× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 034e193f88a93ebb4ac8ca8da5b3b1429600ef04e5c124457ce0bc1830bae558
File name: 13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe
Detection ratio: 38 / 55
Analysis date: 2016-12-21 13:16:15 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3945053 20161221
AegisLab Troj.W32.Razy!c 20161221
AhnLab-V3 Trojan/Win32.Infostealer.C1714929 20161221
ALYac Trojan.Injector 20161221
Arcabit Trojan.Generic.D3C325D 20161221
Avast Win32:Malware-gen 20161221
AVG PSW.Generic13.SLL 20161221
Avira (no cloud) TR/Crypt.Xpack.mwslr 20161221
AVware Trojan.Win32.Generic!BT 20161221
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Trojan.GenericKD.3945053 20161221
Bkav HW32.Packed.B9F0 20161221
CAT-QuickHeal TrojanPWS.Dyzap 20161221
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
DrWeb Trojan.Inject2.38071 20161221
Emsisoft Trojan.GenericKD.3945053 (B) 20161221
ESET-NOD32 Win32/Dridex.AX 20161221
F-Secure Trojan.GenericKD.3945053 20161221
Fortinet W32/Dridex.AX!tr 20161221
GData Trojan.GenericKD.3945053 20161221
Ikarus Trojan-Spy.Dyzap 20161221
Sophos ML backdoor.win32.drixed.m 20161216
K7AntiVirus Trojan ( 004fe5cb1 ) 20161221
K7GW Trojan ( 004fe5cb1 ) 20161221
Kaspersky Trojan.Win32.Razy.fyi 20161221
Malwarebytes Trojan.MalPack.INJ 20161221
McAfee RDN/Generic PWS.y 20161221
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ch 20161221
Microsoft PWS:Win32/Dyzap.X 20161221
eScan Trojan.GenericKD.3945053 20161221
nProtect Trojan/W32.Razy.134408 20161221
Qihoo-360 HEUR/QVM20.1.EE3F.Malware.Gen 20161221
Rising Trojan.Dridex!8.33B-dAuPWeiQqIS (cloud) 20161221
Sophos AV Troj/Dridex-WR 20161221
Symantec Trojan.Cridex 20161221
Tencent Win32.Trojan.Razy.Lnyk 20161221
VIPRE Trojan.Win32.Generic!BT 20161221
ViRobot Trojan.Win32.S.Agent.134408[h] 20161221
Alibaba 20161221
Antiy-AVL 20161221
ClamAV 20161221
CMC 20161221
Comodo 20161221
Cyren 20161221
F-Prot 20161221
Jiangmin 20161221
Kingsoft 20161221
NANO-Antivirus 20161221
Panda 20161220
SUPERAntiSpyware 20161221
TheHacker 20161219
TotalDefense 20161221
Trustlook 20161221
VBA32 20161221
WhiteArmor 20161212
Yandex 20161220
Zillya 20161220
Zoner 20161221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name COMUID.DLL
Internal name COMUID.DLL
File version 2001.12.10530.17415 (winblue_r4.141028-1500)
Description COM+ Explorer UI
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-19 08:37:09
Entry Point 0x0000C400
Number of sections 14
PE sections
PE imports
GetComputerNameW
FindAtomW
CheckRemoteDebuggerPresent
GetNativeSystemInfo
CreateDirectoryA
GetCommandLineW
PurgeComm
ConvertDefaultLocale
FatalAppExitA
LoadLibraryA
GetModuleHandleW
_snwprintf
PdhGetLogFileSize
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
2001.12.10530.17415

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, Large address aware, 32-bit

CharacterSet
Unicode

LinkerVersion
19.2

FileTypeExtension
exe

OriginalFileName
COMUID.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2001.12.10530.17415 (winblue_r4.141028-1500)

TimeStamp
2016:12:19 09:37:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
COMUID.DLL

ProductVersion
6.3.9601.17415

FileDescription
COM+ Explorer UI

OSVersion
2.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
46592

FileSubtype
0

ProductVersionNumber
6.3.9600.17415

EntryPoint
0xc400

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 3ea61e934c4fb7421087f10cacb14832
SHA1 bffb40c2520e923c7174bbc52767b3b87f7364a9
SHA256 034e193f88a93ebb4ac8ca8da5b3b1429600ef04e5c124457ce0bc1830bae558
ssdeep
1536:zSyVAnFG4VYDywC8KzOkWh6q8CoMUWJ4YcH0tAPl/bUqMlb6kjMRXA9EX6I8cGnW:WTFpeilaOKb64UXFX6SsdTFi

authentihash 8b48a75f1227d3931fa0f6c5a039bc17c2e19d6a9c2d8f7dc113ed5a7fc2ec40
imphash 9c3d7cafdc4c7106df318bd28a1f5114
File size 131.3 KB ( 134408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-19 13:41:46 UTC ( 2 years, 2 months ago )
Last submission 2017-05-16 19:55:37 UTC ( 1 year, 9 months ago )
File names 13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe
3ea61e934c4fb7421087f10cacb14832.exe
aa
034e193f88a93ebb4ac8ca8da5b3b1429600ef04e5c124457ce0bc1830bae558
034e193f88a93ebb4ac8ca8da5b3b1429600ef04e5c124457ce0bc1830bae558
XhuQCW7AkH.dot
sample ._DONTEXECUTE
13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe.txt
2a7ee243df793ea012e15aee75b027e3e6459d62
_13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe
bffb40c2520e923c7174bbc52767b3b87f7364a9.exe
13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe
Roaming.Exe
13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.e_xe
COMUID.DLL
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications