× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d5a3ea559e518cd5a5f02899df8bd6682ab9372b7adb5760fcc18e3bddd76b7
File name: u8ggf5f5.exe
Detection ratio: 32 / 55
Analysis date: 2016-04-23 20:40:08 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3172303 20160423
AegisLab Troj.W32.Gen.lMJ4 20160423
AhnLab-V3 Trojan/Win32.Dridex 20160423
Arcabit Trojan.Generic.D3067CF 20160423
Avast Win32:Malware-gen 20160423
Avira (no cloud) TR/SpyAgent.2275 20160423
AVware Trojan.Win32.Dridex.aac (v) 20160423
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160422
BitDefender Trojan.GenericKD.3172303 20160423
Emsisoft Trojan.Win32.Dridex (A) 20160423
ESET-NOD32 Win32/Dridex.AA 20160423
F-Secure Trojan.GenericKD.3172303 20160423
Fortinet W32/Yakes.KVU!tr 20160423
GData Trojan.GenericKD.3172303 20160423
Ikarus Trojan.Win32.Dridex 20160423
K7GW Riskware ( 0040eff71 ) 20160423
Kaspersky Trojan.Win32.Yakes.pnvw 20160423
Malwarebytes Trojan.Dridex 20160423
McAfee Artemis!CF39567A7DA3 20160423
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160423
Microsoft Backdoor:Win32/Drixed.M 20160423
eScan Trojan.GenericKD.3172303 20160423
Panda Generic Malware 20160423
Qihoo-360 Win32/Trojan.566 20160423
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160423
Sophos AV Troj/Zbot-KVU 20160423
Symantec Trojan.Cridex 20160423
Tencent Win32.Trojan.Yakes.Taez 20160423
TrendMicro TSPY_DRIDEX.YYSUB 20160423
TrendMicro-HouseCall TSPY_DRIDEX.YYSUB 20160423
VIPRE Trojan.Win32.Dridex.aac (v) 20160423
ViRobot Trojan.Win32.U.Dridex.232960[h] 20160423
Alibaba 20160422
ALYac 20160423
Antiy-AVL 20160423
AVG 20160423
Baidu-International 20160423
Bkav 20160423
CAT-QuickHeal 20160423
ClamAV 20160423
CMC 20160421
Comodo 20160423
Cyren 20160423
DrWeb 20160423
F-Prot 20160423
K7AntiVirus 20160423
Kingsoft 20160423
NANO-Antivirus 20160423
nProtect 20160422
SUPERAntiSpyware 20160423
TheHacker 20160422
VBA32 20160423
Yandex 20160422
Zillya 20160423
Zoner 20160423
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name Emet312.dll
Internal name emt7ren.dll
File version 5.0.2641.5500 .
Description Kersdl
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-22 10:16:28
Entry Point 0x0000105A
Number of sections 7
PE sections
PE imports
LoadLibraryExA
FindFirstChangeNotificationA
SetConsoleTextAttribute
GetComputerNameA
MoveFileWithProgressA
EnumCalendarInfoExA
GetLocalTime
Number of PE resources by type
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows

FileVersionNumber
5.1.2605.5512

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Kersdl

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Emet312.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.2641.5500 .

TimeStamp
2017:03:22 11:16:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
emt7ren.dll

ProductVersion
5.0.2641.5512

SubsystemVersion
5.0

OSVersion
4.1

FileOS
Windows NT 32-bit

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CodeSize
60416

FileSubtype
0

ProductVersionNumber
5.1.2605.5512

EntryPoint
0x105a

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 cf39567a7da322c8eafd02583f1ac809
SHA1 be90f4a1e415227de8f09ef7c11b1cf0dd15e0f4
SHA256 1d5a3ea559e518cd5a5f02899df8bd6682ab9372b7adb5760fcc18e3bddd76b7
ssdeep
3072:cFxWwnvB2w/N8gumYef3tw5kz8jRysW6B0wXPykCbZxi:v6gACgumYepsWRwfykgZx

authentihash 02e2d951af7c564f2a92606b3d897a2192579ecf566675de613ea931368b1adb
imphash 81562b1cecd40533832f6b5462c376e4
File size 227.5 KB ( 232960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2016-04-22 09:58:54 UTC ( 2 years, 10 months ago )
Last submission 2018-05-15 12:23:09 UTC ( 9 months, 2 weeks ago )
File names emt7ren.dll
labuten.exe
0u8ggf5f5
Emet312.dll
0u8ggf5f5
0u8ggf5f5.exe
malware.exe
0u8ggf5f5.exe
0u8ggf5f5[1].2236.dr
labuten.exe
0u8ggf5f5.1
HTTP-FJLGRr3r6In5VNFXbe.exe
0u8ggf5f5.3
0u8ggf5f5.2
0u8ggf5f5.4
u8ggf5f5.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications