× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3105bf7916ab2e8bdf32f9a4f798c358b4d18da11bcc16f8f063c4b9c200f8b4
File name: buzinat8.exe
Detection ratio: 13 / 61
Analysis date: 2017-05-22 14:28:46 UTC ( 5 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
Cyren W32/RansomJaff.A.gen!Eldorado 20170522
Endgame malicious (moderate confidence) 20170515
F-Prot W32/RansomJaff.A.gen!Eldorado 20170522
Ikarus Win32.Outbreak 20170522
Sophos ML worm.win32.gamarue.ar 20170519
Kaspersky UDS:DangerousObject.Multi.Generic 20170522
Palo Alto Networks (Known Signatures) generic.ml 20170522
Qihoo-360 HEUR/QVM07.1.5001.Malware.Gen 20170522
Symantec Trojan.Gen.8!cloud 20170522
TrendMicro-HouseCall Suspicious_GEN.F47V0522 20170522
Webroot W32.Trojan.Gen 20170522
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170522
Ad-Aware 20170522
AegisLab 20170522
AhnLab-V3 20170522
Alibaba 20170522
ALYac 20170522
Antiy-AVL 20170522
Arcabit 20170522
Avast 20170522
AVG 20170522
Avira (no cloud) 20170522
AVware 20170522
BitDefender 20170522
Bkav 20170522
CAT-QuickHeal 20170522
ClamAV 20170522
CMC 20170521
Comodo 20170522
CrowdStrike Falcon (ML) 20170130
DrWeb 20170522
Emsisoft 20170522
ESET-NOD32 20170522
F-Secure 20170522
Fortinet 20170522
GData 20170522
Jiangmin 20170522
K7AntiVirus 20170522
K7GW 20170522
Kingsoft 20170522
Malwarebytes 20170522
McAfee 20170522
McAfee-GW-Edition 20170521
Microsoft 20170522
eScan 20170522
NANO-Antivirus 20170522
nProtect 20170522
Panda 20170521
Rising 20170522
SentinelOne (Static ML) 20170516
Sophos AV 20170521
SUPERAntiSpyware 20170522
Symantec Mobile Insight 20170522
Tencent 20170522
TheHacker 20170522
TrendMicro 20170522
Trustlook 20170522
VBA32 20170522
VIPRE 20170522
ViRobot 20170522
WhiteArmor 20170517
Yandex 20170518
Zillya 20170520
Zoner 20170522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © w vctwxfja

