× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3042a8b243e73c93c2238a262a5016e1e87c3c3adea55229b62eaf3bc3fb397f
File name: file_e0d09a5ce075d622162cf5575440fff8
Detection ratio: 6 / 55
Analysis date: 2015-11-06 10:39:24 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/AD.DridexDownloader.Y.44 20151106
ESET-NOD32 Win32/Dridex.P 20151106
Microsoft Backdoor:Win32/Drixed.J 20151106
Sophos AV Mal/Generic-S 20151106
TrendMicro BKDR_DRIDEX.CP 20151106
TrendMicro-HouseCall BKDR_DRIDEX.CP 20151106
Ad-Aware 20151106
AegisLab 20151106
Yandex 20151106
AhnLab-V3 20151105
Alibaba 20151106
ALYac 20151106
Antiy-AVL 20151106
Arcabit 20151106
Avast 20151106
AVG 20151106
AVware 20151106
Baidu-International 20151106
BitDefender 20151106
Bkav 20151105
ByteHero 20151106
CAT-QuickHeal 20151106
ClamAV 20151103
CMC 20151102
Comodo 20151106
Cyren 20151106
DrWeb 20151106
Emsisoft 20151106
F-Prot 20151106
F-Secure 20151106
Fortinet 20151106
GData 20151106
Ikarus 20151106
Jiangmin 20151105
K7AntiVirus 20151106
K7GW 20151106
Kaspersky 20151106
Malwarebytes 20151106
McAfee 20151106
McAfee-GW-Edition 20151106
eScan 20151106
NANO-Antivirus 20151106
nProtect 20151106
Panda 20151105
Rising 20151105
SUPERAntiSpyware 20151106
Symantec 20151105
Tencent 20151106
TheHacker 20151103
TotalDefense 20151106
VBA32 20151105
VIPRE 20151106
ViRobot 20151106
Zillya 20151105
Zoner 20151106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-10-22 13:01:48
Entry Point 0x0004A8CE
Number of sections 4
PE sections
PE imports
ObjectPrivilegeAuditAlarmA
ObjectOpenAuditAlarmA
QueryServiceConfigA
NotifyChangeEventLog
RegSetValueExW
StartServiceA
ChangeServiceConfigA
RegFlushKey
RegQueryValueExW
GetUserNameA
RegisterEventSourceA
InitiateSystemShutdownW
RegOpenKeyExA
LsaEnumerateTrustedDomains
RegCreateKeyA
ChangeServiceConfigW
RegCreateKeyW
RegOverridePredefKey
RegisterServiceCtrlHandlerA
ImageRvaToVa
UpdateDebugInfoFile
ImageDirectoryEntryToData
SymGetLineFromName
SymGetSymNext
ImageNtHeader
ImageRvaToSection
SymGetModuleBase
CheckSumMappedFile
SymGetLineNext
ImageAddCertificate
SymGetOptions
ImageGetDigestStream
SymInitialize
UnMapAndLoad
SymGetSymFromAddr
UnDecorateSymbolName
FindExecutableImage
SymGetModuleInfo
MapFileAndCheckSumA
SymGetLineFromAddr
ImageEnumerateCertificates
SymLoadModule
MapDebugInformation
MapFileAndCheckSumW
SymFunctionTableAccess
GetImageConfigInformation
SymGetSymFromName
SymSetOptions
ImagehlpApiVersion
GetTimestampForLoadedLibrary
SymRegisterCallback
UnmapDebugInformation
UpdateDebugInfoFileEx
SymMatchFileName
BindImageEx
SymSetSearchPath
GetCommConfig
GetModuleHandleA
CreateFileW
_acmdln
__p__fmode
_adjust_fdiv
_controlfp
_Getmonths
exit
putc
__getmainargs
_chkesp
__setusermatherr
_initterm
__set_app_type
VarBoolFromR8
VarFormatNumber
BSTR_UserUnmarshal
SafeArrayDestroyData
VarCyFromR8
VarCyFromUI2
VarBstrFromDate
VarXor
VarR8FromDisp
GetRecordInfoFromGuids
VarDecCmpR8
VarDateFromI2
CreateTypeLib2
VarAnd
VarR8FromBool
VarR4FromStr
VarBstrCat
SafeArrayGetVartype
SafeArrayRedim
VarI2FromCy
SafeArrayCopy
VarI2FromDisp
SysAllocStringLen
VarR4FromBool
OleLoadPictureFile
SysReAllocString
VarCat
GetErrorInfo
SafeArrayPutElement
LoadAcceleratorsA
GetAsyncKeyState
CharLowerA
DdeCreateStringHandleA
CountClipboardFormats
LoadStringA
GetKBCodePage
SetMenu
EqualRect
AttachThreadInput
DdeCreateDataHandle
GetKeyboardLayout
GetDialogBaseUnits
PackDDElParam
DdeUnaccessData
GetDlgItemInt
LookupIconIdFromDirectory
CharPrevExA
GetKeyState
CoRegisterPSClsid
OleUninitialize
CoUninitialize
IIDFromString
FreePropVariantArray
OleDestroyMenuDescriptor
SNB_UserUnmarshal
StgOpenStorageOnILockBytes
CreateFileMoniker
CoTreatAsClass
STGMEDIUM_UserFree
HACCEL_UserUnmarshal
ReleaseStgMedium
HMENU_UserFree
GetConvertStg
HWND_UserMarshal
CoRegisterClassObject
OleRegGetUserType
HACCEL_UserMarshal
CoLockObjectExternal
OleGetIconOfFile
GetClassFile
OleConvertIStorageToOLESTREAMEx
CoGetStandardMarshal
HWND_UserFree
CLIPFORMAT_UserMarshal
CoCreateFreeThreadedMarshaler
StgCreateDocfile
StgIsStorageFile
HGLOBAL_UserSize
CoFileTimeToDosDateTime
OleFlushClipboard
StgCreatePropStg
CoFreeUnusedLibraries
PropVariantClear
MkParseDisplayName
CoTaskMemFree
StringFromIID
Number of PE resources by type
RT_ICON 3
RT_ACCELERATOR 3
RT_GROUP_ICON 3
RT_BITMAP 1
R85IU66g 1
RT_VERSION 1
Number of PE resources by language
ROMANIAN 7
PORTUGUESE 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.142.167.230

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
155648

EntryPoint
0x4a8ce

OriginalFileName
Tyres.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011

FileVersion
220, 96, 121, 254

TimeStamp
2005:10:22 14:01:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Restraint

FileDescription
Sleets

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Windigo Systems

CodeSize
303104

FileSubtype
0

ProductVersionNumber
0.156.161.92

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e0d09a5ce075d622162cf5575440fff8
SHA1 e4c612fd846c36d9e4be0af492c0530898ae4157
SHA256 3042a8b243e73c93c2238a262a5016e1e87c3c3adea55229b62eaf3bc3fb397f
ssdeep
6144:L8KYgVkGsk0sl3MZcREVHVQFjgmXG2zsakM/2Ia/uxneSL3ryOju6MCmuOVe+pj4:L8KHkGsk9CV1Egm22zsTMPa/uxneM3r0

authentihash 234d7292755b08cb375ea7f3d3bda43501ae40f17b67025da3f6abbe8c1f4fb8
imphash 628cdb2bd2730d9051121441f08800be
File size 340.0 KB ( 348160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-11-05 08:06:02 UTC ( 2 years, 5 months ago )
Last submission 2015-11-05 10:55:19 UTC ( 2 years, 5 months ago )
File names mrburns.exe
file_e0d09a5ce075d622162cf5575440fff8
applet.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections