× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1
File name: 7.GoldenEye.bin
Detection ratio: 62 / 67
Analysis date: 2017-12-13 17:31:53 UTC ( 8 hours, 59 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5502931 20171213
AegisLab Troj.Ransom.W32!c 20171213
AhnLab-V3 Trojan/Win32.Petya.R203323 20171213
ALYac Trojan.Ransom.Petya 20171213
Antiy-AVL Trojan[Ransom]/Win32.ExPetr 20171213
Arcabit Trojan.Generic.D53F7D3 20171213
Avast MBR:Ransom-C [Trj] 20171213
AVG MBR:Ransom-C [Trj] 20171213
Avira (no cloud) TR/Petya.A 20171213
AVware Trojan.Win32.Generic!BT 20171213
Baidu Win32.Trojan.Ransom.a 20171212
BitDefender Trojan.GenericKD.5502931 20171213
Bkav W32.RsPetyaND.Worm 20171213
CAT-QuickHeal Ransom.Petya.A5 20171212
ClamAV Win.Exploit.CVE_2017_0147-6331310-0 20171213
CMC RansomWare.Win32.Petya!O 20171213
Comodo TrojWare.Win32.Ransom.Petya.jte 20171213
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171213
Cyren W32/Petya.YEFF-1045 20171213
DrWeb Trojan.Encoder.12544 20171213
eGambit ransom.BadRabbit 20171213
Emsisoft Trojan-Ransom.GoldenEye (A) 20171213
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Diskcoder.C 20171213
F-Prot W32/Petya.Ransom.J 20171213
F-Secure Trojan:W32/Petya.G 20171213
Fortinet W32/Petya.C!tr.ransom 20171213
GData Win32.Trojan-Ransom.Petya.V 20171213
Ikarus Trojan-Ransom.Petrwrap 20171213
Sophos ML heuristic 20170914
Jiangmin Trojan.Petya.d 20171211
K7AntiVirus Trojan ( 00510cfe1 ) 20171213
K7GW Trojan ( 00510cfe1 ) 20171213
Kaspersky Trojan-Ransom.Win32.Petr.xw 20171213
Malwarebytes Ransom.Petya.EB 20171213
MAX malware (ai score=100) 20171213
McAfee Ransom-Petya!E285B6CE0470 20171213
McAfee-GW-Edition Ransom-Petya!E285B6CE0470 20171213
Microsoft Ransom:Win32/Petya.B!rsm 20171213
eScan Trojan.GenericKD.5502931 20171213
NANO-Antivirus Trojan.Win32.Petya.eqlcpj 20171213
nProtect Ransom/W32.Petya.362360.B 20171213
Palo Alto Networks (Known Signatures) generic.ml 20171213
Panda Trj/Genetic.gen 20171213
Qihoo-360 Trojan.Generic 20171213
Rising Ransom.Petya!1.ABCF (CLASSIC) 20171213
Sophos AV Troj/Petya-BJ 20171213
SUPERAntiSpyware Ransom.Petya/Variant 20171213
Symantec Ransom.Petya 20171213
Tencent Trojan.Win32.Petya.a 20171213
TheHacker Trojan/Diskcoder.c 20171210
TrendMicro Ransom_PETYA.TH627 20171213
TrendMicro-HouseCall Ransom_PETYA.TH627 20171213
VBA32 Trojan.Filecoder 20171213
VIPRE Trojan.Win32.Generic!BT 20171213
ViRobot Trojan.Win32.S.Petya.362360.A 20171213
Webroot W32.Ransomware.Petrwrap 20171213
Yandex Trojan.ExPetr! 20171212
Zillya Trojan.Petr.Win32.33 20171213
ZoneAlarm by Check Point Trojan-Ransom.Win32.Petr.xw 20171213
Zoner Trojan.Petya 20171213
Alibaba 20171213
Avast-Mobile 20171212
Cybereason 20171103
Kingsoft 20171213
SentinelOne (Static ML) 20171207
Symantec Mobile Insight 20171213
TotalDefense 20171213
Trustlook 20171213
WhiteArmor 20171204
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 6:32 PM 12/13/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-18 03:13:01
Entry Point 0x00007D39
Number of sections 5
PE sections
Overlays
MD5 da2b0b17905e8afae0eaca35e831be9e
File type data
Offset 356352
Size 6008
Entropy 7.37
PE imports
CryptDestroyKey
AdjustTokenPrivileges
CryptEncrypt
LookupPrivilegeValueW
InitializeSecurityDescriptor
CryptImportKey
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
SetTokenInformation
CryptGenKey
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
CryptAcquireContextW
CreateProcessAsUserW
OpenThreadToken
CryptSetKeyParam
CredFree
CredEnumerateW
CryptExportKey
InitiateSystemShutdownExW
SetThreadToken
CryptStringToBinaryW
CryptDecodeObjectEx
CryptBinaryToStringW
DhcpRpcFreeMemory
DhcpGetSubnetInfo
DhcpEnumSubnets
DhcpEnumSubnetClients
GetIpNetTable
GetAdaptersInfo
CreateToolhelp32Snapshot
PeekNamedPipe
DeviceIoControl
HeapFree
GetDriveTypeW
ReadFile
UnmapViewOfFile
CreateNamedPipeW
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
FreeLibrary
HeapReAlloc
LocalAlloc
ExitProcess
DisableThreadLibraryCalls
VirtualProtect
FlushFileBuffers
LoadLibraryA
FlushViewOfFile
GetLocalTime
Process32NextW
CreateProcessW
DisconnectNamedPipe
GetCurrentProcess
EnterCriticalSection
SizeofResource
GetWindowsDirectoryW
GetFileSize
OpenProcess
LockResource
CreateThread
MultiByteToWideChar
GetLogicalDrives
MapViewOfFile
DeleteFileW
GetProcAddress
TerminateThread
Process32FirstW
GetCurrentThread
GetTempFileNameW
CreateFileMappingW
GetModuleHandleA
HeapAlloc
SetFilePointerEx
GetFileSizeEx
WideCharToMultiByte
LoadLibraryW
SetFilePointer
GetSystemDirectoryW
FindNextFileW
InterlockedExchange
GetTempPathW
CloseHandle
GetComputerNameExW
FindResourceW
FindFirstFileW
GetSystemDirectoryA
WaitForMultipleObjects
GetModuleHandleW
ResumeThread
GetExitCodeProcess
LocalFree
GetLastError
ConnectNamedPipe
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
CreateFileA
GetTickCount
GetProcessHeap
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
WNetAddConnection2W
WNetEnumResourceW
WNetCancelConnection2W
WNetCloseEnum
WNetOpenEnumW
NetServerGetInfo
NetServerEnum
NetApiBufferFree
SHGetFolderPathW
CommandLineToArgvW
StrCmpW
StrChrW
PathFindFileNameW
PathFileExistsW
StrCatW
StrStrIW
PathAppendW
PathFindExtensionW
StrStrW
StrCmpIW
PathCombineW
StrToIntW
wsprintfA
ExitWindowsEx
wsprintfW
__WSAFDIsSet
socket
closesocket
ntohl
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
connect
inet_ntoa
htons
recv
select
_itoa
malloc
rand
memset
free
memcpy
CoCreateGuid
CoTaskMemFree
StringFromCLSID
Number of PE resources by type
RT_RCDATA 4
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:06:18 04:13:01+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
48640

LinkerVersion
10.0

EntryPoint
0x7d39

InitializedDataSize
306688

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e285b6ce047015943e685e6638bd837e
SHA1 9717cfdc2d023812dbc84a941674eb23a2a8ef06
SHA256 64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1
ssdeep
6144:iMu45Ec/NTBo/xm5ZjAetGDN3VFNq7pC+9OqFoK30b3ni5rdQY/CdUOz2:iMIGNTS/xmjNG+w+9OqFoK323qdQYKUt

authentihash b2736847321414e07146c0a97bc1f8fef1229140fda9721852d189769304b19f
imphash 52dd60b5f3c9e2f17c2e303e8c8d4eab
File size 353.9 KB ( 362360 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
cve-2017-0147 exploit overlay pedll via-tor

VirusTotal metadata
First submission 2017-06-27 15:53:41 UTC ( 5 months, 2 weeks ago )
Last submission 2017-11-08 22:43:03 UTC ( 1 month ago )
File names 64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1 (1)
e285b6ce047015943e685e6638bd837e.virus
localfile~
e285b6ce047015943e685e6638bd837e_other_dll
E285B6CE047015943E685E6638BD837E.bin
perfc.dll
Pet_test2.dll
9717cfdc2d023812dbc84a941674eb23a2a8ef06_perfc.dl
perfc.dat.bin
64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1.bin
7.GoldenEye.bin
1.dll
Petwrap.exe.bin
64B0B58A2C030C77FDB2B537B2FCC4AF432BC55FFB36599A31D418C7C69E94B1.bin
perfc.dat
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!