Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-Jan-30 02:56:43 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 64/71 (Scanned on 2021-03-03 17:15:34) |
Bkav:
W32.Common.34A8C359
Elastic: malicious (high confidence) MicroWorld-eScan: Trojan.Ransom.AUC CAT-QuickHeal: Ransom.Petya.MUE.S6 McAfee: Generic .jy Malwarebytes: Ransom.Petya Zillya: Trojan.Petr.Win32.5 Sangfor: Suspicious.Win32.Save.a K7AntiVirus: Trojan ( 004e1c831 ) Alibaba: Ransom:Win32/Petya.404bad21 K7GW: Trojan ( 004e1c831 ) Cybereason: malicious.3a1b3b Cyren: W32/Trojan.XMFF-8835 Symantec: Ransom.Petya APEX: Malicious Paloalto: generic.ml ClamAV: Win.Trojan.Petya-6312160-0 Kaspersky: Trojan-Ransom.Win32.Petr.l BitDefender: Trojan.Ransom.AUC NANO-Antivirus: Trojan.Win32.AD.ebjjem ViRobot: Trojan.Win32.S.Petya.806912 SUPERAntiSpyware: Ransom.Petya/Variant Avast: Win32:Patched-AWP [Trj] Rising: Ransom.Petr!8.4667 (CLOUD) Ad-Aware: Trojan.Ransom.AUC TACHYON: Trojan/W32.Petr.806912 Sophos: Mal/Generic-R + Troj/Petya-C Comodo: Malware@#3o4z9hhlvmp31 F-Secure: Trojan.TR/AD.Petya.Y.hhcl DrWeb: Trojan.MBRlock.245 VIPRE: Trojan.Win32.Generic!BT TrendMicro: Ransom_PETYA.E McAfee-GW-Edition: Generic trojan.jy FireEye: Generic.mg.a92f13f3a1b3b398 Emsisoft: Trojan.Ransom.AUC (B) Jiangmin: TrojanRansom.Petya.b Webroot: Ransomware.Petya.Gen Avira: TR/AD.Petya.Y.hhcl Kingsoft: Win32.Troj.Undef.(kcloud) Microsoft: Ransom:Win32/Petya Gridinsoft: Ransom.Win32.Ransom.oa Arcabit: Trojan.Ransom.AUC AegisLab: Trojan.Win32.Petr.j!c ZoneAlarm: Trojan-Ransom.Win32.Petr.l GData: Win32.Trojan.Agent.2A5OIW Cynet: Malicious (score: 100) AhnLab-V3: Malware/Win32.RL_Generic.R295351 VBA32: Trojan.MBRlock ALYac: Trojan.Ransom.Petya MAX: malware (ai score=100) Cylance: Unsafe Zoner: Trojan.Win32.42050 ESET-NOD32: Win32/Diskcoder.Petya.A TrendMicro-HouseCall: Ransom_PETYA.E Tencent: Malware.Win32.Gencirc.10baca93 Yandex: Trojan.Petr!oS9v/ZMuilY Ikarus: Trojan-Ransom.PetYa eGambit: Unsafe.AI_Score_99% Fortinet: W32/Petya.EOB!tr.ransom BitDefenderTheta: Gen:NN.ZexaF.34608.XuW@ay8Hnybi AVG: Win32:Patched-AWP [Trj] Panda: Trj/WLT.B CrowdStrike: win/malicious_confidence_100% (W) Qihoo-360: Trojan.Generic |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2016-Jan-30 02:56:43 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x6fc00 |
SizeOfInitializedData | 0x57c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0004D37D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x71000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0xcb000 |
SizeOfHeaders | 0x400 |
Checksum | 0xc7a97 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ole32.dll |
IIDFromString
StringFromGUID2 OleUninitialize OleInitialize OleRun OleSetContainedObject CoInitializeEx CoTaskMemAlloc CoTaskMemFree CoInitialize CoTaskMemRealloc CoUninitialize CoCreateInstance |
---|---|
SHELL32.dll |
SHGetFolderPathW
FindExecutableA Shell_NotifyIconA SHGetFolderPathA ShellExecuteExA |
WININET.dll |
InternetTimeFromSystemTime
InternetTimeToSystemTime InternetCrackUrlA HttpQueryInfoA InternetConnectA InternetReadFile HttpOpenRequestA InternetGetConnectedState InternetErrorDlg HttpSendRequestA InternetOpenA InternetCloseHandle |
USER32.dll |
IsChild
SetFocus SetRect GetWindowThreadProcessId RegisterClassExA GetFocus GetAncestor GetSystemMenu GetWindowRect GetParent GetClientRect SendMessageA GetClassInfoExW GetDC TranslateMessage RegisterClassExW GetWindowLongW ReleaseDC EnableMenuItem SetWindowLongW GetDesktopWindow SetWindowPos CreateWindowExW AdjustWindowRectEx LoadCursorA SetWindowLongA GetWindowLongA CreateWindowExA MessageBoxA CharNextA DispatchMessageW RegisterClassA LoadImageA GetSystemMetrics DispatchMessageA PostMessageA AppendMenuA CreatePopupMenu ShowWindow MsgWaitForMultipleObjectsEx GetCursorPos DefWindowProcA IsWindowUnicode SetWindowTextW DefWindowProcW wsprintfA LoadStringA DestroyWindow GetMessageA GetMessageW PostQuitMessage TrackPopupMenu SetForegroundWindow PeekMessageA |
COMCTL32.dll |
InitCommonControlsEx
|
VERSION.dll |
GetFileVersionInfoA
GetFileVersionInfoSizeA VerQueryValueW VerQueryValueA |
KERNEL32.dll |
GetStdHandle
WriteConsoleW GetConsoleMode GetConsoleCP GetFileType GetStartupInfoW HeapSetInformation GetSystemTimeAsFileTime VirtualQuery GetSystemInfo GetModuleHandleW VirtualAlloc GetModuleFileNameW HeapAlloc HeapFree FileTimeToLocalFileTime GetDriveTypeW FindFirstFileExW SetStdHandle HeapReAlloc GetCPInfo RtlUnwind LCMapStringW UnhandledExceptionFilter SetUnhandledExceptionFilter ExitThread CreateDirectoryW VirtualProtect GetFullPathNameW HeapCreate TlsAlloc TlsGetValue TlsSetValue TlsFree SetLastError HeapSize GetLocaleInfoW SetHandleCount GetTimeZoneInformation SetFilePointer FlushFileBuffers IsDebuggerPresent IsProcessorFeaturePresent GetACP GetOEMCP IsValidCodePage FreeEnvironmentStringsW GetEnvironmentStringsW lstrcmpA GetModuleHandleA FindResourceA lstrlenA GetModuleHandleExA FreeLibrary LoadResource SetEndOfFile InterlockedDecrement GetCommandLineA WideCharToMultiByte InitializeCriticalSectionAndSpinCount SizeofResource SetDllDirectoryA IsDBCSLeadByte MultiByteToWideChar lstrlenW RaiseException GetLastError lstrcmpiA GetProcAddress GetModuleFileNameA LoadLibraryExA CreateMutexA DeleteCriticalSection CloseHandle WaitForSingleObject FormatMessageA GetExitCodeProcess LocalFree DeleteFileA SetEvent CreateEventA lstrcatA ResetEvent WaitForMultipleObjects CreateThread lstrcpyA lstrcpynA CreateFileA WriteFile Sleep ReadFile OpenEventA GetSystemTime GetCurrentProcess GetTickCount GetCurrentProcessId GetTempPathA SystemTimeToFileTime FileTimeToSystemTime MulDiv InterlockedExchange InterlockedExchangeAdd LocalAlloc GetCurrentThreadId FormatMessageW GetLocalTime ExitProcess GetLocaleInfoA GetWindowsDirectoryA OpenProcess TerminateProcess GetSystemDirectoryA FindFirstFileA FindClose LoadLibraryA LockResource GetNativeSystemInfo PeekNamedPipe SetHandleInformation CreateProcessA CreateDirectoryA GetProcessHeap CreatePipe GetSystemDefaultUILanguage GetThreadLocale GetUserDefaultUILanguage MoveFileExA GetFileAttributesA FindNextFileA OpenThread GetExitCodeThread GetModuleHandleExW LoadLibraryW LoadLibraryExW ReleaseMutex QueryPerformanceCounter QueryPerformanceFrequency CreateFileW SetFilePointerEx InitializeCriticalSection LeaveCriticalSection EnterCriticalSection InterlockedCompareExchange GetStringTypeW EncodePointer DecodePointer GetCurrentDirectoryW GetFileInformationByHandle GetUserDefaultLCID EnumSystemLocalesA IsValidLocale CompareStringW SetEnvironmentVariableA InterlockedIncrement RemoveDirectoryA |
ADVAPI32.dll |
SetSecurityDescriptorDacl
InitializeSecurityDescriptor RegCloseKey RegDeleteValueA RegOpenKeyExA RegCreateKeyExA RegEnumKeyExA RegDeleteKeyA RegQueryInfoKeyW RegSetValueExA CryptGetHashParam RegQueryInfoKeyA GetTokenInformation CopySid GetWindowsAccountDomainSid CreateWellKnownSid ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertSidToStringSidW RegQueryValueExA CryptReleaseContext CryptAcquireContextA CryptCreateHash CryptDestroyHash CryptHashData RegEnumKeyA OpenProcessToken |
OLEAUT32.dll |
SysFreeString
VarUI4FromStr VariantClear SysAllocString VariantCopy VariantInit VariantChangeType GetErrorInfo SysStringByteLen |
SHLWAPI.dll |
#12
|
GDI32.dll |
GetStockObject
GetDeviceCaps |
WINTRUST.dll |
WinVerifyTrust
|
CRYPT32.dll |
CryptMsgClose
CryptQueryObject CertGetNameStringW CertFindCertificateInStore CertCloseStore CryptMsgGetParam CryptStringToBinaryA CryptBinaryToStringA CryptProtectData CryptUnprotectData |
msi.dll |
#141
#168 #160 #158 #115 #159 #117 #8 #44 #204 #189 #67 #31 #137 #91 |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x4946a0 |
SEHandlerTable | 0x483e80 |
SEHandlerCount | 570 |
XOR Key | 0x40c10710 |
---|---|
Unmarked objects | 0 |
C++ objects (VS2010 build 30319) | 5 |
152 (20115) | 1 |
ASM objects (VS2010 SP1 build 40219) | 29 |
C++ objects (VS2010 SP1 build 40219) | 72 |
C objects (VS2010 SP1 build 40219) | 207 |
C objects (VS2008 SP1 build 30729) | 12 |
Imports (VS2008 SP1 build 30729) | 29 |
Total imports | 351 |
175 (VS2010 SP1 build 40219) | 83 |
Resource objects (VS2010 SP1 build 40219) | 1 |
151 | 3 |
Linker (VS2010 SP1 build 40219) | 1 |