× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39c49f6d1d7636698f7b1da3f7528798ed4c72d4ba2fb836abfe36cb26b77a0d
File name: d2e6d34475fcba320609b1eb58884525.exe
Detection ratio: 52 / 65
Analysis date: 2018-05-23 15:19:32 UTC ( 11 hours, 1 minute ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6198194 20180523
AegisLab Troj.Downloader.W32.Upatre!c 20180523
AhnLab-V3 Trojan/Win32.Kryptik.C2263756 20180523
ALYac Trojan.Dridex.A 20180523
Antiy-AVL Trojan/Win32.SGeneric 20180523
Arcabit Trojan.Generic.D5E93B2 20180523
Avast Win32:Malware-gen 20180523
AVG Win32:Malware-gen 20180523
Avira (no cloud) TR/Crypt.ZPACK.rgvfr 20180523
AVware Trojan.Win32.Generic!BT 20180523
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180523
BitDefender Trojan.GenericKD.6198194 20180523
Bkav HW32.Packed.7016 20180523
CAT-QuickHeal TrojanDownloader.Upatre 20180522
Comodo TrojWare.Win32.Trojan.Agent.bovmm 20180523
Cylance Unsafe 20180523
Cyren W32/Trojan.XNWC-6465 20180523
Emsisoft Trojan.Dridex (A) 20180523
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win32/Dridex.BE 20180523
F-Prot W32/Trojan3.ADAT 20180523
F-Secure Trojan.GenericKD.6198194 20180523
Fortinet W32/Kryptik.FYLG!tr 20180523
GData Trojan.GenericKD.6198194 20180523
Ikarus Trojan.Win32.Dridex 20180523
Sophos ML heuristic 20180503
Jiangmin Trojan-Downloader.Upatre.c 20180523
K7AntiVirus Trojan ( 005106341 ) 20180523
K7GW Trojan ( 005106341 ) 20180523
Kaspersky HEUR:Trojan.Win32.Generic 20180523
Malwarebytes Trojan.Injector 20180523
MAX malware (ai score=99) 20180523
McAfee Drixed-FHD!D2E6D34475FC 20180523
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180523
eScan Trojan.GenericKD.6198194 20180523
NANO-Antivirus Trojan.Win32.Upatre.euyoub 20180523
Palo Alto Networks (Known Signatures) generic.ml 20180523
Panda Trj/CI.A 20180523
Qihoo-360 HEUR/QVM20.1.33DF.Malware.Gen 20180523
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Dridex-ZF 20180523
Symantec Trojan.Cridex 20180523
Tencent Win32.Trojan.Generic.Wsju 20180523
TrendMicro TSPY_DRIDEX.AUSIMC 20180523
TrendMicro-HouseCall TSPY_DRIDEX.AUSIMC 20180523
VBA32 Trojan.Tiggre 20180523
VIPRE Trojan.Win32.Generic!BT 20180523
ViRobot Trojan.Win32.S.Injector.126976 20180523
Webroot W32.Trojan.Gen 20180523
Yandex Trojan.DL.Upatre! 20180522
Zillya Downloader.Upatre.Win32.64564 20180523
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180523
Alibaba 20180523
Avast-Mobile 20180523
Babable 20180406
ClamAV 20180521
CMC 20180523
CrowdStrike Falcon (ML) 20180202
Cybereason None
DrWeb 20180523
eGambit 20180523
Kingsoft 20180523
Microsoft 20180523
nProtect 20180523
Rising 20180523
SUPERAntiSpyware 20180523
Symantec Mobile Insight 20180522
TheHacker 20180516
Trustlook 20180523
Zoner 20180522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-12-08 12:36:00
Entry Point 0x00001980
Number of sections 5
PE sections
PE imports
RegDeleteValueW
AddAccessDeniedObjectAce
RegEnumKeyExW
ImageList_SetBkColor
CryptEnumOIDFunction
GetTextExtentPointA
GetKerningPairsW
CreateFontW
LPtoDP
LocalFlags
InitAtomTable
GetBinaryTypeW
SetConsoleMode
GetCurrentProcessId
GetModuleHandleA
GetModuleFileNameW
PurgeComm
ExitProcess
FindFirstFileExW
VirtualAlloc
FindFirstVolumeW
DrawDibEnd
NetShareEnum
DsBindWithCredW
VarBstrFromUI4
VariantCopyInd
SetupDiSetDriverInstallParamsW
SetupPromptForDiskA
StrChrIA
wnsprintfA
PathQuoteSpacesA
VkKeyScanExW
GetSystemMetrics
CreateDialogIndirectParamA
wsprintfW
FindWindowA
DrawCaption
midiOutOpen
EnumPrinterKeyW
CryptCATCDFEnumMembers
SCardIntroduceCardTypeW
CoTaskMemRealloc
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1993:12:08 13:36:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
12.0

EntryPoint
0x1980

InitializedDataSize
0

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
PCAP parents
File identification
MD5 d2e6d34475fcba320609b1eb58884525
SHA1 f5b6fe51750881f14dfe112c3fe6c90afedb7191
SHA256 39c49f6d1d7636698f7b1da3f7528798ed4c72d4ba2fb836abfe36cb26b77a0d
ssdeep
3072:jR60A0j92Bs5JDo57bauV75dqhY4GxdZ4:jR60nzo5faCqEp

authentihash 4bbe8ce15bc42ff820fecb2756a1caf5311d15e8f4cd216a538a965d84f0101c
imphash c61adb06af3992c5e7e63a2fc85c9851
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2017-11-15 09:31:01 UTC ( 6 months, 1 week ago )
Last submission 2018-05-23 15:19:32 UTC ( 11 hours, 1 minute ago )
File names d2e6d34475fcba320609b1eb58884525
jhvgRg5[1].3.dr
content
VirusShare_d2e6d34475fcba320609b1eb58884525
output.112460913.txt
d2e6d34475fcba320609b1eb58884525.exe
jhvgRg5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
UDP communications