× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי
SHA256: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
שם קובץ: 027cc450ef5f8c5f653329641ec1fed9.exe
יחס זיהוי: 60 / 64
תאריך ניתוח: 2017-09-21 18:23:43 UTC ( 10 שעות, 9 דקות לפני )
אנטי־וירוס תוצאה עדכן
Ad-Aware Trojan.Ransom.GoldenEye.B 20170921
AegisLab Troj.Ransom.W32!c 20170921
AhnLab-V3 Trojan/Win32.Petya.R203323 20170921
ALYac Trojan.Ransom.Petya 20170921
Antiy-AVL Trojan/Win32.SGeneric 20170921
Arcabit Trojan.Ransom.GoldenEye.B 20170921
Avast MBR:Ransom-C [Trj] 20170921
AVG MBR:Ransom-C [Trj] 20170921
Avira (no cloud) TR/Ransom.ME.12 20170921
AVware Win32.Malware!Drop 20170921
Baidu Win32.Trojan.Ransom.a 20170921
BitDefender Trojan.Ransom.GoldenEye.B 20170921
CAT-QuickHeal Ransom.Petya.A5 20170921
ClamAV Win.Exploit.CVE_2017_0147-6331310-0 20170921
CMC RansomWare.Win32.Petya!O 20170920
Comodo TrojWare.Win32.Ransom.Petya.BE 20170921
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170921
Cyren W32/Petya.VUNZ-1981 20170921
DrWeb Trojan.Encoder.12544 20170921
Emsisoft Trojan-Ransom.GoldenEye (A) 20170921
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Diskcoder.C 20170921
F-Prot W32/Petya.Ransom.J 20170921
F-Secure Trojan:W32/Petya.F 20170921
Fortinet W32/Petya.EOB!tr 20170921
GData Win32.Trojan-Ransom.Petya.V 20170921
Ikarus Trojan-Ransom.Petrwrap 20170921
Sophos ML heuristic 20170914
Jiangmin Trojan.RansomPetya.a 20170921
K7AntiVirus Trojan ( 0001140e1 ) 20170921
K7GW Trojan ( 0001140e1 ) 20170921
Kaspersky Trojan-Ransom.Win32.Petr.xw 20170921
Malwarebytes Ransom.Petya.EB 20170921
MAX malware (ai score=100) 20170921
McAfee Generic.acn 20170921
McAfee-GW-Edition Generic.acn 20170921
Microsoft Ransom:Win32/Petya 20170921
eScan Trojan.Ransom.GoldenEye.B 20170921
NANO-Antivirus Trojan.Win32.Petya.eqlcgp 20170921
nProtect Ransom/W32.Petya.362360 20170921
Palo Alto Networks (Known Signatures) generic.ml 20170921
Panda Trj/WLT.C 20170921
Qihoo-360 Trojan.Generic 20170921
Rising Ransom.Petya!1.ABCF (KTSE) 20170921
Sophos AV Troj/Ransom-EOB 20170921
SUPERAntiSpyware Ransom.Petya/Variant 20170921
Symantec Ransom.Petya 20170921
Tencent Trojan.Win32.Petya.a 20170921
TheHacker Trojan/Diskcoder.c 20170921
TrendMicro Ransom_PETYA.TH627 20170921
TrendMicro-HouseCall Ransom_PETYA.TH627 20170921
VBA32 Trojan.Ransom.Filecoder 20170921
VIPRE Win32.Malware!Drop 20170921
ViRobot Trojan.Win32.S.Petya.362360 20170921
Webroot W32.Ransomware.Petrwrap 20170921
Yandex Trojan.Diskcoder! 20170908
Zillya Trojan.Petya.Win32.8 20170921
ZoneAlarm by Check Point Trojan-Ransom.Win32.Petr.xw 20170921
Zoner Trojan.Petya 20170921
Alibaba 20170911
Avast-Mobile 20170921
Kingsoft 20170921
SentinelOne (Static ML) 20170806
Symantec Mobile Insight 20170921
Trustlook 20170921
WhiteArmor 20170829
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 7:23 PM 9/21/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-18 07:14:36
Entry Point 0x00007D39
Number of sections 5
PE sections
Overlays
MD5 da2b0b17905e8afae0eaca35e831be9e
File type data
Offset 356352
Size 6008
Entropy 7.37
PE imports
CryptDestroyKey
AdjustTokenPrivileges
CryptEncrypt
LookupPrivilegeValueW
InitializeSecurityDescriptor
CryptImportKey
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
SetTokenInformation
CryptGenKey
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
CryptAcquireContextW
CreateProcessAsUserW
OpenThreadToken
CryptSetKeyParam
CredFree
CredEnumerateW
CryptExportKey
InitiateSystemShutdownExW
SetThreadToken
CryptStringToBinaryW
CryptDecodeObjectEx
CryptBinaryToStringW
DhcpRpcFreeMemory
DhcpGetSubnetInfo
DhcpEnumSubnets
DhcpEnumSubnetClients
GetIpNetTable
GetAdaptersInfo
CreateToolhelp32Snapshot
PeekNamedPipe
DeviceIoControl
HeapFree
GetDriveTypeW
ReadFile
UnmapViewOfFile
CreateNamedPipeW
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
FreeLibrary
HeapReAlloc
LocalAlloc
ExitProcess
DisableThreadLibraryCalls
VirtualProtect
FlushFileBuffers
LoadLibraryA
FlushViewOfFile
GetLocalTime
Process32NextW
CreateProcessW
DisconnectNamedPipe
GetCurrentProcess
EnterCriticalSection
SizeofResource
GetWindowsDirectoryW
GetFileSize
OpenProcess
LockResource
CreateThread
MultiByteToWideChar
GetLogicalDrives
MapViewOfFile
DeleteFileW
GetProcAddress
TerminateThread
Process32FirstW
GetCurrentThread
GetTempFileNameW
CreateFileMappingW
GetModuleHandleA
HeapAlloc
SetFilePointerEx
GetFileSizeEx
WideCharToMultiByte
LoadLibraryW
SetFilePointer
GetSystemDirectoryW
FindNextFileW
InterlockedExchange
GetTempPathW
CloseHandle
GetComputerNameExW
FindResourceW
FindFirstFileW
GetSystemDirectoryA
WaitForMultipleObjects
GetModuleHandleW
ResumeThread
GetExitCodeProcess
LocalFree
GetLastError
ConnectNamedPipe
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
CreateFileA
GetTickCount
GetProcessHeap
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
WNetAddConnection2W
WNetEnumResourceW
WNetCancelConnection2W
WNetCloseEnum
WNetOpenEnumW
NetServerGetInfo
NetServerEnum
NetApiBufferFree
SHGetFolderPathW
CommandLineToArgvW
StrCmpW
StrChrW
PathFindFileNameW
PathFileExistsW
StrCatW
StrStrIW
PathAppendW
PathFindExtensionW
StrStrW
StrCmpIW
PathCombineW
StrToIntW
wsprintfA
ExitWindowsEx
wsprintfW
__WSAFDIsSet
socket
closesocket
ntohl
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
connect
inet_ntoa
htons
recv
select
_itoa
malloc
rand
memset
free
memcpy
CoCreateGuid
CoTaskMemFree
StringFromCLSID
Number of PE resources by type
RT_RCDATA 4
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:06:18 08:14:36+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
48640

