× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: a55883a54c0a35d29129165ff5899f111d5a9377118707d506894b353d12e9ad
Nombre: unpacked.exe
Detecciones: 3 / 47
Fecha de análisis: 2013-06-28 02:46:15 UTC ( hace 5 años, 10 meses ) Ver el más reciente
Antivirus Resultado Actualización
Fortinet W32/Harasom.A1!tr 20130628
Ikarus Trojan-Spy.Win32.Ranbyus 20130628
Symantec WS.Reputation.1 20130628
Yandex 20130627
AhnLab-V3 20130627
AntiVir 20130627
Antiy-AVL 20130627
Avast 20130628
AVG 20130627
BitDefender 20130628
ByteHero 20130613
CAT-QuickHeal 20130627
ClamAV 20130628
Commtouch 20130627
Comodo 20130628
DrWeb 20130628
Emsisoft 20130628
eSafe 20130625
ESET-NOD32 20130627
F-Prot 20130627
F-Secure 20130628
GData 20130628
Jiangmin 20130627
K7AntiVirus 20130627
K7GW 20130627
Kaspersky 20130628
Kingsoft 20130506
Malwarebytes 20130627
McAfee 20130628
McAfee-GW-Edition 20130627
Microsoft 20130628
eScan 20130628
NANO-Antivirus 20130628
Norman 20130627
nProtect 20130628
Panda 20130627
PCTools 20130521
Rising 20130627
Sophos AV 20130628
SUPERAntiSpyware 20130628
TheHacker 20130625
TotalDefense 20130627
TrendMicro 20130628
TrendMicro-HouseCall 20130628
VBA32 20130627
VIPRE 20130628
ViRobot 20130627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-14 16:42:54
Entry Point 0x000063C8
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
OpenThreadToken
CryptReleaseContext
RegCloseKey
OpenProcessToken
RegSetValueExW
CryptGetHashParam
RegOpenKeyExW
CryptAcquireContextW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptHashData
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
GetDeviceCaps
SetBkMode
TextOutA
SelectObject
CreateFontW
SetTextColor
GetStdHandle
GetDriveTypeW
ReleaseMutex
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
lstrcatA
FreeEnvironmentStringsW
GetFileTime
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetLogicalDriveStringsW
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetDiskFreeSpaceExW
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
RtlUnwind
GetFileSize
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetEnvironmentStringsW
Process32NextW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
GetCurrentThread
lstrcpynW
TlsFree
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
StrStrA
PathMatchSpecW
wvnsprintfA
StrStrIA
wvnsprintfW
PathCombineW
SetFocus
BeginPaint
SetClassLongW
DefWindowProcW
FindWindowW
GetMessageW
ShowWindow
SetWindowPos
SetWindowLongW
GetWindowRect
EndPaint
TranslateMessage
DispatchMessageW
ReleaseDC
SetWindowTextA
SendMessageW
RegisterClassW
SendMessageA
SetWindowTextW
GetDC
InvalidateRect
GetWindowTextLengthA
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
GetWindowLongW
GetWindowTextA
DeleteUrlCacheEntryW
socket
closesocket
send
WSACleanup
WSAStartup
gethostbyname
connect
htons
recv
GdipCreateFromHWND
GdipFree
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipLoadImageFromFile
GdiplusStartup
GdipDrawImageRectI
GdipDeleteGraphics
URLDownloadToFileW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:06:14 17:42:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39424

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x63c8

InitializedDataSize
34816

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 22bf4c6a5b91dec3e2e843d082d237df
SHA1 89e742de30c5daba46daaef47fb7243124524a27
SHA256 a55883a54c0a35d29129165ff5899f111d5a9377118707d506894b353d12e9ad
ssdeep
1536:TeeX//JAcdIxpLvMQHHtkas2EkaUWZ91+:P/xATxpLRHTHaUWZn+

authentihash 30913480b3cb0ba5d326648cf457d6e6a5f0be3764a46fc2b32f2c68971fd6ec
imphash c64635ea92c7c819dab121b4431a657b
Tamaño del fichero 66.5 KB ( 68096 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-06-19 20:52:45 UTC ( hace 5 años, 11 meses )
Last submission 2019-02-01 08:34:02 UTC ( hace 3 meses, 2 semanas )
Nombres 22BF4C6A5B91DEC3E2E843D082D237DF.vir
WSManHTTPConfig.exe
ransom.exe
22BF4C6A5B91DEC3E2E843D082D237DF.exe
unpacked.exe
22bf4c6a5b91dec3e2e843d082d237df
22bf4c6a5b91dec3e2e843d082d237df_unpacked.exe
unpacked.exe
a55883a54c0a35d29129165ff5899f111d5a9377118707d506894b353d12e9ad.bin
Harasom Ransomware.exe
22BF4C6A5B91DEC3E2E843D082D237DF
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections