| SHA256: | 1d5a3ea559e518cd5a5f02899df8bd6682ab9372b7adb5760fcc18e3bddd76b7 |
| File name: | u8ggf5f5.exe |
| Detection ratio: | 32 / 55 |
| Analysis date: | 2016-04-23 20:40:08 UTC ( 2 years, 10 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Trojan.GenericKD.3172303 | 20160423 |
| AegisLab | Troj.W32.Gen.lMJ4 | 20160423 |
| AhnLab-V3 | Trojan/Win32.Dridex | 20160423 |
| Arcabit | Trojan.Generic.D3067CF | 20160423 |
| Avast | Win32:Malware-gen | 20160423 |
| Avira (no cloud) | TR/SpyAgent.2275 | 20160423 |
| AVware | Trojan.Win32.Dridex.aac (v) | 20160423 |
| Baidu | Win32.Trojan.WisdomEyes.151026.9950.9999 | 20160422 |
| BitDefender | Trojan.GenericKD.3172303 | 20160423 |
| Emsisoft | Trojan.Win32.Dridex (A) | 20160423 |
| ESET-NOD32 | Win32/Dridex.AA | 20160423 |
| F-Secure | Trojan.GenericKD.3172303 | 20160423 |
| Fortinet | W32/Yakes.KVU!tr | 20160423 |
| GData | Trojan.GenericKD.3172303 | 20160423 |
| Ikarus | Trojan.Win32.Dridex | 20160423 |
| K7GW | Riskware ( 0040eff71 ) | 20160423 |
| Kaspersky | Trojan.Win32.Yakes.pnvw | 20160423 |
| Malwarebytes | Trojan.Dridex | 20160423 |
| McAfee | Artemis!CF39567A7DA3 | 20160423 |
| McAfee-GW-Edition | BehavesLike.Win32.PWSZbot.dh | 20160423 |
| Microsoft | Backdoor:Win32/Drixed.M | 20160423 |
| eScan | Trojan.GenericKD.3172303 | 20160423 |
| Panda | Generic Malware | 20160423 |
| Qihoo-360 | Win32/Trojan.566 | 20160423 |
| Rising | PE:Malware.Generic/QRS!1.9E2D [F] | 20160423 |
| Sophos AV | Troj/Zbot-KVU | 20160423 |
| Symantec | Trojan.Cridex | 20160423 |
| Tencent | Win32.Trojan.Yakes.Taez | 20160423 |
| TrendMicro | TSPY_DRIDEX.YYSUB | 20160423 |
| TrendMicro-HouseCall | TSPY_DRIDEX.YYSUB | 20160423 |
| VIPRE | Trojan.Win32.Dridex.aac (v) | 20160423 |
| ViRobot | Trojan.Win32.U.Dridex.232960[h] | 20160423 |
| Alibaba | 20160422 | |
| ALYac | 20160423 | |
| Antiy-AVL | 20160423 | |
| AVG | 20160423 | |
| Baidu-International | 20160423 | |
| Bkav | 20160423 | |
| CAT-QuickHeal | 20160423 | |
| ClamAV | 20160423 | |
| CMC | 20160421 | |
| Comodo | 20160423 | |
| Cyren | 20160423 | |
| DrWeb | 20160423 | |
| F-Prot | 20160423 | |
| K7AntiVirus | 20160423 | |
| Kingsoft | 20160423 | |
| NANO-Antivirus | 20160423 | |
| nProtect | 20160422 | |
| SUPERAntiSpyware | 20160423 | |
| TheHacker | 20160422 | |
| VBA32 | 20160423 | |
| Yandex | 20160422 | |
| Zillya | 20160423 | |
| Zoner | 20160423 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.
Product Операционная система Microsoft® Windows®
Original name Emet312.dll
Internal name emt7ren.dll
File version 5.0.2641.5500 .
Description Kersdl
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-22 10:16:28
Entry Point 0x0000105A
Number of sections 7
PE sections
PE imports
Number of PE resources by type
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0
InitializedDataSize
0
ImageVersion
0.0
ProductName
Microsoft Windows
FileVersionNumber
5.1.2605.5512
LanguageCode
Russian
FileFlagsMask
0x003f
FileDescription
Kersdl
CharacterSet
Unicode
LinkerVersion
8.0
FileTypeExtension
exe
OriginalFileName
Emet312.dll
MIMEType
application/octet-stream
Subsystem
Windows GUI
FileVersion
5.0.2641.5500 .
TimeStamp
2017:03:22 11:16:28+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
emt7ren.dll
ProductVersion
5.0.2641.5512
SubsystemVersion
5.0
OSVersion
4.1
FileOS
Windows NT 32-bit
LegalCopyright
. .
MachineType
Intel 386 or later, and compatibles
CodeSize
60416
FileSubtype
0
ProductVersionNumber
5.1.2605.5512
EntryPoint
0x105a
ObjectFileType
Dynamic link library
Compressed bundles
File identification
MD5 cf39567a7da322c8eafd02583f1ac809
SHA1 be90f4a1e415227de8f09ef7c11b1cf0dd15e0f4
SHA256 1d5a3ea559e518cd5a5f02899df8bd6682ab9372b7adb5760fcc18e3bddd76b7
ssdeep
3072:cFxWwnvB2w/N8gumYef3tw5kz8jRysW6B0wXPykCbZxi:v6gACgumYepsWRwfykgZx
File size
227.5 KB ( 232960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%) |
Tags
peexe
via-tor
VirusTotal metadata
First submission
2016-04-22 09:58:54 UTC ( 2 years, 10 months ago )
Last submission
2018-05-15 12:23:09 UTC ( 9 months, 2 weeks ago )
| File names |
emt7ren.dll labuten.exe 0u8ggf5f5 Emet312.dll 0u8ggf5f5 0u8ggf5f5.exe malware.exe 0u8ggf5f5.exe 0u8ggf5f5[1].2236.dr labuten.exe 0u8ggf5f5.1 HTTP-FJLGRr3r6In5VNFXbe.exe 0u8ggf5f5.3 0u8ggf5f5.2 0u8ggf5f5.4 u8ggf5f5.exe |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.