MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Petya

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c
SHA3-384 hash:	c27381c611ece2baa0ed7d32a02daa771b0d9bdde08ab893985d7e9101b073280011ef6f9bc7610a6e9bab8300a3419d
SHA1 hash:	d1c62ac62e68875085b62fa651fb17d4d7313887
MD5 hash:	a92f13f3a1b3b39833d3cc336301b713
humanhash:	paris-equal-eighteen-pennsylvania
File name:	NoPetya.bin
Download:	download sample
Signature	Petya Create hunting rule
File size:	806'912 bytes
First seen:	2022-07-26 16:44:14 UTC
Last seen:	2025-04-21 04:15:09 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	bf084102e13441ce39f8d51d9bf55857 (1 x Petya)
ssdeep	24576:z0wz1d5bAbWhrc56zQ9T4Ole+5PIuklOjB:Hd5Vhr4IMTbeGPJHjB
Threatray	1 similar samples on MalwareBazaar
TLSH	T152058D22B2D0C07AC8375371982ADB2924B7B9754835010F77E9662E6EB33D35E35E4B
TrID	44.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 18.6% (.SCR) Windows screen saver (13101/52/3) 14.9% (.EXE) Win64 Executable (generic) (10523/12/4) 7.1% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.3% (.EXE) Win32 Executable (generic) (4505/5/1)
dhash icon	7eda8eae8eb6aa1c (1 x Petya, 1 x Mischa)
Reporter	FilipiPires
Tags:	exe Petya Ransomware

Intelligence

File Origin

# of uploads :

# of downloads :

1'074

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Ransomware.Petya.zip

Verdict:

Malicious activity

Analysis date:

2018-12-04 21:44:18 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/be93614b-4721-4f18-ac66-95c73724e60b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/294423/

Detection(s):

Win.Trojan.Petya-6312160-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

BSOD occurred

Low-level writing

Rewriting of the hard drive's master boot record

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug anti-vm explorer.exe filecoder fingerprint greyware hacktool mbrlock petya ransomware shell32.dll

Link:

https://www.filescan.io/uploads/62e01a2b7dd0cb902f017772/reports/0dbc0ce9-19af-4f5b-876e-76a494a97df7/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Petya

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/78f7672a-b817-49c9-bda0-91586107e319

Result

Threat name:

Petya

Detection:

malicious

Classification:

rans.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/446480

Signature

Antivirus / Scanner detection for submitted sample

Detected unpacking (creates a PE file in dynamic memory)

Found Tor onion address

Infects the boot sector of the hard disk

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Performs an instant shutdown (NtRaiseHardError)

Writes data at the end of the disk (often used by bootkits to hide malicious code)

Writes directly to the primary disk partition (DR0)

Yara detected Petya ransomware

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c/

Threat name:

Win32.Ransomware.Petya

Status:

Malicious

First seen:

2016-04-01 09:11:45 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

39 of 41 (95.12%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jqo4on4rlv3lptsxtk65votu5llp3nnvdgq6urjqrogetokqmvoa._file

Verdict:

malicious

Petya

Result

Malware family:

n/a

Score:

6/10

Tags:

bootkit persistence

Link:

https://tria.ge/reports/220726-t9dxasbfdq/

Behaviour

Suspicious use of AdjustPrivilegeToken

Writes to the Master Boot Record (MBR)

Unpacked files

SH256 hash:

4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c

MD5 hash:

a92f13f3a1b3b39833d3cc336301b713

SHA1 hash:

d1c62ac62e68875085b62fa651fb17d4d7313887

Link:

https://www.unpac.me/results/3910682c-5537-4b98-a896-1366839da1f5/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/4c1dc737915d/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Petya

exe 4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/294423/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample