peremena.exe
Sign up
Create your account
Actionable Threat Intelligence
Maltiverse © 2025
- Filename:
- peremena.exe
- md5:
- e5d1503657a6e51546cd31086675857f
- sha1:
- 8f4be30eef17a5b885f1db206baf9aef1722a30d
- sha256:
- 3d2777b748e805c0463c0c6d0fef8280ad197bea1dd0a25e30ed71199989a6b9
- Filetype:
- PE32 executable (GUI) Intel 80386, for MS Windows
- Size (Bytes):
- 228352
- Classification:
- malicious
- Indexed:
- Thu Jul 19 2018 12:45:13 GMT+0000 (7 years ago)
- Last modified:
- Thu Jul 19 2018 12:45:13 GMT+0000 (7 years ago)
Sample information
20
Antivirus detections0
IDS alerts1
Processes0
Http events0
Contacted hosts0
DNS Requests
9.6
Score
Current activity of this Sample
Blacklist timeline
First seen: Thu Jul 19 2018 11:45:13 GMT+0000
Last seen: Thu Jul 19 2018 12:45:13 GMT+0000
Period: an hour
Last seen: Thu Jul 19 2018 12:45:13 GMT+0000
Period: an hour
Hashes
In depth details
Dates
Tags
Developers can check API Specification here:
Request:
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/3d2777b748e805c0463c0c6d0fef8280ad197bea1dd0a25e30ed71199989a6b9
Request:
Alternatively you can use Maltiverse Python3 Library:
import requests
import json
url = 'https://api.maltiverse.com/sample/3d2777b748e805c0463c0c6d0fef8280ad197bea1dd0a25e30ed71199989a6b9'
response = requests.get(url)
parsed = json.loads(response.text)
print(json.dumps(parsed, indent=4, sort_keys=True))
Request:
$url = 'https://api.maltiverse.com/sample/3d2777b748e805c0463c0c6d0fef8280ad197bea1dd0a25e30ed71199989a6b9'
$headers = @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response
Response:
{
"antivirus": [
{
"description": "Trojan-FPST!E5D1503657A6",
"name": "McAfee"
},
{
"description": "Ransom_GANDCRAB.SMALY-3",
"name": "TrendMicro"
},
{
"description": "Win32.Trojan.WisdomEyes.16070401.9500.9999",
"name": "Baidu"
},
{
"description": "ML.Attribute.HighConfidence",
"name": "Symantec"
},
{
"description": "a variant of Win32/Kryptik.GJAB",
"name": "ESET-NOD32"
},
{
"description": "Ransom_GANDCRAB.SMALY-3",
"name": "TrendMicro-HouseCall"
},
{
"description": "generic.ml",
"name": "Paloalto"
},
{
"description": "UDS:DangerousObject.Multi.Generic",
"name": "Kaspersky"
},
{
"description": "Trojan.Win32.GandCrab.247296",
"name": "ViRobot"
},
{
"description": "Ransom.Gandcrab.Smaly!c",
"name": "AegisLab"
},
{
"description": "Ransom.GandCrypt!8.F33E (TFE:dGZlOgFfuqN+379qxw)",
"name": "Rising"
},
{
"description": "heuristic",
"name": "Invincea"
},
{
"description": "W32.Adware.Gen",
"name": "Webroot"
},
{
"description": "malicious (high confidence)",
"name": "Endgame"
},
{
"description": "UDS:DangerousObject.Multi.Generic",
"name": "ZoneAlarm"
},
{
"description": "Win-Trojan/Gandcrab04.Exp",
"name": "AhnLab-V3"
},
{
"description": "Malware-Cryptor.Limpopo",
"name": "VBA32"
},
{
"description": "FileRepMalware",
"name": "AVG"
},
{
"description": "FileRepMalware",
"name": "Avast"
},
{
"description": "malicious_confidence_90% (W)",
"name": "CrowdStrike"
}
],
"av_ratio": 30,
"blacklist": [
{
"count": 1,
"description": "Ransom_GANDCRAB.SMALY",
"first_seen": "2018-07-19 12:45:13",
"last_seen": "2018-07-19 12:45:13",
"source": "Hybrid-Analysis"
}
],
"classification": "malicious",
"creation_time": "2018-07-19 12:45:13",
"filename": [
"peremena.exe"
],
"filetype": "PE32 executable (GUI) Intel 80386, for MS Windows",
"is_alive": false,
"is_cdn": false,
"is_cnc": false,
"is_distributing_malware": false,
"is_hosting": false,
"is_iot_threat": false,
"is_known_attacker": false,
"is_known_scanner": false,
"is_mining_pool": false,
"is_open_proxy": false,
"is_phishing": false,
"is_sinkhole": false,
"is_storing_phishing": false,
"is_tor_node": false,
"is_vpn_node": false,
"md5": "e5d1503657a6e51546cd31086675857f",
"modification_time": "2018-07-19 12:45:13",
"process_list": [
{
"name": "peremena.exe",
"normalizedpath": "C:\\peremena.exe",
"sha256": "3d2777b748e805c0463c0c6d0fef8280ad197bea1dd0a25e30ed71199989a6b9",
"uid": "00023200-00003236"
}
],
"score": 9.6,
"scoring_executed_time": "2025-03-10 20:41:24",
"sha1": "8f4be30eef17a5b885f1db206baf9aef1722a30d",
"sha256": "3d2777b748e805c0463c0c6d0fef8280ad197bea1dd0a25e30ed71199989a6b9",
"size": 228352,
"tag": [
"ransomware"
],
"type": "sample"
}
Antivirus positives
| Antivirus | Threat |
|---|---|
| McAfee | Trojan-FPST!E5D1503657A6 |
| TrendMicro | Ransom_GANDCRAB.SMALY-3 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9999 |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/Kryptik.GJAB |
| TrendMicro-HouseCall | Ransom_GANDCRAB.SMALY-3 |
| Paloalto | generic.ml |
| Kaspersky | UDS:DangerousObject.Multi.Generic |
| ViRobot | Trojan.Win32.GandCrab.247296 |
| AegisLab | Ransom.Gandcrab.Smaly!c |
| Rising | Ransom.GandCrypt!8.F33E (TFE:dGZlOgFfuqN+379qxw) |
| Invincea | heuristic |
| Webroot | W32.Adware.Gen |
| Endgame | malicious (high confidence) |
| ZoneAlarm | UDS:DangerousObject.Multi.Generic |
| AhnLab-V3 | Win-Trojan/Gandcrab04.Exp |
| VBA32 | Malware-Cryptor.Limpopo |
| AVG | FileRepMalware |
| Avast | FileRepMalware |
| CrowdStrike | malicious_confidence_90% (W) |
Process list
- uid
- 00023200-00003236
- commandline
- name
- peremena.exe
- normalizedpath
- C:\peremena.exe
- sha256
- 3d2777b748e805c0463c0c6d0fef8280ad197bea1dd0a25e30ed71199989a6b9