× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b
File name: Eternalromance-1.4.0.exe
Detection ratio: 40 / 61
Analysis date: 2017-04-26 20:50:41 UTC ( 1 day, 22 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4860868 20170426
AegisLab Troj.W32.Gen!c 20170426
AhnLab-V3 HackTool/Win32.Shadowbrokers.C1914486 20170426
ALYac Trojan.GenericKD.4860868 20170426
Antiy-AVL Trojan/Win32.TGeneric 20170426
Arcabit Trojan.Generic.D4A2BC4 20170426
Avast Win32:Malware-gen 20170426
AVG SCGeneric_c.BCTA 20170426
Avira (no cloud) TR/ShadowBrokers.D 20170426
AVware Trojan.Win32.Generic!BT 20170426
BitDefender Trojan.GenericKD.4860868 20170426
CAT-QuickHeal Hacktool.ShadowB 20170426
Comodo TrojWare.Win32.Exploit.EQUATION 20170426
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.UBQI-1472 20170426
Emsisoft Trojan.GenericKD.4860868 (B) 20170426
ESET-NOD32 a variant of Win32/Exploit.Equation.EternalRomance.A 20170426
F-Secure Trojan.GenericKD.4860868 20170426
Fortinet W32/Equation_EternalRomance.A!tr 20170426
GData Win32.Exploit.EqEternalRomance.A 20170426
Ikarus Trojan.Win32.Exploit 20170426
K7AntiVirus Exploit ( 0050b71b1 ) 20170426
K7GW Exploit ( 0050b71b1 ) 20170426
Kaspersky Trojan.Win32.ShadowBrokers.f 20170426
Malwarebytes Exploit.Agent.NS 20170426
McAfee HackTool-Shadowbrokers 20170426
McAfee-GW-Edition HackTool-Shadowbrokers 20170426
Microsoft Exploit:Win32/Eqtonex.A 20170426
eScan Trojan.GenericKD.4860868 20170426
Palo Alto Networks (Known Signatures) generic.ml 20170426
Panda Trj/GdSda.A 20170426
Qihoo-360 Trojan.Generic 20170426
Rising Malware.Undefined!8.C (cloud:K2TRgwvKJiV) 20170426
Sophos Troj/Equatio-B 20170426
Symantec Hacktool 20170426
Tencent Win32.Hacktool.Shadowbrokers.Dlzm 20170426
TrendMicro-HouseCall TROJ_ETERNALROM.A 20170426
VIPRE Trojan.Win32.Generic!BT 20170426
Webroot W32.Hacktool.Equation 20170426
ZoneAlarm by Check Point Trojan.Win32.ShadowBrokers.f 20170426
Alibaba 20170426
Baidu 20170426
Bkav 20170426
CMC 20170421
DrWeb 20170426
Endgame 20170419
F-Prot 20170426
Invincea 20170413
Jiangmin 20170425
Kingsoft 20170426
NANO-Antivirus 20170426
nProtect 20170426
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170426
Symantec Mobile Insight 20170426
TheHacker 20170424
TotalDefense 20170426
TrendMicro 20170426
Trustlook 20170426
VBA32 20170426
ViRobot 20170426
WhiteArmor 20170409
Yandex 20170426
Zillya 20170426
Zoner 20170426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-18 18:31:23
Entry Point 0x000079CD
Number of sections 5
PE sections
PE imports
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
RtlUnwind
GetCurrentProcessId
GetModuleHandleA
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
Sleep
GetCurrentThreadId
InterlockedCompareExchange
inet_addr
coli_setCleanup
coli_create
coli_setProcess
coli_delete
coli_setValidate
mainWrapper
coli_setID
_amsg_exit
?terminate@@YAXXZ
memset
__p__fmode
_exit
_adjust_fdiv
__setusermatherr
strcmp
memcpy
_cexit
memcmp
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
strlen
__p__commode
__set_app_type
TbFreeInt
TbPutByte
TbWinsockStartup
TbSetRemoteSocketData
TbDoSmbTreeDisconnect
TbInitStruct
TbDoRpcBind
TbPutLong
TbPutShort
TbDoSmbEcho
TbFreeStructBuffers
TbDoSmbTreeConnectAndX
TbSetAuthenticationDataExU
TbCloseStructSockets
TbRecvSmb
TbDoSmbPacket
TbCleanSB
TbPutArg
TbSetAuthenticationData
TbDoSmbNtCreateAndX
TbDoRpcRequestEx
TbPutPointer
TbMalloc
TbMakeSmbHeader
TbPutBuff
TbPutLongAligned
TbPutTransact
TbDoSmbStartup
TbMakeSocket
Parameter_Socket_setValue
Parameter_Boolean_getValue
Parameter_U8_getValue
Parameter_U16_getValue
Params_findParamchoice
Parameter_IPv4_getValue
Parameter_U32_getValue
Paramchoice_getValue
Parameter_getType
Parameter_String_setValue
Parameter_S16_getValue
Params_findParameter
Parameter_U8_setValue
Parameter_Port_getValue
Parameter_Buffer_getValue
Parameter_String_getValue
Parameter_LocalFile_getValue
TfRandomInt
TfReadFileIntoBuffer
TfRandomizeBuffer
TfRandomByte
TfFillRandom
TfStrICmp
TcLog
TcLogBuffer
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:05:18 19:31:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
14336

SubsystemVersion
5.0

EntryPoint
0x79cd

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4420f8917dc320a78d2ef14136032f69
SHA1 06cd886586835b2bf0d25fba4c898b69e362ba6d
SHA256 b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b
ssdeep
384:JoviO9v8ev1gHVXNuxqmwA6vAbCm2qu09mEwj7Bh+GQKOtGvMuSeU2dl4el4xP:QiO9y0xqm6vAGmXHTnKOMBbl8P

authentihash a761cc4e3e8f3a8e08d7b99e673fcd68922c732f3f320e55031a12dee606b7b5
imphash 85e3107e7b1b6dce6f76f3013d278f88
File size 43.0 KB ( 44032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-14 09:49:48 UTC ( 2 weeks ago )
Last submission 2017-04-19 06:49:47 UTC ( 1 week, 2 days ago )
File names Eternalromance-1.4.0.exe
Eternalromance-1.4..exe
Eternalromance-1.4.0.exe
eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!