× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00a4846b80c996aed97ed9a0f7313f4a3cf356cb7b596dc45dee9aebcf657b67
File name: 337e2c2e4ef0ad03bd574f96e8a37f2d
Detection ratio: 35 / 57
Analysis date: 2016-04-30 00:00:35 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3186081 20160430
AhnLab-V3 Trojan/Win32.Waldek 20160429
ALYac Trojan.Dridex.A 20160429
Arcabit Trojan.Generic.D309DA1 20160429
Avast Win32:Malware-gen 20160429
AVG FileCryptor.KQO 20160429
Avira (no cloud) TR/Crypt.ZPACK.qmtz 20160429
AVware Trojan.Win32.Generic!BT 20160429
BitDefender Trojan.GenericKD.3186081 20160429
Bkav HW32.Packed.9272 20160429
DrWeb Trojan.Dridex.397 20160429
Emsisoft Trojan.Win32.Waldek (A) 20160429
ESET-NOD32 Win32/Dridex.AA 20160429
F-Secure Trojan.GenericKD.3186081 20160429
GData Trojan.GenericKD.3186081 20160429
Ikarus Trojan.Win32.Dridex 20160429
Jiangmin Trojan.Waldek.dio 20160429
K7AntiVirus Trojan ( 004d85141 ) 20160429
K7GW Trojan ( 004d85141 ) 20160429
Kaspersky Trojan.Win32.Waldek.ljt 20160429
Malwarebytes Backdoor.Bot 20160429
McAfee Generic.xu 20160429
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160429
Microsoft Backdoor:Win32/Drixed 20160429
eScan Trojan.GenericKD.3186081 20160429
nProtect Trojan/W32.Waldek.237568 20160429
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160430
Rising Malware.XPACK-HIE/Heur!1.9C48-hVbDLyNbLeQ (Cloud) 20160429
Sophos AV Troj/Dridex-TV 20160429
Symantec Trojan Horse 20160429
Tencent Win32.Trojan.Crypt.Liqw 20160430
TrendMicro TSPY_DRIDEX.JPC 20160430
TrendMicro-HouseCall TSPY_DRIDEX.JPC 20160430
VIPRE Trojan.Win32.Generic!BT 20160430
ViRobot Trojan.Win32.S.Dridex.237568[h] 20160430
AegisLab 20160429
Alibaba 20160429
Antiy-AVL 20160429
Baidu 20160429
Baidu-International 20160429
CAT-QuickHeal 20160429
ClamAV 20160429
CMC 20160429
Comodo 20160429
Cyren 20160429
F-Prot 20160429
Fortinet 20160429
Kingsoft 20160430
NANO-Antivirus 20160429
Panda 20160429
SUPERAntiSpyware 20160429
TheHacker 20160429
TotalDefense 20160426
VBA32 20160429
Yandex 20160429
Zillya 20160429
Zoner 20160429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-14 20:33:34
Entry Point 0x000284E0
Number of sections 4
PE sections
PE imports
QueryServiceStatus
OpenEventLogA
EqualSid
ChangeServiceConfig2A
DeleteService
ChangeServiceConfigW
IsTextUnicode
_atodbl
__p__fmode
_acmdln
__p__commode
__setusermatherr
abs
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
VarUdateFromDate
SysStringLen
SysStringByteLen
SysAllocString
SafeArrayCreate
SafeArrayAllocDescriptor
QueryPathOfRegTypeLib
VariantInit
VariantChangeTypeEx
SafeArrayUnaccessData
VariantCopyInd
GetActiveObject
OaBuildVersion
LoadTypeLib
SysFreeString
SysAllocStringByteLen
OleLoadPicturePath
LoadRegTypeLib
VariantChangeType
CreateDispTypeInfo
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
RegisterTypeLib
VariantClear
SysReAllocStringLen
SysReAllocString
InternetCombineUrlA
InternetSetStatusCallback
InternetSetOptionA
HttpAddRequestHeadersA
FindFirstUrlCacheEntryExA
InternetCloseHandle
InternetReadFile
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetCrackUrlA
Number of PE resources by type
RT_DIALOG 5
RT_MENU 3
RT_ACCELERATOR 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.172.148.8

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Reform

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
192512

EntryPoint
0x284e0

OriginalFileName
Urchin.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012

FileVersion
143, 138, 63, 166

TimeStamp
2013:07:14 21:33:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Underestimation

ProductVersion
246, 85, 239, 203

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
MessengerDiscovery

CodeSize
163840

FileSubtype
0

ProductVersionNumber
0.232.216.187

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 337e2c2e4ef0ad03bd574f96e8a37f2d
SHA1 d680746b07ed8641e8e5db69f0cb3654844d930b
SHA256 00a4846b80c996aed97ed9a0f7313f4a3cf356cb7b596dc45dee9aebcf657b67
ssdeep
6144:qtmlOHScPO1zontRAcBemyaroDJsGpiOwgO:qtYOJnTBkeksm3w

authentihash e73046d801583b904a51222ab9e9ce284b6ef20db4c3549731bb4a0aaef03cba
imphash 1c808786503c464a5a1bc59462120e2e
File size 232.0 KB ( 237568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-28 16:03:38 UTC ( 2 years, 5 months ago )
Last submission 2018-10-09 11:14:09 UTC ( 6 days, 4 hours ago )
File names 337e2c2e4ef0ad03bd574f96e8a37f2d
radD2135.tmp
rad5C8A0.tmp
337e2c2e4ef0ad03bd574f96e8a37f2d
dridex122.exe
MAL0.BIN
337e2c2e4ef0ad03bd574f96e8a37f2d
tw33t.me
337e2c2e4ef0ad03bd574f96e8a37f2d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications