagesA
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
PurgeComm
EncodePointer
SetConsoleCursorPosition
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
FillConsoleOutputCharacterA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
LocalFree
InitializeCriticalSection
TlsGetValue
SetLastError
GetUserDefaultUILanguage
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
GetPrivateProfileStringA
SetThreadPriority
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
CreatePipe
EnumSystemLanguageGroupsA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetDateFormatA
GetStartupInfoW
BackupWrite
WaitForMultipleObjects
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
GetProcessHeap
GlobalReAlloc
lstrcpyA
GetProfileStringA
GetTimeFormatA
GetProcAddress
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GetCommState
FileTimeToLocalFileTime
GetCurrentProcessId
WideCharToMultiByte
GetCPInfoExA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
EnumSystemCodePagesA
GetACP
GlobalLock
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
WNetGetConnectionA
OleCreatePictureIndirect
wglDeleteContext
glTranslatef
glClear
glColor3f
glClearColor
glVertex3f
wglCreateContext
glViewport
glShadeModel
glMatrixMode
glEnd
glEnableClientState
glBegin
glLoadIdentity
wglMakeCurrent
RasEnumConnectionsA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SHParseDisplayName
StrChrA
wnsprintfA
SetFocus
TrackPopupMenuEx
SetWindowRgn
UpdateWindow
BeginPaint
HideCaret
GetParent
DefWindowProcA
KillTimer
DestroyMenu
RegisterClassExA
RegisterWindowMessageA
DefMDIChildProcA
CreatePopupMenu
SetWindowPos
RemoveMenu
GetSystemMetrics
IsWindow
GetWindowRect
EndPaint
ScrollWindowEx
EnumChildWindows
WindowFromPoint
MessageBoxA
SetWindowLongA
PostQuitMessage
GetWindow
GetSysColor
SetScrollInfo
InsertMenuItemA
GetCursorPos
ReleaseDC
LoadMenuA
SetWindowTextA
DefFrameProcA
GetSubMenu
ShowWindow
EnumDisplayDevicesA
BeginDeferWindowPos
SendMessageA
DrawTextA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
CharLowerBuffA
SetCursorPos
SetRect
InvalidateRect
InsertMenuA
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
GetUpdateRgn
GetWindowTextW
GetSysColorBrush
CallWindowProcA
GetDC
GetWindowTextA
ChangeDisplaySettingsA
SetCursor
PostThreadMessageA
PtInRect
EnumPrintersA
getsockopt
bind
WSACleanup
WSAStartup
ntohs
inet_ntoa
closesocket
socket
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSFreeMemory
SCardGetProviderIdW
GdipCreateFromHDC
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromFileICM
GdipLoadImageFromFile
GdipDrawImageI
GdipFree
GdipDeleteGraphics
CoUnmarshalInterface
CoInitializeEx
CLSIDFromString
CoInitialize
OleInitialize
CreateStreamOnHGlobal
StringFromCLSID
CoCreateInstance
CoInitializeSecurity
CoMarshalInterface
GetHGlobalFromStream
CoCreateGuid
OleCreateStaticFromData
OleDuplicateData
OleSetClipboard
StringFromGUID2
OleIsCurrentClipboard
PdhBrowseCountersA
SnmpUtilIdsToA
PE exports
Number of PE resources by type
RT_BITMAP 13
RT_STRING 11
Struct(2110) 6
UNICODEDATA 4
RT_DIALOG 4
BIN 3
Struct(240) 3
PNG 3
MAD 2
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 53
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
237056

ImageVersion
0.0

ProductName
UltraISO v9.6.5.3237

FileVersionNumber
9.6.5.37

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.6.5.37

TimeStamp
2017:02:01 05:25:47+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
9.6.5.37

FileDescription
UltraISO v9.6.5.37

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
EZB Systems, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
EZB Systems, Inc.

CodeSize
110592

FileSubtype
0

ProductVersionNumber
9.6.5.37

EntryPoint
0xbd11

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 273c23e73735fd3d0db438edafe52287
SHA1 0c660ed417994b1630edc3a73599e30ce69a5d65
SHA256 f22703a8d709be91614e6f71a0bfc683f13b44b8dcb8c5b6cabff70b59fda39e
ssdeep

authentihash 6ef6b5083cc3ce02edf05e29529dfa0ff5151194cc85c442f17c11076eceeb99
imphash ab6f7dd97a209567c501c4d4872e9abb
File size 340.5 KB ( 348672 bytes )
File type unknown
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
via-tor

VirusTotal metadata
First submission 2017-02-03 02:50:56 UTC ( 3 months, 3 weeks ago )
Last submission 2017-03-03 15:20:09 UTC ( 2 months, 3 weeks ago )
File names 15.exe
273c23e73735fd3d0db438edafe52287.exe
15 (2).exe
1.exe
1.exe
273c23e73735fd3d0db438edafe52287.exe
de4a473859ed4e3e61f55aa5f5bdd82842874700
output.107000822.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Opened service managers
Opened services
Runtime DLLs
UDP communications