× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07c05fa06cac8a5e585bd06c45b8738f8d0456efa319ffeb4e663a7e15f38139
File name: 586688.exe
Detection ratio: 46 / 70
Analysis date: 2018-12-05 07:48:35 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31379939 20181205
AhnLab-V3 Trojan/Win32.Kryptik.R246724 20181204
ALYac Trojan.Dridex.A 20181205
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20181205
Arcabit Trojan.Generic.D1DED1E3 20181205
Avast Win32:Trojan-gen 20181205
AVG Win32:Trojan-gen 20181205
BitDefender Trojan.GenericKD.31379939 20181205
CAT-QuickHeal Trojan.Azden 20181204
Comodo Malware@#6z9j8jqs61o3 20181205
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.c52b42 20180225
Cylance Unsafe 20181205
Cyren W32/Trojan.XILK-8071 20181205
Emsisoft Trojan.GenericKD.31379939 (B) 20181205
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNHQ 20181205
F-Prot W32/Trojan3.ANJY 20181205
F-Secure Trojan.GenericKD.31379939 20181205
Fortinet W32/Kryptik.GNFL!tr 20181205
GData Trojan.GenericKD.31379939 20181205
Ikarus Trojan-Banker.Emotet 20181204
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005425a31 ) 20181205
K7GW Trojan ( 005425a31 ) 20181205
Kaspersky Backdoor.Win32.Dridex.akp 20181204
Malwarebytes Trojan.Dridex 20181205
McAfee RDN/Generic.dx 20181205
McAfee-GW-Edition RDN/Generic.dx 20181205
Microsoft Trojan:Win32/Casdet!rfn 20181205
eScan Trojan.GenericKD.31379939 20181205
NANO-Antivirus Trojan.Win32.Dridex.fkszjz 20181205
Palo Alto Networks (Known Signatures) generic.ml 20181205
Panda Trj/GdSda.A 20181204
Qihoo-360 Win32/Backdoor.c21 20181205
Rising Backdoor.Dridex!8.3226 (CLOUD) 20181205
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/Inject-DRW 20181205
Symantec Trojan Horse 20181205
Trapmine suspicious.low.ml.score 20181128
TrendMicro TROJ_FRS.VSN1CK18 20181205
TrendMicro-HouseCall TROJ_FRS.VSN1CK18 20181205
VBA32 BScope.Backdoor.Dridex 20181204
ViRobot Trojan.Win32.Z.Kryptik.253952.KK 20181205
Webroot W32.Trojan.Gen 20181205
ZoneAlarm by Check Point Backdoor.Win32.Dridex.akp 20181205
AegisLab 20181205
Alibaba 20180921
Avast-Mobile 20181204
Avira (no cloud) 20181205
Babable 20180918
Baidu 20181204
Bkav 20181203
ClamAV 20181203
CMC 20181204
DrWeb 20181205
eGambit 20181205
Jiangmin 20181205
Kingsoft 20181205
MAX 20181205
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181204
TACHYON 20181204
Tencent 20181205
TheHacker 20181202
TotalDefense 20181205
Trustlook 20181205
VIPRE 20181205
Yandex 20181204
Zillya 20181204
Zoner 20181205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© 1991-2000 LEAD Technologies, Inc.

Product LEADTOOLS(r) DLL for Win32
Original name LFFPX12N.DLL
Internal name LFFPX12N
File version 12.1.0.011
Description LEADTOOLS(r) DLL for Win32
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-26 03:32:31
Entry Point 0x000042A1
Number of sections 5
PE sections
PE imports
OpenServiceW
AllocateLocallyUniqueId
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
InterlockedDecrement
OutputDebugStringA
SetLastError
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetUserDefaultLCID
CompareStringW
GetTimeFormatA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
CompareStringA
SysReAllocStringLen
glGetError
SetupDiRegisterDeviceInfo
SHReleaseThreadRef
PathGetDriveNumberW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
122880

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.1.0.11

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LEADTOOLS(r) DLL for Win32

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
139264

EntryPoint
0x42a1

OriginalFileName
LFFPX12N.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright 1991-2000 LEAD Technologies, Inc.

FileVersion
12.1.0.011

TimeStamp
2018:11:25 19:32:31-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
LFFPX12N

ProductVersion
12.1.0.011

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LEAD Technologies, Inc.

LegalTrademarks
LEADTOOLS(r) is a trademark of LEAD Technologies, Inc.

ProductName
LEADTOOLS(r) DLL for Win32

ProductVersionNumber
12.1.0.11

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0c26b2cc52b429a8472574fa20b80dd1
SHA1 c9a4aa36e8187acc74793fcddd17750f36c6e7bb
SHA256 07c05fa06cac8a5e585bd06c45b8738f8d0456efa319ffeb4e663a7e15f38139
ssdeep
3072:cYgHAECVVuZS4QyMr2bel4uBztTLW5RCjLoRw3ICzDyrSYVSUNNSx8X9EG7+IG51:cYgH/Uuky8l4465RC1zpESUNNE8dI

authentihash e970ad4ca127e4e6ad2317192c8ea26434c9e0ff33f4505e94b015426351d82e
imphash 516f5ef9b3191fb911b7d00da5d68af2
File size 248.0 KB ( 253952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-27 16:54:55 UTC ( 4 months, 3 weeks ago )
Last submission 2018-11-27 16:54:55 UTC ( 4 months, 3 weeks ago )
File names LFFPX12N.DLL
LFFPX12N
586688.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs