× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fff3094bafb300e7c3c589421da75d1db142ea8201ebd32071bb9af8e1b5bb55
File name: 0.7055475.452024367
Detection ratio: 9 / 55
Analysis date: 2016-11-09 07:27:02 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
AVG Ransom_r.ATI 20161109
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
GData Win32.Trojan-Ransom.Locky.REYAC7 20161109
Sophos ML trojan.win32.skeeyah.a!rfn 20161018
Kaspersky Trojan-Ransom.Win32.Locky.vlp 20161109
McAfee Artemis!7BF6FE20DED2 20161109
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20161109
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161109
Symantec Heur.AdvML.B 20161109
Ad-Aware 20161109
AegisLab 20161109
AhnLab-V3 20161108
Alibaba 20161109
ALYac 20161109
Antiy-AVL 20161109
Arcabit 20161109
Avast 20161109
Avira (no cloud) 20161108
AVware 20161109
Baidu 20161107
BitDefender 20161108
Bkav 20161108
CAT-QuickHeal 20161109
ClamAV 20161109
CMC 20161109
Comodo 20161109
Cyren 20161109
DrWeb 20161109
Emsisoft 20161109
ESET-NOD32 20161109
F-Prot 20161109
F-Secure 20161109
Fortinet 20161109
Ikarus 20161108
Jiangmin 20161109
K7AntiVirus 20161108
K7GW 20161109
Kingsoft 20161109
Malwarebytes 20161109
Microsoft 20161109
eScan 20161108
NANO-Antivirus 20161108
nProtect 20161109
Panda 20161108
Rising 20161109
Sophos AV 20161109
SUPERAntiSpyware 20161109
Tencent 20161109
TheHacker 20161106
TotalDefense 20161109
TrendMicro 20161109
TrendMicro-HouseCall 20161109
VBA32 20161108
VIPRE 20161109
ViRobot 20161109
Yandex 20161108
Zillya 20161108
Zoner 20161109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©AtomPark Software Inc.. All rights reserved.

Product Intra
Internal name Intra
File version 5.8.8.2
Description A500 Msdn Cancel Triggering
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-06 21:25:33
Entry Point 0x00008E0D
Number of sections 4
PE sections
PE imports
CredGetSessionTypes
CredMarshalCredentialA
CredWriteDomainCredentialsW
ImageList_ReplaceIcon
GetCurrentObject
GetTextMetricsW
DeleteDC
CreateRectRgn
SelectObject
GetStockObject
GetPaletteEntries
WidenPath
CombineRgn
BitBlt
SetBkColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
ImmSetCompositionStringW
ImmGetDefaultIMEWnd
ImmSetConversionStatus
ImmGetContext
ImmCreateContext
ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
GetModuleHandleA
HeapAlloc
RaiseException
GetCPInfo
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
InterlockedIncrement
NetServerEnum
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantInit
RpcServerListen
SetFocus
GetParent
UpdateWindow
LoadMenuA
WaitMessage
DestroyMenu
PostQuitMessage
DefWindowProcA
FindWindowA
GetWindowThreadProcessId
IsWindow
GetMenu
TranslateMDISysAccel
DispatchMessageA
EndPaint
PeekMessageA
LoadImageA
MessageBoxA
AppendMenuW
TranslateMessage
GetWindow
GetSysColor
CheckMenuRadioItem
GetDC
GetCursorPos
DrawTextA
BeginPaint
CreatePopupMenu
DestroyIcon
GetWindowLongA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
SetScrollRange
EnableMenuItem
GetSubMenu
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetKeyboardLayout
TranslateAcceleratorA
GetWindowRect
CallWindowProcA
GetMenuItemInfoA
SetForegroundWindow
WinHttpReceiveResponse
InternetOpenA
WICMapSchemaToName
CreateBindCtx
CoCreateInstance
CoTaskMemFree
CoInitialize
GetRunningObjectTable
Number of PE resources by type
RT_MENU 7
RT_STRING 5
RT_DIALOG 5
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 19
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.8.8.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
54784

EntryPoint
0x8e0d

MIMEType
application/octet-stream

LegalCopyright
Copyright AtomPark Software Inc.. All rights reserved.

FileVersion
5.8.8.2

TimeStamp
2016:11:06 22:25:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Intra

ProductVersion
5.8.8.2

FileDescription
A500 Msdn Cancel Triggering

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AtomPark Software Inc.

CodeSize
240640

ProductName
Intra

ProductVersionNumber
5.8.8.2

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 7bf6fe20ded21fe70f21a2efb8615c54
SHA1 2356388c7c9cc52db4a8a257279dc991343327f0
SHA256 fff3094bafb300e7c3c589421da75d1db142ea8201ebd32071bb9af8e1b5bb55
ssdeep
6144:GewicmO0uRfb4P1hG9vRVMmcRniu3zRiKba2w1WC3o1vLj:GepcquRfbm69vRSmcRiucGHwkGcj

authentihash d9f5e8d0bb680c2ad231cd28170093fa6cbb791fb29bb7747e82e27376b97faa
imphash ef529c6d6a32cf3b6f943c67c93720b2
File size 289.5 KB ( 296448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-09 07:27:02 UTC ( 2 years, 3 months ago )
Last submission 2016-11-09 07:37:23 UTC ( 2 years, 3 months ago )
File names 0.7055475.452024367.exe.bin
Intra
0.7055475.452024367
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications