× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2587300cc5c250b1c79e664363d1ca81d61e7e063b90212ab222753f8c0f6e04
File name: 6757645.exe
Detection ratio: 2 / 56
Analysis date: 2015-10-15 10:13:13 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Win32.Dridex.e (v) 20151015
VIPRE LooksLike.Win32.Dridex.e (v) 20151015
Ad-Aware 20151015
AegisLab 20151015
Yandex 20151014
AhnLab-V3 20151015
Alibaba 20151015
ALYac 20151015
Antiy-AVL 20151015
Arcabit 20151015
Avast 20151014
AVG 20151015
Avira (no cloud) 20151015
Baidu-International 20151014
BitDefender 20151015
Bkav 20151014
ByteHero 20151015
CAT-QuickHeal 20151015
ClamAV 20151015
CMC 20151014
Comodo 20151015
Cyren 20151015
DrWeb 20151015
Emsisoft 20151015
ESET-NOD32 20151015
F-Prot 20151015
F-Secure 20151015
Fortinet 20151015
GData 20151015
Ikarus 20151015
Jiangmin 20151014
K7AntiVirus 20151015
K7GW 20151015
Kaspersky 20151015
Kingsoft 20151015
Malwarebytes 20151015
McAfee 20151015
McAfee-GW-Edition 20151015
Microsoft 20151015
eScan 20151015
NANO-Antivirus 20151015
nProtect 20151015
Panda 20151015
Qihoo-360 20151015
Rising 20151014
Sophos AV 20151015
SUPERAntiSpyware 20151015
Symantec 20151014
Tencent 20151015
TheHacker 20151012
TrendMicro 20151015
TrendMicro-HouseCall 20151015
VBA32 20151014
ViRobot 20151015
Zillya 20151014
Zoner 20151015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 10
Original name MFC100KOR.DLL
Internal name MFC100KOR.DLL
File version 10.00.40219.325
Description MFC Language Specific Resources
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1991-09-25 11:42:58
Entry Point 0x00021C00
Number of sections 9
PE sections
PE imports
FatalAppExitW
ConvertThreadToFiber
SetTimeZoneInformation
GlobalCompact
ResetEvent
SetFileAttributesW
GetProcAddress
FindResourceA
lstrcmpW
LoadLibraryA
ReadConsoleOutputAttribute
VarBoolFromI1
Number of PE resources by type
RT_STRING 59
RT_DIALOG 27
RT_MENU 1
RT_VERSION 1
Struct(240) 1
Number of PE resources by language
KOREAN 89
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
0.23

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
10.0.40219.325

UninitializedDataSize
5632

LanguageCode
Korean

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
104960

EntryPoint
0x21c00

OriginalFileName
MFC100KOR.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.00.40219.325

TimeStamp
1991:09:25 12:42:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MFC100KOR.DLL

ProductVersion
10.00.40219.325

FileDescription
MFC Language Specific Resources

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24576

ProductName
Microsoft Visual Studio 10

ProductVersionNumber
10.0.40219.325

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 30e1ad13b091ec24935724ed0abf62ca
SHA1 49da614f7fe882db48a550c3d9906259364e6ca0
SHA256 2587300cc5c250b1c79e664363d1ca81d61e7e063b90212ab222753f8c0f6e04
ssdeep
1536:yKNLw0ZpVSHxxt8NrLJyDYzzDp+fapnYzGVkH6bZhhRQw8FwCR4VBwf3NY7Cvqbj:3LNsxt8N5Pd+yhYzjwZhhRL8VkaboH

authentihash 7311390fcd16a3259ac3aaced4d8b320388f3980c44ac10f63073a1893dc5237
imphash 61ce4ff5dc3c2daeaa7b9240a7c79211
File size 163.5 KB ( 167424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-15 09:00:28 UTC ( 3 years, 7 months ago )
Last submission 2018-05-26 17:47:37 UTC ( 12 months ago )
File names 6757645 (2).exe
6757645.exe
dridex.exe
6757645_exe
30e1ad13b091ec24935724ed0abf62ca
MFC100KOR.DLL
6757645.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections