× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b2af30ea940b30a2447c7964b7759ada2999022778fd09dd9d423ae3780585a
File name: 1264dbcf9106b7adab3682b9b42bdfcf
Detection ratio: 25 / 66
Analysis date: 2018-03-25 19:21:09 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Dridex.29 20180325
AhnLab-V3 Trojan/Win32.Agent.C2402746 20180325
ALYac Gen:Variant.Dridex.29 20180325
Antiy-AVL Trojan/Win32.AGeneric 20180325
Arcabit Trojan.Dridex.29 20180325
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9906 20180323
BitDefender Gen:Variant.Dridex.29 20180325
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180325
Emsisoft Gen:Variant.Dridex.29 (B) 20180325
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win64/GenKryptik.BMYE 20180325
Fortinet W64/GenKryptik.BMYE!tr 20180325
GData Gen:Variant.Dridex.29 20180325
Ikarus Trojan.Win64.Krypt 20180325
Sophos ML heuristic 20180121
Kaspersky HEUR:Trojan.Win32.Generic 20180325
MAX malware (ai score=80) 20180325
eScan Gen:Variant.Dridex.29 20180325
nProtect Trojan/W32.Agent.757760.LX 20180325
Rising Trojan.Win64/Kryptik!1.AE80 (CLASSIC) 20180325
SentinelOne (Static ML) static engine - malicious 20180225
TrendMicro TSPY64_HPDRIDEX.SM 20180325
TrendMicro-HouseCall TSPY64_HPDRIDEX.SM 20180325
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180325
AegisLab 20180325
Alibaba 20180323
Avast 20180325
Avast-Mobile 20180325
AVG 20180325
Avira (no cloud) 20180325
AVware 20180325
Bkav 20180325
CAT-QuickHeal 20180325
ClamAV 20180325
CMC 20180325
Comodo 20180325
Cybereason None
Cyren 20180325
DrWeb 20180325
eGambit 20180325
F-Prot 20180325
F-Secure 20180325
Jiangmin 20180325
K7AntiVirus 20180325
K7GW 20180325
Kingsoft 20180325
Malwarebytes 20180325
McAfee 20180325
McAfee-GW-Edition 20180325
Microsoft 20180325
NANO-Antivirus 20180325
Palo Alto Networks (Known Signatures) 20180325
Panda 20180325
Qihoo-360 20180325
Sophos AV 20180325
SUPERAntiSpyware 20180325
Symantec 20180324
Symantec Mobile Insight 20180311
Tencent 20180325
TheHacker 20180319
TotalDefense 20180325
Trustlook 20180325
VBA32 20180323
VIPRE 20180325
ViRobot 20180325
WhiteArmor 20180324
Yandex 20180324
Zillya 20180323
Zoner 20180325
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-01-18 13:04:13
Entry Point 0x00002270
Number of sections 9
PE sections
PE imports
SetPrivateObjectSecurity
EnumDependentServicesA
OpenCluster
CreatePropertySheetPageW
GdiFlush
GetEnhMetaFileDescriptionA
CopyMetaFileA
CreatePolygonRgn
SetFileAttributesA
RaiseException
CreateSemaphoreA
GetPrivateProfileIntA
DeleteFileA
Module32Next
SetUnhandledExceptionFilter
lstrcpyA
ExitProcess
GetTempFileNameA
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleW
GetBinaryTypeA
MprAdminUserSetInfo
MprConfigInterfaceCreate
NetSessionEnum
VarBoolFromStr
SetupGetIntField
SHGetUnreadMailCountW
PathMakeSystemFolderW
GetFocus
GetThreadDesktop
CharNextA
FindWindowW
OleRegGetMiscStatus
CoTaskMemFree
CLIPFORMAT_UserMarshal
PdhExpandWildCardPathHW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:01:18 14:04:13+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
0

LinkerVersion
12.0

EntryPoint
0x2270

InitializedDataSize
737280

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 1264dbcf9106b7adab3682b9b42bdfcf
SHA1 1aaf068bff6563e2517ddd16e729ae180d6ae1d3
SHA256 3b2af30ea940b30a2447c7964b7759ada2999022778fd09dd9d423ae3780585a
ssdeep
12288:+Exh5FjgrlvjV3v0+aO/TECQ0fHP6hTu/36WDJWz6ck0E:+AFkrzv0+aeTECQ0n6NuPdJ4

authentihash 4011cec4a68412c3300898f8253cb838e354fbcc49af32220b1041a5afb90f74
imphash 0006f1923202ce6e7c5b860a364af29d
File size 740.0 KB ( 757760 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-03-25 19:21:09 UTC ( 8 months, 3 weeks ago )
Last submission 2018-03-25 19:21:09 UTC ( 8 months, 3 weeks ago )
File names 1264dbcf9106b7adab3682b9b42bdfcf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!