× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f201c000251ed9c991c7211647ba5dac81d8c8f60b9ce92ff48bc886fef2738
File name: ffdc87c14663b8fd73e89ca44ca928e9
Detection ratio: 28 / 54
Analysis date: 2016-02-17 06:44:20 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.17729 20160217
AegisLab Backdoor.W32.Cridex!c 20160217
AhnLab-V3 Trojan/Win32.Dridex 20160216
Antiy-AVL Trojan[Backdoor]/Win32.Cridex 20160217
Arcabit Trojan.Razy.D4541 20160217
Avast Win32:Malware-gen 20160217
AVG Crypt5.AIZA 20160217
Avira (no cloud) TR/Crypt.Xpack.402615 20160217
BitDefender Gen:Variant.Razy.17729 20160217
Cyren W32/Dridex.C.gen!Eldorado 20160217
Emsisoft Gen:Variant.Razy.17729 (B) 20160217
ESET-NOD32 Win32/Dridex.AA 20160217
F-Prot W32/Dridex.C.gen!Eldorado 20160217
F-Secure Gen:Variant.Razy.17729 20160217
Fortinet W32/Kryptik.EOBG!tr 20160217
GData Gen:Variant.Razy.17729 20160217
Ikarus Trojan.Win32.Crypt 20160217
K7GW Trojan ( 004de6d21 ) 20160217
Kaspersky Backdoor.Win32.Cridex.cf 20160217
Malwarebytes Trojan.FakeMS 20160217
McAfee RDN/Generic.grp 20160217
McAfee-GW-Edition BehavesLike.Win32.Rungbu.dh 20160217
eScan Gen:Variant.Razy.17729 20160217
Panda Trj/CI.A 20160216
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160217
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160216
Sophos AV Troj/Dridex-PO 20160217
VIPRE Trojan.Win32.Generic!BT 20160217
Yandex 20160216
Alibaba 20160217
Baidu-International 20160216
Bkav 20160215
ByteHero 20160217
CAT-QuickHeal 20160216
ClamAV 20160217
CMC 20160216
Comodo 20160217
DrWeb 20160217
Jiangmin 20160217
K7AntiVirus 20160216
Microsoft 20160216
NANO-Antivirus 20160217
nProtect 20160216
SUPERAntiSpyware 20160217
Symantec 20160216
Tencent 20160217
TheHacker 20160215
TotalDefense 20160216
TrendMicro 20160217
TrendMicro-HouseCall 20160217
VBA32 20160216
ViRobot 20160217
Zillya 20160216
Zoner 20160217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Work Folders
Original name WorkFoldersRes.dll
Internal name WorkFoldersRes.dll
File version 6.2.9200.16384
Description Work Folders Resources
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 01:08:16
Entry Point 0x00021E90
Number of sections 9
PE sections
PE imports
GetDriveTypeW
VerifyVersionInfoA
GetOverlappedResult
EncodePointer
SetConsoleCursorPosition
SetSystemTime
GetConsoleMode
GetFileTime
IsDBCSLeadByteEx
FindResourceExA
GetThreadIOPendingFlag
EnumCalendarInfoExW
SetTimerQueueTimer
WriteFile
Thread32First
LocalFree
InitAtomTable
InterlockedDecrement
GetProfileIntA
FindFirstVolumeMountPointA
GetUserDefaultUILanguage
VerLanguageNameA
OpenThread
WriteTapemark
FoldStringA
SetFileShortNameW
SetConsoleCtrlHandler
EraseTape
ActivateActCtx
WriteProfileStringW
CreateDirectoryExW
GetSystemDefaultUILanguage
EnumSystemLanguageGroupsA
GetNumberOfConsoleMouseButtons
ExitThread
SetEnvironmentVariableA
ReadConsoleA
FindAtomW
GetModuleHandleExW
GetCurrentConsoleFont
SearchPathA
ReadConsoleW
GetVersion
AddRefActCtx
CreateToolhelp32Snapshot
RequestDeviceWakeup
MoveFileWithProgressW
GetVersionExW
QueryPerformanceCounter
GetTickCount
ClearCommError
MoveFileWithProgressA
WriteConsoleOutputAttribute
GlobalSize
SystemTimeToFileTime
Process32First
GetPrivateProfileIntA
DeleteFileA
GetCommProperties
BackupWrite
DeleteFileW
GetProcAddress
QueryDepthSList
GetProfileStringW
CreateHardLinkA
SetCriticalSectionSpinCount
DebugBreakProcess
WaitNamedPipeA
EnumResourceNamesA
FreeConsole
IsValidLocale
lstrcmpW
FindFirstFileExW
WaitForMultipleObjects
EncodeSystemPointer
GetFileType
TlsSetValue
LocalUnlock
GetLastError
FlushConsoleInputBuffer
GetDevicePowerState
GetShortPathNameA
GetAtomNameA
CreateIoCompletionPort
GetCompressedFileSizeW
GetCompressedFileSizeA
GetSystemDefaultLangID
Module32NextW
WriteFileEx
GlobalFlags
SetConsoleTitleA
EnumSystemCodePagesA
LoadLibraryExA
GetLongPathNameW
HeapCreate
GetDefaultCommConfigW
MprAdminMIBBufferFree
MprInfoRemoveAll
MprAdminMIBEntryGet
VarUI1FromCy
VarUI2FromI4
VarCyFromI1
VarR4FromDec
DragAcceptFiles
Shell_NotifyIconW
ExtractAssociatedIconExW
SHGetFileInfoW
DragQueryPoint
wnsprintfW
AnimateWindow
GetWindowLongA
OpenInputDesktop
CreateMDIWindowW
EnableWindow
GetLastActivePopup
wsprintfA
ReleaseDC
wsprintfW
MessageBeep
PtInRect
mbtowc
fputws
fscanf
iswgraph
wprintf
localeconv
rewind
fclose
getenv
iswascii
abort
getwc
wscanf
realloc
iswupper
strncmp
strtol
tolower
qsort
labs
iswdigit
isalpha
sprintf
atol
isdigit
vsprintf
isspace
GetErrorInfo
PdhGetRawCounterValue
PdhEnumObjectsA
PdhGetDataSourceTimeRangeA
PdhReadRawLogRecord
PdhCalculateCounterFromRawValue
GetClassURL
URLDownloadToFileA
CoInternetCombineUrl
FaultInIEFeature
CoInternetParseUrl
Number of PE resources by type
RT_ICON 9
MUI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
42752

ImageVersion
1.0

ProductName
Work Folders

FileVersionNumber
6.2.9200.16384

UninitializedDataSize
6656

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug

CharacterSet
Unicode

LinkerVersion
2.17

FileTypeExtension
exe

OriginalFileName
WorkFoldersRes.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.2.9200.16384

TimeStamp
1970:01:01 02:08:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WorkFoldersRes.dll

ProductVersion
6.2.9200.16384

FileDescription
Work Folders Resources

OSVersion
4.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
50688

FileSubtype
0

ProductVersionNumber
6.2.9200.16384

EntryPoint
0x21e90

ObjectFileType
Dynamic link library

File identification
MD5 ffdc87c14663b8fd73e89ca44ca928e9
SHA1 7cf9a272ecea838e56bdea36ea2b510e6f9f6f05
SHA256 0f201c000251ed9c991c7211647ba5dac81d8c8f60b9ce92ff48bc886fef2738
ssdeep
6144:i4ZCUGitvX+WAdpULR+cih7i8CIw7Z/mKiyRjLuaM:i4ZaitmWAPULBQ37w7Zliyg

authentihash 67664c3f5a5cd2c8928a456592896093ca49012dc706c6026e349259849f2f4c
imphash 1cb74b1de9a7c2b3ab80084aea408e6c
File size 251.5 KB ( 257536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-16 08:05:10 UTC ( 3 years, 2 months ago )
Last submission 2016-02-16 08:46:43 UTC ( 3 years, 2 months ago )
File names WorkFoldersRes.dll
9955.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications