× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f9322e174056ec9d836bffc8a25a4f8f7217b2c3f698adc7518dd367cf0d980
File name: 0f9322e174056ec9d836bffc8a25a4f8f7217b2c3f698adc7518dd367cf0d980
Detection ratio: 34 / 67
Analysis date: 2017-12-10 13:09:21 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.81564 20171210
AegisLab Backdoor.W32.Dridex!c 20171210
ALYac Gen:Variant.Symmi.81564 20171210
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20171210
Arcabit Trojan.Symmi.D13E9C 20171210
Avast Win32:Malware-gen 20171210
AVG Win32:Malware-gen 20171210
Avira (no cloud) TR/AD.Dridex.iqjxy 20171210
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9930 20171209
BitDefender Gen:Variant.Symmi.81564 20171210
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171210
eGambit Unsafe.AI_Score_90% 20171210
Emsisoft Gen:Variant.Symmi.81564 (B) 20171210
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Dridex.BM 20171210
F-Secure Gen:Variant.Symmi.81564 20171210
Fortinet W32/Dridex.BM!tr.bdr 20171210
Sophos ML heuristic 20170914
Kaspersky Backdoor.Win32.Dridex.rx 20171210
MAX malware (ai score=83) 20171210
McAfee Artemis!7054A6C9FB62 20171210
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20171210
eScan Gen:Variant.Symmi.81564 20171210
Palo Alto Networks (Known Signatures) generic.ml 20171210
Panda Trj/CI.A 20171210
Qihoo-360 Win32/Backdoor.c21 20171210
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171210
TrendMicro TROJ_GEN.R045C0RL817 20171210
TrendMicro-HouseCall TROJ_GEN.R045C0RL817 20171210
WhiteArmor Malware.HighConfidence 20171204
ZoneAlarm by Check Point Backdoor.Win32.Dridex.rx 20171210
AhnLab-V3 20171210
Alibaba 20171208
Avast-Mobile 20171210
AVware 20171210
Bkav 20171208
CAT-QuickHeal 20171209
ClamAV 20171210
CMC 20171208
Comodo 20171210
Cyren 20171210
DrWeb 20171210
F-Prot 20171210
GData 20171210
Ikarus 20171210
Jiangmin 20171210
K7AntiVirus 20171210
K7GW 20171210
Kingsoft 20171210
Malwarebytes 20171210
Microsoft 20171210
NANO-Antivirus 20171210
nProtect 20171210
Rising 20171210
SUPERAntiSpyware 20171210
Symantec 20171209
Symantec Mobile Insight 20171207
Tencent 20171210
TheHacker 20171209
TotalDefense 20171210
Trustlook 20171210
VBA32 20171208
VIPRE 20171210
ViRobot 20171210
Webroot 20171210
Yandex 20171208
Zoner 20171210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name apisetstub
Internal name apisetstub
File version 6.1.7601.23403 (win7sp1_ldr.160325-0600)
Description ApiSet Stub DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-06 20:09:53
Entry Point 0x00001E00
Number of sections 10
PE sections
PE imports
EnumServicesStatusA
GetModuleFileNameA
LoadLibraryA
GetModuleHandleW
ExitProcess
lstrcatW
GetLargestConsoleWindowSize
GetProcAddress
GetBinaryTypeA
RasHangUpA
UrlGetPartW
StrDupW
wnsprintfA
TranslateAcceleratorA
GetClipboardViewer
EmptyClipboard
SetPrinterW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.23403

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ApiSet Stub DLL

ImageFileCharacteristics
Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1e00

OriginalFileName
apisetstub

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.23403 (win7sp1_ldr.160325-0600)

TimeStamp
2017:12:06 21:09:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
apisetstub

ProductVersion
6.1.7601.23403

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft ooooooaooon

CodeSize
0

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.23403

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 7054a6c9fb627f332502453220258cc8
SHA1 2f344f1a56fffad935ee4afe2738906bd7af7b71
SHA256 0f9322e174056ec9d836bffc8a25a4f8f7217b2c3f698adc7518dd367cf0d980
ssdeep
1536:WSL1KR7wUuia4+/FDh9kTd/5ssmnmIqOyTmnlbGjIdzbx9qXNX0hjXX+dp7i3100:W41Kly3phqd/5ssOmRYMX0hXX6i3cu

authentihash 52952d5f8255194d8fa696e576e82961c97ebc081ccf75951a559b5338a10c9e
imphash 08b32458caf11df6448e1177492fd8d3
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-10 10:12:13 UTC ( 1 year, 4 months ago )
Last submission 2017-12-10 13:09:21 UTC ( 1 year, 4 months ago )
File names 7054a6c9fb627f332502453220258cc8
apisetstub
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications