× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a14ebf1c4d3ee9cd7b0ef181871c14cc11116039ee16cbe3411e0db4dfb2236
File name: fad69582b29fa178db1e557078392588
Detection ratio: 35 / 56
Analysis date: 2015-04-20 13:56:24 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2286681 20150420
AhnLab-V3 Trojan/Win32.Tepfer 20150420
Antiy-AVL Worm/Win32.Cridex 20150420
Avast Win32:Malware-gen 20150420
AVG Crypt4.MAX 20150420
Avira (no cloud) TR/DridexDownloader.A.24 20150420
AVware Trojan.Win32.Generic!BT 20150420
Baidu-International Worm.Win32.Cridex.qbg 20150420
BitDefender Trojan.GenericKD.2286681 20150420
Cyren W32/Trojan.BQOS-3825 20150420
Emsisoft Trojan.GenericKD.2286681 (B) 20150420
ESET-NOD32 a variant of Win32/Kryptik.DETO 20150420
F-Secure Trojan.GenericKD.2286681 20150420
Fortinet W32/Kryptik.DETO!tr 20150420
GData Trojan.GenericKD.2286681 20150420
Ikarus Trojan.Win32.Crypt 20150420
K7AntiVirus Trojan ( 004bce001 ) 20150420
K7GW Trojan ( 004bce001 ) 20150420
Kaspersky Worm.Win32.Cridex.qbg 20150420
Malwarebytes Trojan.FakeMS 20150420
McAfee Downloader-FARY!FAD69582B29F 20150420
McAfee-GW-Edition Downloader-FARY!FAD69582B29F 20150420
eScan Trojan.GenericKD.2286681 20150420
NANO-Antivirus Trojan.Win32.Cridex.dqjznn 20150420
Norman Kryptik.CFBT 20150420
nProtect Trojan.GenericKD.2286681 20150420
Panda Trj/Genetic.gen 20150420
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150420
Sophos AV Mal/Generic-S 20150420
Symantec Trojan.Gen 20150420
Tencent Trojan.Win32.Qudamah.Gen.5 20150420
TrendMicro TROJ_GEN.R03AC0EDG15 20150420
TrendMicro-HouseCall TROJ_GEN.R03AC0EDG15 20150420
VIPRE Trojan.Win32.Generic!BT 20150420
ViRobot Trojan.Win32.S.Agent.100352.DO[h] 20150420
AegisLab 20150420
Yandex 20150419
Alibaba 20150420
Bkav 20150420
ByteHero 20150420
CAT-QuickHeal 20150420
ClamAV 20150420
CMC 20150418
Comodo 20150420
DrWeb 20150420
F-Prot 20150420
Jiangmin 20150417
Kingsoft 20150420
Microsoft 20150420
Rising 20150420
SUPERAntiSpyware 20150419
TheHacker 20150420
TotalDefense 20150420
VBA32 20150420
Zillya 20150420
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher Microsoft Corporation
Product ???????????? ??????? Microsoft® Windows®
Original name twext.dll
Internal name twext
File version 6.00.5200.5512 (xpsp.080413-2105)
Description ????????: ?????????? ??????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-10 23:13:00
Entry Point 0x000087E0
Number of sections 9
PE sections
PE imports
GetVolumePathNameW
CreateTimerQueueTimer
GetPrivateProfileStructA
DeleteFiber
GetDriveTypeA
EnumUILanguagesW
SetThreadPriorityBoost
ScrollConsoleScreenBufferW
GetTapeParameters
GetLocaleInfoA
GetConsoleCursorInfo
GetConsoleProcessList
GetThreadContext
CommConfigDialogA
GetConsoleSelectionInfo
GetCommModemStatus
WideCharToMultiByte
SetTimerQueueTimer
SwitchToFiber
WritePrivateProfileStructW
GetFullPathNameA
AddVectoredExceptionHandler
LoadResource
FatalExit
GetLogicalDriveStringsW
SetFileAttributesW
FindFirstVolumeMountPointA
GetEnvironmentVariableW
DisableThreadLibraryCalls
WriteProcessMemory
GetLargestConsoleWindowSize
DeleteTimerQueueEx
RemoveVectoredExceptionHandler
FindNextVolumeW
VerSetConditionMask
HeapSetInformation
FatalAppExitW
GetPriorityClass
CreateDirectoryExW
GetProfileSectionW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetProfileSectionA
GetPrivateProfileStringW
CreateSemaphoreA
DeleteVolumeMountPointW
SetMessageWaitingIndicator
GlobalAddAtomA
GetSystemDirectoryA
SetCurrentDirectoryW
GetCommState
ReadConsoleW
GetCurrentThreadId
AddRefActCtx
GetModuleHandleExA
SetCurrentDirectoryA
SetCalendarInfoA
GetNativeSystemInfo
GlobalGetAtomNameW
IsBadWritePtr
GlobalUnfix
EndUpdateResourceA
ExitThread
GetFileSize
AddAtomA
GetNamedPipeHandleStateA
CreateDirectoryA
GetWindowsDirectoryA
SetCommMask
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
AssignProcessToJobObject
GlobalWire
GetFileSizeEx
ResetEvent
FreeConsole
Thread32Next
SetVolumeMountPointA
GlobalLock
GetBinaryTypeA
OpenJobObjectW
EncodeSystemPointer
SetFileApisToOEM
GetPrivateProfileSectionA
GetCurrencyFormatW
BuildCommDCBA
GetLastError
LCMapStringW
GlobalAlloc
CreateFiber
GetQueuedCompletionStatus
Module32FirstW
SizeofResource
CompareFileTime
WaitNamedPipeW
ContinueDebugEvent
GetCPInfoExA
EnumTimeFormatsA
QueryActCtxW
EnumSystemCodePagesW
GetSystemDefaultLangID
Heap32ListNext
HeapUnlock
SetProcessWorkingSetSize
lstrcpynA
PeekConsoleInputA
SetLocalTime
GetModuleHandleW
FreeResource
IsBadHugeWritePtr
GetProcessHandleCount
DnsHostnameToComputerNameW
ResetWriteWatch
OpenSemaphoreA
PostQueuedCompletionStatus
Sleep
IsBadReadPtr
MprAdminMIBBufferFree
MprAdminConnectionClearStats
VarUI1FromCy
VarUI2FromBool
ExtractIconA
SHInvokePrinterCommandW
SHInvokePrinterCommandA
ExtractIconExA
DragQueryPoint
IsWindowEnabled
LoadStringW
ShowOwnedPopups
GetWindowTextW
InvalidateRect
setlocale
wcstoul
__dllonexit
isdigit
isprint
wcstok
swscanf
fgets
_onexit
wcstod
fputc
strtod
strlen
_lock
memcpy
_unlock
wcsncat
isspace
strcspn
wcscoll
iswcntrl
labs
iswupper
fgetwc
wcscpy
freopen
isupper
vsprintf
setvbuf
URLDownloadToCacheFileW
CreateURLMoniker
Number of PE resources by type
REGINST 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.0.5200.5512

UninitializedDataSize
4608

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
11264

EntryPoint
0x87e0

OriginalFileName
twext.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
6.00.5200.5512 (xpsp.080413-2105)

TimeStamp
2018:06:11 00:13:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
twext

ProductVersion
6.00.5200.5512

FileDescription
:

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
83968

ProductName
Microsoft Windows

ProductVersionNumber
6.0.5200.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 fad69582b29fa178db1e557078392588
SHA1 08f138f1a968357b95ef6b137064ff514721705a
SHA256 0a14ebf1c4d3ee9cd7b0ef181871c14cc11116039ee16cbe3411e0db4dfb2236
ssdeep
1536:EgXzc6Dch9ehyWeJuHg1Fh5KYlSiyZHwbuO8BMlwJ:EgXw64hkG04h5KYEHlAXlK

authentihash 2eac8d8ba3c5066d11e25a1fcd2ac57a2a3661e1bb909d40d43b5b8f84873926
imphash 0992e0f86ccaa723b83af2829744f04d
File size 98.0 KB ( 100352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.4%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-10 15:51:05 UTC ( 4 years, 1 month ago )
Last submission 2015-07-13 09:46:32 UTC ( 3 years, 10 months ago )
File names FAD69582B29FA178DB1E557078392588
0A14EBF1C4D3EE9CD7B0EF181871C14CC11116039EE16CBE3411E0DB4DFB2236.exe
twext
twext.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications