× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 26ee722cbf3923ab017bd540d299eba715169b94fc4920888d1822be7a065168
File name: 26ee722cbf3923ab017bd540d299eba715169b94fc4920888d1822be7a065168
Detection ratio: 32 / 62
Analysis date: 2017-03-23 16:41:51 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4640845 20170323
AegisLab Ml.Attribute.Gen!c 20170323
AhnLab-V3 Trojan/Win32.Agent.C1876037 20170323
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170323
Arcabit Trojan.Generic.D46D04D 20170323
Avira (no cloud) TR/AD.DridexDownloader.hglxs 20170323
AVware Trojan.Win32.Generic!BT 20170323
BitDefender Trojan.GenericKD.4640845 20170323
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Emsisoft Trojan.GenericKD.4640845 (B) 20170323
Endgame malicious (high confidence) 20170317
ESET-NOD32 Win32/Dridex.U 20170323
F-Secure Trojan.GenericKD.4640845 20170323
Fortinet W32/Dridex.U!tr 20170323
GData Win32.Trojan.Agent.I3K3MR 20170323
Ikarus Trojan.Win32.Dridex 20170323
Sophos ML backdoor.win32.prosti.l 20170203
K7AntiVirus Trojan ( 004fe38d1 ) 20170323
K7GW Trojan ( 004fe38d1 ) 20170323
Kaspersky Backdoor.Win32.Dridex.dh 20170323
Malwarebytes Trojan.FakeMS 20170323
McAfee Artemis!AF07A28F2CF9 20170323
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20170323
eScan Trojan.GenericKD.4640845 20170323
nProtect Backdoor/W32.Dridex.172032 20170323
Palo Alto Networks (Known Signatures) generic.ml 20170323
Sophos AV Troj/Agent-AVUV 20170323
Symantec Trojan.Cridex 20170322
VIPRE Trojan.Win32.Generic!BT 20170323
ViRobot Trojan.Win32.Z.Dridex.172032[h] 20170323
Webroot Malicious 20170323
ZoneAlarm by Check Point Backdoor.Win32.Dridex.dh 20170323
Alibaba 20170323
ALYac 20170323
Avast 20170323
AVG 20170323
Baidu 20170323
Bkav 20170323
CAT-QuickHeal 20170322
ClamAV 20170323
CMC 20170317
Comodo 20170323
Cyren 20170323
DrWeb 20170323
F-Prot 20170323
Jiangmin 20170323
Kingsoft 20170323
Microsoft 20170323
NANO-Antivirus 20170323
Panda 20170323
Qihoo-360 20170323
Rising 20170323
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170323
Symantec Mobile Insight 20170322
Tencent 20170323
TheHacker 20170321
TotalDefense 20170323
TrendMicro 20170323
TrendMicro-HouseCall 20170323
Trustlook 20170323
VBA32 20170323
WhiteArmor 20170315
Yandex 20170323
Zillya 20170323
Zoner 20170323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SPINF.DLL
Internal name SPINF.DLL
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows SPINF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-22 16:03:47
Entry Point 0x000016D0
Number of sections 10
PE sections
PE imports
DeregisterEventSource
SetServiceBits
DestroyPropertySheetPage
JetUpdate
FrameRgn
CreatePalette
LPtoDP
GetComputerNameW
DeviceIoControl
FreeConsole
GetCommandLineA
GetProcAddress
GetModuleHandleW
CreateStdDispatch
RasGetEntryDialParamsW
RpcFreeAuthorizationContext
ExtractAssociatedIconA
PathIsFileSpecA
StrRChrIA
StrRStrIA
GetUrlCacheEntryInfoA
SetPortW
MonikerCommonPrefixWith
CoCreateFreeThreadedMarshaler
CoInternetCreateSecurityManager
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
163840

EntryPoint
0x16d0

OriginalFileName
SPINF.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:03:22 17:03:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SPINF.DLL

ProductVersion
6.1.7600.16385

FileDescription
Windows SPINF

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 af07a28f2cf91bbf57fd5023ee21b336
SHA1 c9e9b02930a25932fec9646750e56bf9ba72ec39
SHA256 26ee722cbf3923ab017bd540d299eba715169b94fc4920888d1822be7a065168
ssdeep
3072:34pthaz9dexZruZgAWJ0uEvc6zVORzfxlF1KMp2X:3Yha521uZJlPU6izfTbp2

authentihash e4586ba6657e9bac57cb74c27073bea6cbbdac035092073cd255e74563dfc478
imphash 9e122321ede670436072df2de1ca8927
File size 168.0 KB ( 172032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-22 11:17:03 UTC ( 1 year, 11 months ago )
Last submission 2018-05-25 17:39:29 UTC ( 9 months ago )
File names SPINF.DLL
Documents.osc
26ee722cbf3923ab017bd540d299eba715169b94fc4920888d1822be7a065168.exe
qmQlJjsd.exe
af07a28f2cf91bbf57fd5023ee21b336.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications