× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b
File name: Eternalromance-1.4.0.exe
Detection ratio: 49 / 60
Analysis date: 2017-05-26 04:33:29 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4860868 20170526
AegisLab Troj.W32.Gen!c 20170526
AhnLab-V3 HackTool/Win32.Shadowbrokers.C1914486 20170525
ALYac Trojan.GenericKD.4860868 20170526
Arcabit Trojan.Generic.D4A2BC4 20170526
Avast Win32:Malware-gen 20170526
AVG SCGeneric_c.BCTA 20170525
Avira (no cloud) TR/ShadowBrokers.D 20170525
AVware Trojan.Win32.Generic!BT 20170526
BitDefender Trojan.GenericKD.4860868 20170526
CAT-QuickHeal Hacktool.ShadowB 20170525
ClamAV Win.Trojan.Agent-6288233-0 20170526
Comodo TrojWare.Win32.Exploit.EQUATION 20170526
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/Trojan.UBQI-1472 20170526
DrWeb Trojan.Equation.22 20170526
Emsisoft Trojan.GenericKD.4860868 (B) 20170526
ESET-NOD32 a variant of Win32/Exploit.Equation.EternalRomance.A 20170526
F-Prot W32/ShadowBroker.A.gen!Eldorado 20170526
F-Secure Trojan.GenericKD.4860868 20170526
Fortinet W32/Equation_EternalRomance.A!tr 20170526
GData Win32.Exploit.EqEternalRomance.A 20170526
Ikarus Trojan.Win32.Eqtonex 20170525
Jiangmin Trojan.ShadowBrokers.n 20170525
K7AntiVirus Exploit ( 0050b71b1 ) 20170525
K7GW Exploit ( 0050b71b1 ) 20170525
Kaspersky Trojan.Win32.ShadowBrokers.f 20170526
Malwarebytes Exploit.Agent.NS 20170526
McAfee HackTool-Shadowbrokers 20170526
McAfee-GW-Edition HackTool-Shadowbrokers 20170525
Microsoft Trojan:Win32/Eqtonex.F 20170526
eScan Trojan.GenericKD.4860868 20170526
NANO-Antivirus Trojan.Win32.ShadowBrokers.eoguja 20170526
nProtect Trojan/W32.ShadowBrokers.44032 20170526
Palo Alto Networks (Known Signatures) generic.ml 20170526
Panda Trj/GdSda.A 20170525
Qihoo-360 Trojan.Generic 20170526
Rising Worm.EternalRomance!1.AB07 (classic) 20170526
Sophos Troj/Equatio-B 20170526
Symantec Hacktool 20170526
Tencent Win32.Hacktool.Shadowbrokers.Dlzm 20170526
TrendMicro TROJ_ETERNALROM.A 20170526
TrendMicro-HouseCall TROJ_ETERNALROM.A 20170525
VBA32 Trojan.ShadowBrokers 20170525
VIPRE Trojan.Win32.Generic!BT 20170526
ViRobot Trojan.Win32.S.ShadowBrokers.44032[h] 20170526
Webroot W32.Hacktool.Equation 20170526
Zillya Trojan.ShadowBrokers.Win32.1 20170525
ZoneAlarm by Check Point Trojan.Win32.ShadowBrokers.f 20170526
Alibaba 20170526
Bkav 20170525
CMC 20170525
Endgame 20170515
Invincea 20170519
Kingsoft 20170526
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170526
Symantec Mobile Insight 20170526
TheHacker 20170525
TotalDefense 20170526
Trustlook 20170526
WhiteArmor 20170524
Yandex 20170518
Zoner 20170526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-18 18:31:23
Entry Point 0x000079CD
Number of sections 5
PE sections
PE imports
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
RtlUnwind
GetCurrentProcessId
GetModuleHandleA
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
Sleep
GetCurrentThreadId
InterlockedCompareExchange
inet_addr
coli_setCleanup
coli_create
coli_setProcess
coli_delete
coli_setValidate
mainWrapper
coli_setID
_amsg_exit
?terminate@@YAXXZ
memset
__p__fmode
_exit
_adjust_fdiv
__setusermatherr
strcmp
memcpy
_cexit
memcmp
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
strlen
__p__commode
__set_app_type
TbFreeInt
TbPutByte
TbWinsockStartup
TbSetRemoteSocketData
TbDoSmbTreeDisconnect
TbInitStruct
TbDoRpcBind
TbPutLong
TbPutShort
TbDoSmbEcho
TbFreeStructBuffers
TbDoSmbTreeConnectAndX
TbSetAuthenticationDataExU
TbCloseStructSockets
TbRecvSmb
TbDoSmbPacket
TbCleanSB
TbPutArg
TbSetAuthenticationData
TbDoSmbNtCreateAndX
TbDoRpcRequestEx
TbPutPointer
TbMalloc
TbMakeSmbHeader
TbPutBuff
TbPutLongAligned
TbPutTransact
TbDoSmbStartup
TbMakeSocket
Parameter_Socket_setValue
Parameter_Boolean_getValue
Parameter_U8_getValue
Parameter_U16_getValue
Params_findParamchoice
Parameter_IPv4_getValue
Parameter_U32_getValue
Paramchoice_getValue
Parameter_getType
Parameter_String_setValue
Parameter_S16_getValue
Params_findParameter
Parameter_U8_setValue
Parameter_Port_getValue
Parameter_Buffer_getValue
Parameter_String_getValue
Parameter_LocalFile_getValue
TfRandomInt
TfReadFileIntoBuffer
TfRandomizeBuffer
TfRandomByte
TfFillRandom
TfStrICmp
TcLog
TcLogBuffer
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:05:18 19:31:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
14336

SubsystemVersion
5.0

EntryPoint
0x79cd

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4420f8917dc320a78d2ef14136032f69
SHA1 06cd886586835b2bf0d25fba4c898b69e362ba6d
SHA256 b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b
ssdeep
384:JoviO9v8ev1gHVXNuxqmwA6vAbCm2qu09mEwj7Bh+GQKOtGvMuSeU2dl4el4xP:QiO9y0xqm6vAGmXHTnKOMBbl8P

authentihash a761cc4e3e8f3a8e08d7b99e673fcd68922c732f3f320e55031a12dee606b7b5
imphash 85e3107e7b1b6dce6f76f3013d278f88
File size 43.0 KB ( 44032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-14 09:49:48 UTC ( 2 months, 2 weeks ago )
Last submission 2017-05-24 09:09:17 UTC ( 1 month ago )
File names Eternalromance-1.4.0.exe
taskmgr.exe
taskmgr.exe
Eternalromance-1.4..exe
Eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
Eternalromance-1.4.0.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!