× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3202fe0fb2a5cfee79b87349cfa75d8992a7e9c0442dff740b3e999fe360b006
File name: 8a603ec8cfc027b7242c9de72f98566a8a3fcdc4
Detection ratio: 23 / 57
Analysis date: 2015-04-16 11:09:25 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Tepfer 20150416
Avast Win32:Malware-gen 20150416
AVG Inject2.BYKM 20150416
Avira (no cloud) TR/DridexDownloader.A.33 20150416
AVware Win32.Malware!Drop 20150416
ClamAV Win.Trojan.Dridex-5 20150415
DrWeb Trojan.Dridex.94 20150416
Emsisoft Trojan.Win32.Dridex (A) 20150416
ESET-NOD32 Win32/Exploit.CVE-2013-3660.N 20150416
Ikarus Trojan.Win32.Exploit 20150416
Kaspersky Worm.Win32.Cridex.qeq 20150416
Malwarebytes Trojan.FakeMS 20150416
McAfee RDN/Trojan-Dridex!a 20150416
Norman Kryptik.CFBT 20150416
nProtect Trojan/W32.Agent.123392.ACF 20150416
Panda Generic Suspicious 20150416
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150416
Sophos AV Troj/Agent-AMNJ 20150416
Symantec Trojan.Cridex 20150416
Tencent Trojan.Win32.Qudamah.Gen.2 20150416
TrendMicro-HouseCall Suspicious_GEN.F47V0415 20150416
VIPRE Win32.Malware!Drop 20150416
ViRobot Trojan.Win32.Injector.123392[h] 20150416
Ad-Aware 20150416
AegisLab 20150416
Yandex 20150416
Alibaba 20150416
ALYac 20150416
Antiy-AVL 20150416
Baidu-International 20150416
BitDefender 20150416
Bkav 20150415
ByteHero 20150416
CAT-QuickHeal 20150416
CMC 20150416
Comodo 20150416
Cyren 20150416
F-Prot 20150416
F-Secure 20150416
Fortinet 20150416
GData 20150416
Jiangmin 20150414
K7AntiVirus 20150416
K7GW 20150416
Kingsoft 20150416
McAfee-GW-Edition 20150416
Microsoft 20150416
eScan 20150416
NANO-Antivirus 20150416
Rising 20150416
SUPERAntiSpyware 20150416
TheHacker 20150415
TotalDefense 20150415
TrendMicro 20150416
VBA32 20150416
Zillya 20150416
Zoner 20150416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name twext.dll
Internal name twext
File version 6.00.5300.5512 (xpsp.080413-2105)
Description ????????: ?????????? ??????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-10 23:13:00
Entry Point 0x00008EE0
Number of sections 7
PE sections
PE imports
CreateToolhelp32Snapshot
GetLastError
SetCommState
SetConsoleOutputCP
GetStdHandle
FileTimeToDosDateTime
lstrcpynA
RemoveDirectoryW
GetPrivateProfileSectionNamesA
WriteProfileSectionW
HeapReAlloc
SetConsoleActiveScreenBuffer
GetProcessTimes
ActivateActCtx
GlobalAlloc
GetDateFormatA
GetEnvironmentStringsW
GetVersionExA
RemoveDirectoryA
GetUserGeoID
FindNextVolumeW
GetSystemWindowsDirectoryA
CreateRemoteThread
HeapCompact
GetAtomNameA
EnumSystemLocalesA
FileTimeToLocalFileTime
CompareFileTime
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
CopyFileExA
CreateDirectoryA
OpenFileMappingA
SetCurrentDirectoryW
SetConsoleCursorInfo
GetProcAddress
QueryMemoryResourceNotification
GetProfileIntA
OpenMutexA
GetVolumePathNamesForVolumeNameW
EnumResourceNamesW
WriteTapemark
FindResourceExA
QueryPerformanceFrequency
CreateThread
SetFileAttributesA
VerSetConditionMask
ReadConsoleA
WriteProfileStringA
InterlockedExchange
CreateDirectoryExA
FindResourceExW
PulseEvent
CreateTimerQueueTimer
SetThreadAffinityMask
ClearCommError
ExitThread
FindFirstFileExW
GetModuleHandleW
BindIoCompletionCallback
EscapeCommFunction
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
SetTapePosition
TlsAlloc
IsValidCodePage
SetConsoleMode
GetDefaultCommConfigW
GetConsoleWindow
WaitForMultipleObjects
Heap32Next
lstrcatW
Sleep
FormatMessageA
GetPrivateProfileSectionA
IsBadCodePtr
GetTickCount
ReadFileScatter
GetEnvironmentVariableW
MprAdminMIBBufferFree
MprAdminServerConnect
VarR4FromCy
VarUI2FromBool
VarUI1FromCy
SHGetFileInfoA
SHGetFileInfoW
ShowOwnedPopups
DrawFocusRect
PostMessageW
iswlower
getc
isalnum
puts
isgraph
wprintf
fgetpos
fgetws
swscanf
wcslen
strcpy
vfprintf
islower
iswalpha
fopen
memcpy
setvbuf
getchar
PdhGetFormattedCounterArrayA
PdhGetCounterInfoA
PdhCalculateCounterFromRawValue
CoInternetCombineUrl
WriteHitLogging
Number of PE resources by type
REGINST 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.2

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.0.5300.5512

UninitializedDataSize
4608

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
5632

EntryPoint
0x8ee0

OriginalFileName
twext.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
6.00.5300.5512 (xpsp.080413-2105)

TimeStamp
2018:06:11 00:13:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
twext

ProductVersion
6.00.5300.5512

FileDescription
:

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
112640

ProductName
Microsoft Windows

ProductVersionNumber
6.0.5300.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 2ecf5e35d681521997e293513144fd80
SHA1 bffd66bc594c3092c0b3f4a7461fe36f94dd5eef
SHA256 3202fe0fb2a5cfee79b87349cfa75d8992a7e9c0442dff740b3e999fe360b006
ssdeep
3072:tLfrZbVDqSFOYPT0iKpyfoG1X77skPMqoavl:tLfr/DqSFOOZfp77xP

authentihash fb2f91a40af51e6e3746d8aa307e1ee452fd23154e7a765100d0bd7f1f350665
imphash fed8734b8f50c076601b3c4631b7caef
File size 120.5 KB ( 123392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe cve-2013-3660 exploit

VirusTotal metadata
First submission 2015-04-15 07:56:27 UTC ( 3 years, 2 months ago )
Last submission 2015-04-28 16:54:43 UTC ( 3 years, 1 month ago )
File names 8a603ec8cfc027b7242c9de72f98566a8a3fcdc4
654.exe
twext
654[1].exe
rizob1.0.exe
654_exe
rizob1.0.exe.x
twext.dll
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R034E03GA15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections