× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39c49f6d1d7636698f7b1da3f7528798ed4c72d4ba2fb836abfe36cb26b77a0d
File name: d2e6d34475fcba320609b1eb58884525.exe
Detection ratio: 56 / 68
Analysis date: 2018-07-23 17:45:30 UTC ( 3 weeks, 1 day ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6198194 20180723
AegisLab Troj.Downloader.W32.Upatre!c 20180723
AhnLab-V3 Trojan/Win32.Kryptik.C2263756 20180723
ALYac Trojan.Dridex.A 20180723
Antiy-AVL Trojan/Win32.SGeneric 20180723
Arcabit Trojan.Generic.D5E93B2 20180723
Avast Win32:Malware-gen 20180723
AVG Win32:Malware-gen 20180723
Avira (no cloud) HEUR/AGEN.1011660 20180723
AVware Trojan.Win32.Generic!BT 20180723
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180723
BitDefender Trojan.GenericKD.6198194 20180723
Bkav HW32.Packed.7016 20180723
CAT-QuickHeal Trojan.Mauvaise.SL1 20180723
Comodo TrojWare.Win32.Trojan.Agent.bovmm 20180723
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.475fcb 20180225
Cylance Unsafe 20180723
Cyren W32/Trojan.XNWC-6465 20180723
Emsisoft Trojan.Dridex (A) 20180723
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win32/Dridex.BE 20180723
F-Prot W32/Trojan3.ADAT 20180723
F-Secure Trojan.GenericKD.6198194 20180723
Fortinet W32/GenKryptik.CFNI!tr 20180723
GData Trojan.GenericKD.6198194 20180723
Ikarus Trojan.Win32.Dridex 20180723
Sophos ML heuristic 20180717
Jiangmin Trojan-Downloader.Upatre.c 20180723
K7AntiVirus Trojan ( 005106341 ) 20180723
K7GW Trojan ( 005106341 ) 20180723
Kaspersky HEUR:Trojan.Win32.Generic 20180723
Malwarebytes Trojan.Injector 20180723
MAX malware (ai score=99) 20180723
McAfee Drixed-FHD!D2E6D34475FC 20180723
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20180723
Microsoft Trojan:Win32/Tiggre!rfn 20180723
eScan Trojan.GenericKD.6198194 20180723
NANO-Antivirus Trojan.Win32.Upatre.euyoub 20180723
Palo Alto Networks (Known Signatures) generic.ml 20180723
Panda Trj/CI.A 20180723
Qihoo-360 HEUR/QVM20.1.33DF.Malware.Gen 20180723
Rising Backdoor.Dridex!8.3226 (CLOUD) 20180723
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Dridex-ZF 20180723
Symantec Trojan.Cridex 20180723
Tencent Win32.Trojan.Generic.Wsju 20180723
TrendMicro TSPY_DRIDEX.AUSIMC 20180723
TrendMicro-HouseCall TSPY_DRIDEX.AUSIMC 20180723
VBA32 Trojan.Tiggre 20180723
VIPRE Trojan.Win32.Generic!BT 20180723
ViRobot Trojan.Win32.S.Injector.126976 20180723
Webroot W32.Trojan.Gen 20180723
Yandex Trojan.DL.Upatre! 20180720
Zillya Downloader.Upatre.Win32.64564 20180723
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180723
Alibaba 20180713
Avast-Mobile 20180723
Babable 20180406
ClamAV 20180723
CMC 20180723
DrWeb 20180723
eGambit 20180723
Kingsoft 20180723
SUPERAntiSpyware 20180722
TACHYON 20180723
TheHacker 20180723
TotalDefense 20180722
Trustlook 20180723
Zoner 20180723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-12-08 12:36:00
Entry Point 0x00001980
Number of sections 5
PE sections
PE imports
RegDeleteValueW
AddAccessDeniedObjectAce
RegEnumKeyExW
ImageList_SetBkColor
CryptEnumOIDFunction
GetTextExtentPointA
GetKerningPairsW
CreateFontW
LPtoDP
LocalFlags
InitAtomTable
GetBinaryTypeW
SetConsoleMode
GetCurrentProcessId
GetModuleHandleA
GetModuleFileNameW
PurgeComm
ExitProcess
FindFirstFileExW
VirtualAlloc
FindFirstVolumeW
DrawDibEnd
NetShareEnum
DsBindWithCredW
VarBstrFromUI4
VariantCopyInd
SetupDiSetDriverInstallParamsW
SetupPromptForDiskA
StrChrIA
wnsprintfA
PathQuoteSpacesA
VkKeyScanExW
GetSystemMetrics
CreateDialogIndirectParamA
wsprintfW
FindWindowA
DrawCaption
midiOutOpen
EnumPrinterKeyW
CryptCATCDFEnumMembers
SCardIntroduceCardTypeW
CoTaskMemRealloc
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1993:12:08 13:36:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
12.0

EntryPoint
0x1980

InitializedDataSize
0

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
PCAP parents
File identification
MD5 d2e6d34475fcba320609b1eb58884525
SHA1 f5b6fe51750881f14dfe112c3fe6c90afedb7191
SHA256 39c49f6d1d7636698f7b1da3f7528798ed4c72d4ba2fb836abfe36cb26b77a0d
ssdeep
3072:jR60A0j92Bs5JDo57bauV75dqhY4GxdZ4:jR60nzo5faCqEp

authentihash 4bbe8ce15bc42ff820fecb2756a1caf5311d15e8f4cd216a538a965d84f0101c
imphash c61adb06af3992c5e7e63a2fc85c9851
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2017-11-15 09:31:01 UTC ( 9 months ago )
Last submission 2018-05-24 17:47:47 UTC ( 2 months, 3 weeks ago )
File names d2e6d34475fcba320609b1eb58884525
jhvgRg5[1].3.dr
content
VirusShare_d2e6d34475fcba320609b1eb58884525
output.112460913.txt
d2e6d34475fcba320609b1eb58884525.exe
jhvgRg5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
UDP communications