× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d5a3ea559e518cd5a5f02899df8bd6682ab9372b7adb5760fcc18e3bddd76b7
File name: malware.exe
Detection ratio: 6 / 56
Analysis date: 2016-04-22 11:24:22 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lMJ4 20160422
AVware Trojan.Win32.Dridex.aac (v) 20160422
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160422
Kaspersky UDS:DangerousObject.Multi.Generic 20160422
Qihoo-360 QVM20.1.Malware.Gen 20160422
VIPRE Trojan.Win32.Dridex.aac (v) 20160422
Ad-Aware 20160422
AhnLab-V3 20160421
Alibaba 20160422
ALYac 20160422
Antiy-AVL 20160422
Arcabit 20160422
Avast 20160422
AVG 20160422
Avira (no cloud) 20160422
Baidu-International 20160422
BitDefender 20160422
Bkav 20160421
CAT-QuickHeal 20160422
ClamAV 20160422
CMC 20160421
Comodo 20160422
Cyren 20160422
DrWeb 20160422
Emsisoft 20160422
ESET-NOD32 20160422
F-Prot 20160422
F-Secure 20160422
Fortinet 20160422
GData 20160422
Ikarus 20160422
Jiangmin 20160422
K7AntiVirus 20160422
K7GW 20160422
Kingsoft 20160422
Malwarebytes 20160422
McAfee 20160422
McAfee-GW-Edition 20160422
Microsoft 20160422
eScan 20160422
NANO-Antivirus 20160422
nProtect 20160422
Panda 20160421
Rising 20160422
Sophos 20160422
SUPERAntiSpyware 20160422
Symantec 20160422
Tencent 20160422
TheHacker 20160421
TrendMicro 20160422
TrendMicro-HouseCall 20160422
VBA32 20160421
ViRobot 20160422
Yandex 20160421
Zillya 20160422
Zoner 20160422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name Emet312.dll
Internal name emt7ren.dll
File version 5.0.2641.5500 .
Description Kersdl
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-22 10:16:28
Entry Point 0x0000105A
Number of sections 7
PE sections
PE imports
LoadLibraryExA
FindFirstChangeNotificationA
SetConsoleTextAttribute
GetComputerNameA
MoveFileWithProgressA
EnumCalendarInfoExA
GetLocalTime
Number of PE resources by type
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2605.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x105a

OriginalFileName
Emet312.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.0.2641.5500 .

TimeStamp
2017:03:22 11:16:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
emt7ren.dll

ProductVersion
5.0.2641.5512

FileDescription
Kersdl

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
60416

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2605.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 cf39567a7da322c8eafd02583f1ac809
SHA1 be90f4a1e415227de8f09ef7c11b1cf0dd15e0f4
SHA256 1d5a3ea559e518cd5a5f02899df8bd6682ab9372b7adb5760fcc18e3bddd76b7
ssdeep
3072:cFxWwnvB2w/N8gumYef3tw5kz8jRysW6B0wXPykCbZxi:v6gACgumYepsWRwfykgZx

authentihash 02e2d951af7c564f2a92606b3d897a2192579ecf566675de613ea931368b1adb
imphash 81562b1cecd40533832f6b5462c376e4
File size 227.5 KB ( 232960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2016-04-22 09:58:54 UTC ( 1 year, 1 month ago )
Last submission 2016-12-17 04:24:52 UTC ( 5 months, 1 week ago )
File names emt7ren.dll
labuten.exe
0u8ggf5f5
Emet312.dll
0u8ggf5f5
0u8ggf5f5.exe
malware.exe
0u8ggf5f5.exe
0u8ggf5f5[1].2236.dr
labuten.exe
0u8ggf5f5.1
HTTP-FJLGRr3r6In5VNFXbe.exe
0u8ggf5f5.3
0u8ggf5f5.2
0u8ggf5f5.4
u8ggf5f5.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications