× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: ea2c169529e782994be5296c81ff4668dba2b77a805bd057b53e5952c65aaf72
Nom du fichier : satana.exe
Ratio de détection : 20 / 37
Date d'analyse : 2016-07-04 14:27:39 UTC (il y a 2 ans, 5 mois) Voir les derniers
Antivirus Résultat Mise à jour
Ad-Aware Generic.Malware.FH.B2819135 20160704
AhnLab-V3 Trojan/Win32.Satana.C1492908 20160704
Antiy-AVL Trojan/Win32.TSGeneric 20160704
Arcabit Generic.Malware.FH.BD2B043F 20160704
Avira (no cloud) TR/Crypt.XPACK.Gen 20160704
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160704
BitDefender Generic.Malware.FH.B2819135 20160704
Bkav W32.FurtetasLTL.Trojan 20160704
DrWeb Trojan.MBRlock.253 20160704
Emsisoft Generic.Malware.FH.B2819135 (B) 20160704
ESET-NOD32 a variant of Win32/MBRlock.AO 20160704
GData Generic.Malware.FH.B2819135 20160704
K7AntiVirus Trojan ( 004f30f61 ) 20160704
K7GW Trojan ( 004f30f61 ) 20160704
Malwarebytes Ransom.CryptoLocker 20160704
eScan Generic.Malware.FH.B2819135 20160704
nProtect Trojan-Downloader/W32.Upatre.35328.DD 20160704
Panda Trj/GdSda.A 20160704
Qihoo-360 QVM20.1.Malware.Gen 20160704
ViRobot Trojan.Win32.Ransom.35328.C[h] 20160704
AegisLab 20160704
Alibaba 20160704
ALYac 20160704
Avast 20160704
AVG 20160704
AVware 20160704
CAT-QuickHeal 20160704
ClamAV 20160704
CMC 20160704
Comodo 20160704
Cyren 20160704
F-Prot 20160704
F-Secure 20160704
Fortinet 20160704
Ikarus 20160704
Jiangmin 20160704
Kaspersky 20160704
Kingsoft 20160704
McAfee 20160704
McAfee-GW-Edition 20160704
Microsoft 20160704
NANO-Antivirus 20160704
Sophos AV 20160704
SUPERAntiSpyware 20160704
Symantec 20160701
Tencent 20160704
TheHacker 20160702
TrendMicro 20160704
TrendMicro-HouseCall 20160704
VBA32 20160703
VIPRE 20160704
Zillya 20160704
Zoner 20160704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-25 09:56:46
Entry Point 0x00005420
Number of sections 4
PE sections
PE imports
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegSetValueExW
GetUserNameA
RegCreateKeyExA
RegOpenKeyExA
GetCurrentHwProfileW
GetLastError
HeapFree
CopyFileW
GetDriveTypeW
WriteProcessMemory
GetShortPathNameW
OutputDebugStringW
CreateFileMappingA
DeviceIoControl
WaitForSingleObject
FreeLibrary
EnterCriticalSection
LocalAlloc
ExitProcess
FlushFileBuffers
QueueUserAPC
GetCommandLineW
LoadLibraryA
GetLocalTime
GetCurrentProcess
SwitchToThread
MoveFileW
GetWindowsDirectoryW
FindNextFileW
GetLocaleInfoA
GetFileSize
DeleteFileA
GetSystemDefaultLCID
GetTickCount
VirtualAllocEx
DeleteFileW
GetProcAddress
GetProcessHeap
ExpandEnvironmentStringsW
SetFileAttributesW
GetFileSizeEx
CreateThread
MapViewOfFile
MoveFileExW
SetFilePointer
GetSystemDirectoryW
ReadFile
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetComputerNameA
FindFirstFileW
GetModuleFileNameA
WaitForMultipleObjects
SetPriorityClass
LocalFree
ResumeThread
CreateProcessA
InitializeCriticalSection
UnmapViewOfFile
WriteFile
CreateFileW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
Sleep
FormatMessageA
GetFullPathNameW
SetThreadPriority
CreateFileA
HeapAlloc
OutputDebugStringA
LeaveCriticalSection
HeapCreate
GetModuleHandleA
InterlockedIncrement
WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW
??2@YAPAXI@Z
malloc
??3@YAXPAX@Z
free
CommandLineToArgvW
MessageBoxA
wsprintfW
socket
send
WSAStartup
gethostbyname
connect
htons
closesocket
_chkstk
NtYieldExecution
RtlUnwind
mbstowcs
wcstombs
memset
memcpy
wcsrchr
RtlGetNtVersionNumbers
wcsncmp
RtlGetCurrentPeb
_allrem
wcsstr
strrchr
_stricmp
vsprintf
_vsnwprintf
NtQueryInformationProcess
sprintf
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:25 10:56:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
22528

LinkerVersion
10.0

ImageFileCharacteristics
Executable, Large address aware, 32-bit

EntryPoint
0x5420

InitializedDataSize
75776

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a5444dd6ee8773915096c31bd882e247
SHA1 88265756945984ebd5fe58827c39ca1f1a2bf487
SHA256 ea2c169529e782994be5296c81ff4668dba2b77a805bd057b53e5952c65aaf72
ssdeep
768:F9NJK3qZRhxXHIQBsLL16BKc+bBQZ/UMc2:rXzXol6cc+lQZMMc2

authentihash fea35de40c9f4f55b062dc8507205bf643e51793428c05f25e648bb715285280
imphash d99e35e9d4559cb6df0e1eb507b928cc
File size 34.5 KB ( 35328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-04 14:27:39 UTC (il y a 2 ans, 5 mois)
Last submission 2018-05-15 00:02:54 UTC (il y a 7 mois)
Noms du fichier satana.exe
2016-07-05_ea2c169529e782994be5296c81ff4668dba2b77a805bd057b53e5952c65aaf72
ea2c169529e782994be5296c81ff4668dba2b77a805bd057b53e5952c65aaf72
tngc.exe
rjkh.exe
ea2c169529e782994be5296c81ff4668dba2b77a805bd057b53e5952c65aaf72.bin
MrU.exe
gusgak.exe
satana.exe
satana.exe
satana.exe
wjvgoatc.exe
rkynt.exe
H1 (46).exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
TCP connections