× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2818e0a86d2ba2f40177a84463866481bd1b148f8ec650dec6ff054a058578ec
File name: 81e94ac247fecb32add3a666d11beb9e.7229074b3ab0f990f4760d0333a06d53...
Detection ratio: 9 / 57
Analysis date: 2017-02-21 09:54:21 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170221
CAT-QuickHeal (Suspicious) - DNAScan 20170220
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (moderate confidence) 20170217
Sophos ML generic.a 20170203
K7GW Trojan ( 700001211 ) 20170221
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20170221
Rising Malware.Generic.2!tfe (thunder:2:ZNC1GR4MTPB) 20170221
Symantec ML.Attribute.HighConfidence 20170220
Ad-Aware 20170221
AegisLab 20170221
AhnLab-V3 20170221
Alibaba 20170221
ALYac 20170221
Antiy-AVL 20170221
Arcabit 20170221
Avast 20170221
AVG 20170221
Avira (no cloud) 20170221
AVware 20170221
BitDefender 20170221
Bkav 20170220
ClamAV 20170221
CMC 20170221
Comodo 20170221
Cyren 20170221
DrWeb 20170221
Emsisoft 20170221
ESET-NOD32 20170221
F-Prot 20170221
F-Secure 20170221
Fortinet 20170221
GData 20170221
Ikarus 20170221
Jiangmin 20170221
K7AntiVirus 20170221
Kaspersky 20170221
Kingsoft 20170221
Malwarebytes 20170221
McAfee 20170221
McAfee-GW-Edition 20170221
Microsoft 20170221
eScan 20170221
NANO-Antivirus 20170221
nProtect 20170221
Panda 20170220
Sophos AV 20170221
SUPERAntiSpyware 20170221
Tencent 20170221
TheHacker 20170220
TrendMicro 20170221
Trustlook 20170221
VBA32 20170220
VIPRE 20170221
ViRobot 20170221
Webroot 20170221
WhiteArmor 20170215
Yandex 20170220
Zillya 20170220
Zoner 20170221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name REGEDIT.EXE
Internal name REGEDIT
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Registry Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-13 03:12:58
Entry Point 0x0001B9D0
Number of sections 8
PE sections
PE imports
GetServiceKeyNameW
DuplicateTokenEx
SetPrivateObjectSecurity
LookupAccountSidA
GetServiceKeyNameA
CryptImportKey
CryptCreateHash
GetFileSecurityW
CryptDuplicateHash
ConvertToAutoInheritPrivateObjectSecurity
SetFileSecurityW
RegisterEventSourceA
RegReplaceKeyW
RegOpenKeyW
SetTokenInformation
RegConnectRegistryA
CryptSetProvParam
AddAuditAccessAce
ImpersonateNamedPipeClient
ObjectCloseAuditAlarmA
StartServiceW
InitiateSystemShutdownExW
AddAuditAccessAceEx
GetOldestEventLogRecord
GetEventLogInformation
ImageList_Remove
GetMUILanguage
ImageList_SetOverlayImage
ImageList_Copy
PageSetupDlgW
GetWindowExtEx
PolylineTo
GdiGetBatchLimit
StartDocW
ColorCorrectPalette
GetBitmapDimensionEx
GetViewportExtEx
GetKerningPairsA
GetCharWidthA
CopyEnhMetaFileA
GetCharABCWidthsI
CreateHatchBrush
WaitCommEvent
DeviceIoControl
EnumUILanguagesA
FlushConsoleInputBuffer
GetComputerNameW
ReadFile
OutputDebugStringW
GetSystemWindowsDirectoryA
QueryPerformanceCounter
HeapDestroy
SignalObjectAndWait
CreateTimerQueue
FlushFileBuffers
LoadLibraryA
Thread32First
GetLocalTime
DisconnectNamedPipe
SetProcessWorkingSetSize
GetDateFormatA
GetEnvironmentStrings
CompareFileTime
GetLocaleInfoA
GetConsoleOutputCP
lstrcatA
ProcessIdToSessionId
IsValidCodePage
GetCurrentDirectoryA
GlobalFlags
SetCommMask
FatalAppExitA
GetFileInformationByHandle
GetProcAddress
FillConsoleOutputAttribute
SetSystemTimeAdjustment
GetStartupInfoW
IsSystemResumeAutomatic
CreateWaitableTimerW
MapViewOfFile
WriteConsoleOutputCharacterA
SetVolumeLabelA
InitializeCriticalSection
GetBinaryTypeW
EnumDateFormatsExA
GetStringTypeA
GetModuleHandleA
DebugBreakProcess
WritePrivateProfileStructA
FindNextFileW
GlobalFree
RegisterWaitForSingleObjectEx
CreateSemaphoreW
_lopen
DeleteAtom
Module32NextW
IsProcessorFeaturePresent
UnlockFile
ReleaseActCtx
SetThreadIdealProcessor
lstrlenW
SetVolumeLabelW
LocalFree
TerminateProcess
WriteFileGather
CreateProcessA
CreateEventW
CreateActCtxW
GetNamedPipeInfo
FindFirstVolumeMountPointW
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
LocalHandle
DeleteTimerQueue
ReleaseMutex
SetMailslotInfo
VirtualAlloc
GetEnvironmentVariableW
InterlockedIncrement
MprAdminServerConnect
VarBstrFromR8
UrlUnescapeW
SHQueryValueExA
PathIsRelativeA
SHDeleteEmptyKeyW
StrRetToStrA
PathAppendW
SHCreateStreamOnFileA
SHCopyKeyA
EndDialog
DrawStateA
GetScrollPos
GetMouseMovePointsEx
WinHelpA
SetProcessDefaultLayout
DefWindowProcA
LockSetForegroundWindow
GetMenuState
LookupIconIdFromDirectory
OpenIcon
MoveWindow
GetClipboardFormatNameW
PostMessageW
GetClipboardSequenceNumber
RegisterClipboardFormatW
GetKeyState
MenuItemFromPoint
GetIconInfo
DefFrameProcW
TileWindows
GetKeyboardLayoutList
BringWindowToTop
CreateMenu
LoadIconA
GetUpdateRgn
GetSysColorBrush
ChangeDisplaySettingsExW
LockWindowUpdate
DragDetect
IsDialogMessageA
strncat
strtod
getenv
isprint
wcstok
sprintf
calloc
strncpy
PdhBrowseCountersW
URLOpenBlockingStreamA
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 5
RT_GROUP_CURSOR 1
REGINST 1
RT_CURSOR 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
UninitializedDataSize
6144

LinkerVersion
197.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Registry Editor

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1b9d0

OriginalFileName
REGEDIT.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2001:01:13 03:12:58+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
REGEDIT

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
25600

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 81e94ac247fecb32add3a666d11beb9e
SHA1 7229074b3ab0f990f4760d0333a06d5316551ca7
SHA256 2818e0a86d2ba2f40177a84463866481bd1b148f8ec650dec6ff054a058578ec
ssdeep
3072:ym32ZGi92buyQDl7cKCARDlSqyZQZ7Hw1dZHGRKPDUAfs1Om:Xi9ZDlqARuZO7HqdZ/PwAaf

authentihash 18ac935b69ef564828044dadfbd96218a95e790809e805bfa5651bbd28bfd927
imphash 70be87a3fe6e3118d1107c62f997c708
File size 125.0 KB ( 128016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-21 09:54:21 UTC ( 2 years, 1 month ago )
Last submission 2019-03-16 12:49:06 UTC ( 1 week, 1 day ago )
File names dridex.exe
81e94ac247fecb32add3a666d11beb9e.7229074b3ab0f990f4760d0333a06d5316551ca7.primary_analysis_subject
terms.custom
REGEDIT.EXE
81e94ac247fecb32add3a666d11beb9e.exe
terms[1].custom.1809859436.DROPPED
REGEDIT
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications