× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 230a53b665cf61ff2b8d55f24363d3850f8b498eaf3437557c6157879bb25134
File name: Attack
Detection ratio: 51 / 60
Analysis date: 2017-05-06 21:05:24 UTC ( 1 year, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3046357 20170506
AegisLab Backdoor.W32.Cridex!c 20170506
AhnLab-V3 Trojan/Win32.Dridex.C1326827 20170506
ALYac Spyware.Banker.Dridex 20170506
Antiy-AVL Trojan[Backdoor]/Win32.Cridex 20170506
Arcabit Trojan.Generic.D2E7BD5 20170506
Avast Win32:Malware-gen 20170506
AVG Generic37.ANJT 20170506
Avira (no cloud) TR/Crypt.Xpack.401565 20170506
AVware Trojan.Win32.Generic!BT 20170506
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9940 20170503
BitDefender Trojan.GenericKD.3046357 20170506
CAT-QuickHeal VirTool.Obfuscator 20170506
ClamAV BC.Win.Packer.Troll-14 20170506
Comodo TrojWare.Win32.Dridex.avc 20170506
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Dridex.ECZC-5783 20170506
DrWeb Trojan.Dridex.332 20170506
Emsisoft Trojan.GenericKD.3046357 (B) 20170506
Endgame malicious (high confidence) 20170503
ESET-NOD32 Win32/Dridex.AA 20170506
F-Prot W32/Dridex.HX 20170506
F-Secure Trojan.GenericKD.3046357 20170506
Fortinet W32/Malicious_Behavior.VEX 20170506
GData Win32.Trojan.Agent.5S0GI0 20170506
Ikarus Trojan.Win32.Dridex 20170506
Sophos ML virus.win32.sality.at 20170413
Jiangmin Backdoor.Cridex.ab 20170506
K7AntiVirus Trojan ( 004de6181 ) 20170506
K7GW Trojan ( 004de6181 ) 20170506
Kaspersky Backdoor.Win32.Cridex.ce 20170506
Malwarebytes Trojan.Dridex 20170506
McAfee Generic.yk 20170506
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20170506
Microsoft VirTool:Win32/Obfuscator 20170506
eScan Trojan.GenericKD.3046357 20170506
NANO-Antivirus Trojan.Win32.Cridex.efgtqn 20170506
Palo Alto Networks (Known Signatures) generic.ml 20170506
Panda Trj/WLT.B 20170506
Qihoo-360 Trojan.Generic 20170506
Rising Trojan.Generic (cloud:tEkuZuKYlNE) 20170506
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Troj/Dridex-PN 20170506
Symantec Trojan.Cridex 20170506
Tencent Win32.Backdoor.Cridex.Wski 20170506
VIPRE Trojan.Win32.Generic!BT 20170506
Webroot Trojan.Dropper.Gen 20170506
Yandex Backdoor.Cridex! 20170504
Zillya Backdoor.Cridex.Win32.18 20170505
ZoneAlarm by Check Point Backdoor.Win32.Cridex.ce 20170506
Zoner Trojan.Dridex 20170506
Alibaba 20170505
CMC 20170506
Kingsoft 20170506
nProtect 20170506
SUPERAntiSpyware 20170506
Symantec Mobile Insight 20170504
TheHacker 20170505
TotalDefense 20170506
TrendMicro 20170506
Trustlook 20170506
VBA32 20170506
ViRobot 20170506
WhiteArmor 20170502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
ClusterDelta.com Copyright 2015

Product Attack
Original name Attack
Internal name Attack
File version 8.3.6.775
Description Greater Afahmasp Without Higher Shooters
Comments Greater Afahmasp Without Higher Shooters
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-15 11:52:51
Entry Point 0x000067EF
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
PrintDlgA
GetObjectA
ExcludeClipRect
SetROP2
DeleteDC
SetBkMode
SetStretchBltMode
GetStockObject
CreateFontIndirectA
CreateSolidBrush
CreateRectRgnIndirect
CombineRgn
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
SystemTimeToFileTime
GetConsoleOutputCP
SetHandleCount
lstrlenA
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProfileIntA
SetStdHandle
CompareStringW
RaiseException
CompareStringA
GetCPInfo
GetStringTypeA
SetFilePointer
GetTimeZoneInformation
ReadFile
GetModuleHandleA
SetUnhandledExceptionFilter
lstrcpyA
InterlockedIncrement
GetProfileStringA
SetSystemPowerState
GetSystemTimeAsFileTime
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
SetEnvironmentVariableA
TerminateProcess
GetModuleFileNameA
QueryPerformanceCounter
WriteConsoleA
SetLastError
IsValidCodePage
HeapCreate
WriteFile
GlobalAlloc
VirtualFree
LocalFileTimeToFileTime
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetStartupInfoA
WriteConsoleW
CloseHandle
NetSessionEnum
NetApiBufferFree
SysAllocString
VariantInit
SysAllocStringLen
StrCmpNIA
GetMessageA
GetParent
UpdateWindow
BeginPaint
OffsetRect
PostQuitMessage
DefWindowProcA
ShowWindow
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
GetWindowRect
DispatchMessageA
ReleaseCapture
GetWindowDC
TranslateMessage
IsWindowEnabled
GetWindow
GetDC
RegisterClassExA
ReleaseDC
UpdateLayeredWindow
GetIconInfo
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
IsIconic
RegisterClassA
InvalidateRect
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
FillRect
EnumThreadWindows
GetSysColorBrush
InflateRect
GetClassNameA
GetFocus
CreateWindowExW
DestroyWindow
GetThemeInt
DrawThemeBackground
mmioRead
mmioDescend
mmioAscend
mmioOpenA
mmioClose
WSAStringToAddressA
SetMonitorRedGreenOrBlueDrive
GdipDeleteGraphics
GdipCreateFromHDC
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
OleRun
IIDFromString
Number of PE resources by type
RT_STRING 10
RT_BITMAP 10
RT_DIALOG 7
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 31
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Greater Afahmasp Without Higher Shooters

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.3.6.775

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Greater Afahmasp Without Higher Shooters

CharacterSet
Unicode

InitializedDataSize
150528

PrivateBuild
8.3.6.775

EntryPoint
0x67ef

OriginalFileName
Attack

MIMEType
application/octet-stream

LegalCopyright
ClusterDelta.com Copyright 2015

FileVersion
8.3.6.775

TimeStamp
2016:02:15 12:52:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Attack

ProductVersion
8.3.6.775

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ClusterDelta.com

CodeSize
84480

ProductName
Attack

ProductVersionNumber
8.3.6.775

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 69e4d5a501620829f0c3f1d15f1e3016
SHA1 bf31e0c116d5297d396f773d0cef3801269d54b1
SHA256 230a53b665cf61ff2b8d55f24363d3850f8b498eaf3437557c6157879bb25134
ssdeep
6144:4DZJev6ybeiLniF69NgbGO/SKjTIdLIO8qqYbpl:gUNHO/Sq2sO5/pl

authentihash 6fc18adcf346b0542ae74c47967e363c06d7907a1814b9c5d414d45ba2dec8fe
imphash 2ed4b8341f1021e36987d27970010f8c
File size 230.5 KB ( 236032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-15 12:10:27 UTC ( 3 years ago )
Last submission 2016-12-15 22:03:21 UTC ( 2 years, 2 months ago )
File names 65fg67n
53b665cf61ff2b8d55f24363d3850f8b498eaf3437557c6157879bb25134.bin
65fg67n.exe
65fg67n2.exe
65fg67n[1].txt.2756.dr
Dridex
65fg67n(2)
1_.ex1
virus
69e4d5a501620829f0c3f1d15f1e3016
Attack
ladybi.exe
evil1.exe
65fg67n[1].txt.3380.dr
65fg67n
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Runtime DLLs