LinkerVersion
10.0

EntryPoint
0x7d39

InitializedDataSize
306688

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 71b6a493388e7d0b40c83ce903bc6b04
SHA1 34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d
SHA256 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
ssdeep
6144:y/Bt80VmNTBo/x95ZjAetGDN3VFNq7pC+9OqFoK30b3ni5rdQY/CdUOs2:y/X4NTS/x9jNG+w+9OqFoK323qdQYKUG

authentihash 4b897c07f26324463b4ec273d14f422f650805099a9ceb92785ffba721603abe
imphash 52dd60b5f3c9e2f17c2e303e8c8d4eab
קודל קובץ 353.9 ק"ב ( 362360 bytes )
סוג קובץ Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
cve-2017-0147 exploit overlay pedll via-tor

VirusTotal metadata
First submission 2017-06-27 10:06:22 UTC ( 2 חודשים, 3 שבועות לפני )
Last submission 2017-09-21 18:23:43 UTC ( 10 שעות, 9 דקות לפני )
שמות קבצים 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745.exe
ran.exe
koko.dll
배틀그라운드.exe
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 (1)
Petya 2017.exe
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745.Petywrap.exe.vir
71B6A493388E7D0B40C83CE903BC6B04.bin
027cc450ef5f8c5f653329641ec1fed9.exe.dontrun
7.Petya-GoldenEye.bin
NotPetya.dll
5867927d-0320-449d-bbfa-c29e9bad0e1c.exe
bad.dll
Trojan-Ransom.Win32.ExPetr.a.(NotPetya).exe
sample (47).dll%vir
petwrap.virrey
PetyaA.dat
027cc450ef5f8c5f653329641ec1fed9.exe.vir
027cc450ef5f8c5f653329641ec1fed9.dll
027cc450ef5f8c5f653329641ec1fed9.file
petwrap.dll.bin
198082564.exe
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745.bin
Application1.exe
u0IZMVQgYFJk_peyta.bin
Advanced heuristic and reputation engines
אין תגובות. אף חבר קהילה של VirusTotal הגיב על הפריט הזה. היה הראשון לעשות זאת!

השאר תגובה...

?
פרסם תגובה

אתה לא מחובר. רק משתמשים רשומים יכולים להשאיר תגובה. והתחבר והראה את קולך!

אין הצבעות. אף אחד לא הצביע על קובץ זה. היה הראשון לעשות זאת!