Product Kbyro rao gec
Original name Mvwuweht
Internal name Mvwuweht
File version 9.907
Description Mmfyauh aezhuj
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-18 12:48:44
Entry Point 0x0001EB98
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
PolylineTo
CloseFigure
SetBkMode
SetMapperFlags
Pie
PtInRegion
SetArcDirection
CreateCompatibleBitmap
GetStartupInfoA
SetFilePointer
FindAtomW
QueryPerformanceCounter
SetConsoleCtrlHandler
GetModuleHandleA
lstrcmpA
QueueUserWorkItem
SetUnhandledExceptionFilter
ConvertDefaultLocale
SetCurrentDirectoryA
CloseHandle
SetThreadPriority
SetConsoleCursorPosition
LoadLibraryA
VirtualAlloc
GetProcAddress
__p__fmode
strtoul
_CIatan2
__dllonexit
_getdcwd
_strtime
putwc
toupper
fgets
_memicmp
_CIfmod
_except_handler3
_findfirst64
clock
fseek
_onexit
_creat
exit
_XcptFilter
putc
_itow
__setusermatherr
_adjust_fdiv
_acmdln
_exit
__p__commode
_CIcos
__getmainargs
_toupper
_controlfp
ctime
__toascii
fputwc
ungetc
_initterm
_wtol
_ismbbalpha
_EH_prolog
__set_app_type
SQLGetCursorNameA
SQLExecute
SQLErrorW
SQLStatisticsW
SQLGetInfoW
SQLBrowseConnectW
SQLDescribeParam
SQLNativeSqlA
SQLParamOptions
SQLErrorA
SQLColumnPrivilegesA
SQLEndTran
SQLGetCursorNameW
SQLForeignKeysW
SearchStatusCode
SQLBrowseConnectA
SQLGetInfoA
SQLGetDiagFieldA
SQLNumResultCols
VFreeErrors
SQLSetScrollOptions
SQLPrepareA
SQLPrimaryKeysW
SQLCopyDesc
ODBCGetTryWaitValue
SQLFetchScroll
PostODBCError
SQLPrimaryKeysA
OpenODBCPerfData
SQLPrepareW
SQLGetData
SQLGetConnectAttrA
SQLGetConnectOptionW
SQLNumParams
SQLGetDescFieldW
SQLGetDiagRecW
CursorLibLockDbc
SQLCloseCursor
GetODBCSharedData
SQLBindParam
SQLFreeEnv
PostComponentError
SQLGetDiagRecA
SQLAllocConnect
SQLGetDescFieldA
SQLFetch
ValidateErrorQueue
SQLDriversA
SQLSetConnectAttrA
SQLExecDirectW
SQLProceduresA
SQLSetConnectOptionA
SQLColumnsW
SQLGetDescRecW
SQLPutData
SQLDataSourcesW
SQLSpecialColumnsA
ODBCQualifyFileDSNW
SQLSetCursorNameW
SQLDataSourcesA
SQLMoreResults
SQLProceduresW
CloseOSObject
OpenOSObject
NotifyWinEvent
ValidateRgn
SendNotifyMessageW
DtcGetTransactionManagerExA
DtcGetTransactionManager
DtcGetTransactionManagerExW
Number of PE resources by type
RT_DIALOG 5
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_ICON 2
RT_STRING 2
RT_MENU 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 23
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.907.0.0

UninitializedDataSize
0

LanguageCode
Unknown (000C)

FileFlagsMask
0x003f

CharacterSet
Unknown (0002)

InitializedDataSize
122880

EntryPoint
0x1eb98

OriginalFileName
Mvwuweht

MIMEType
application/octet-stream

LegalCopyright
Copyright w vctwxfja

FileVersion
9.907

TimeStamp
2017:05:18 13:48:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Mvwuweht

ProductVersion
9.907

FileDescription
Mmfyauh aezhuj

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Vfe jmoxg hyry b

CodeSize
122880

ProductName
Kbyro rao gec

ProductVersionNumber
9.907.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 132d56f533f3a074b441cebff98e7742
SHA1 ce62251f9c7b0de95ce324efec94fb703776f4ba
SHA256 3105bf7916ab2e8bdf32f9a4f798c358b4d18da11bcc16f8f063c4b9c200f8b4
ssdeep
3072:evYbWaxny+zqxrTwktwSKbBT2DHxh92wzw513zGL84rRZ:kcWaxny0q9TvtXKbBT2DROqw/y84

authentihash a9ca5304ad13bdc7c37f7d90ba3e0034b3a7f330fc563c090e335345586db296
imphash 2324d7f65dabeb40d80ba488b78ae374
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 5.0 (44.3%)
Win32 Executable MS Visual C++ (generic) (22.8%)
Win64 Executable (generic) (20.2%)
Win32 Dynamic Link Library (generic) (4.8%)
Win32 Executable (generic) (3.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-22 12:11:39 UTC ( 5 months ago )
Last submission 2017-09-08 10:59:35 UTC ( 1 month, 2 weeks ago )
File names MM_3.exe
db27e51dea961e4d01a121b5579007007c08ee9c4a8bf2809f86b904d4e3cacac3b7dfa1081a08a2440a5996679f043f62ea65c46621e7489960dff14372a3ed
buzinat8.exe.bin
buzinat8.exe
jhg6fgh.malware
3105bf7916ab2e8bdf32f9a4f798c358b4d18da11bcc16f8f063c4b9c200f8b4.bin
Mvwuweht
buzinat8 (2).exe
buzinat8.exe.3264.dr
DROPPED.buzinat8.exe
Mvwuweht.exe
JAFF RANSOMWARE PAYLOAD
decrypted.ex1
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Deleted files
DNS requests
UDP communications