× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2557e6166b4d490e380f498f15aedc52901f6f8b10373e924a5c57670f607d76
File name: 2557e6166b4d490e380f498f15aedc52901f6f8b10373e924a5c57670f607d76
Detection ratio: 33 / 61
Analysis date: 2017-03-31 04:43:12 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.156230 20170330
AegisLab Uds.Dangerousobject.Multi!c 20170330
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170330
Arcabit Trojan.Razy.D26246 20170330
Avast Win32:Malware-gen 20170330
AVG Crypt7.AVUM 20170330
Avira (no cloud) TR/Crypt.ZPACK.rajwj 20170330
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170330
BitDefender Gen:Variant.Razy.156230 20170330
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.JCBU-8465 20170330
Emsisoft Gen:Variant.Razy.156230 (B) 20170330
Endgame malicious (high confidence) pe1 20170330
ESET-NOD32 Win32/Dridex.U 20170331
F-Secure Gen:Variant.Razy.156230 20170330
Fortinet W32/Dridex.U!tr 20170330
GData Win32.Trojan.Agent.4C9XIN 20170330
Ikarus Trojan.Win32.Dridex 20170330
Sophos ML worm.win32.allaple.m 20170203
K7AntiVirus Trojan ( 005023031 ) 20170330
K7GW Trojan ( 005023031 ) 20170330
Kaspersky Backdoor.Win32.Dridex.ed 20170330
Malwarebytes Trojan.Dridex 20170330
McAfee RDN/Generic BackDoor 20170330
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.ch 20170331
Microsoft Backdoor:Win32/Drixed 20170330
eScan Gen:Variant.Razy.156230 20170331
NANO-Antivirus Trojan.Win32.Dridex.emxwan 20170331
Palo Alto Networks (Known Signatures) generic.ml 20170331
Rising Backdoor.Dridex!8.3226 (cloud:gAc2DzDD9vK) 20170330
Sophos AV Mal/Generic-S 20170331
Symantec Trojan.Cridex 20170330
ZoneAlarm by Check Point Backdoor.Win32.Dridex.ed 20170331
AhnLab-V3 20170330
Alibaba 20170331
ALYac 20170330
AVware 20170330
CAT-QuickHeal 20170330
ClamAV 20170330
CMC 20170330
Comodo 20170330
DrWeb 20170330
F-Prot 20170330
Jiangmin 20170330
Kingsoft 20170331
nProtect 20170331
Panda 20170330
Qihoo-360 20170331
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170330
Symantec Mobile Insight 20170329
Tencent 20170331
TheHacker 20170330
TotalDefense 20170330
TrendMicro 20170331
TrendMicro-HouseCall 20170331
Trustlook 20170331
VBA32 20170330
VIPRE 20170331
ViRobot 20170331
Webroot 20170331
WhiteArmor 20170327
Yandex 20170327
Zillya 20170329
Zoner 20170331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-29 02:09:43
Entry Point 0x00001790
Number of sections 7
PE sections
PE imports
RegLoadKeyA
DestroyPrivateObjectSecurity
GetUserNameW
CertGetPublicKeyLength
GetSystemPaletteUse
ImmDestroyContext
DeviceIoControl
InterlockedExchangeAdd
GetUserDefaultLangID
GetModuleHandleA
GetSystemRegistryQuota
ConvertDefaultLocale
CopyFileA
GetTickCount
FreeConsole
CreateFileMappingA
GetCommandLineA
GetProcAddress
SetInformationJobObject
DsMakeSpnW
RpcMgmtEpEltInqDone
SetupOpenFileQueue
SHCreateProcessAsUserW
FindExecutableW
FreeContextBuffer
IsWindowEnabled
IsCharAlphaA
InternetSetStatusCallbackW
FtpFindFirstFileA
waveOutSetPitch
FreePropVariantArray
CoTestCancel
OleCreateFromData
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:03:29 03:09:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
8.0

EntryPoint
0x1790

InitializedDataSize
155648

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 afcdd8c611cacb71286598e5574901d9
SHA1 fc2b9926a48b0c8843b73a046c49e1666645ac24
SHA256 2557e6166b4d490e380f498f15aedc52901f6f8b10373e924a5c57670f607d76
ssdeep
3072:66gsSc3qCB0wVfV80CO/FKhfjNpid7YImf2xx+ASUj1hVnh:667Sq/BotOdGed7Y3+xxs21hV

authentihash 0781ed87181696eec0f3cb3148b9a5d9db600122723dadedc86b9fbb56a26d0f
imphash cbb4a96d7fffdd94b0252b14a4e8eba7
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-29 16:29:56 UTC ( 1 year, 11 months ago )
Last submission 2018-05-22 09:04:54 UTC ( 9 months, 1 week ago )
File names sa_03_27.exe
Win32.Trojan.Agent@2557e6166b4d490e380f498f15aedc52901f6f8b10373e924a5c57670f607d76.bin
afcdd8c611cacb71286598e5574901d9.exe
sa_03_27.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications