× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c104e63c5477726ca2b7c5e985cddb6fa38f4c321b83c635b17a052625979e1
File name: DRIDEX
Detection ratio: 11 / 57
Analysis date: 2016-11-15 18:15:52 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20161115
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161115
Bkav HW32.Packed.27FD 20161112
Comodo Heur.Packed.Unknown 20161115
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Sophos ML backdoor.win32.drixed.m 20161018
Kaspersky UDS:DangerousObject.Multi.Generic 20161115
McAfee Artemis!822550CA3A09 20161115
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20161115
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161115
Symantec Heur.AdvML.B 20161115
Ad-Aware 20161115
AhnLab-V3 20161115
Alibaba 20161115
ALYac 20161115
Antiy-AVL 20161115
Arcabit 20161115
Avast 20161115
AVG 20161115
Avira (no cloud) 20161115
AVware 20161115
BitDefender 20161115
CAT-QuickHeal 20161115
ClamAV 20161115
CMC 20161115
Cyren 20161115
DrWeb 20161115
Emsisoft 20161115
ESET-NOD32 20161115
F-Prot 20161115
F-Secure 20161115
Fortinet 20161115
GData 20161115
Ikarus 20161115
Jiangmin 20161115
K7AntiVirus 20161115
K7GW 20161115
Kingsoft 20161115
Malwarebytes 20161115
Microsoft 20161115
eScan 20161115
NANO-Antivirus 20161115
nProtect 20161115
Panda 20161115
Rising 20161115
Sophos AV 20161115
SUPERAntiSpyware 20161115
Tencent 20161115
TheHacker 20161115
TotalDefense 20161115
TrendMicro 20161115
TrendMicro-HouseCall 20161115
VBA32 20161115
VIPRE 20161115
ViRobot 20161115
Yandex 20161114
Zillya 20161115
Zoner 20161115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-14 14:46:00
Entry Point 0x0000B510
Number of sections 8
PE sections
PE imports
LocalCompact
CreateWaitableTimerW
LocalFree
FindAtomW
GetComputerNameW
GetSystemInfo
DebugActiveProcessStop
WTSGetActiveConsoleSessionId
IsProcessInJob
GetComputerNameA
CreateMailslotA
GetProcAddress
LoadLibraryA
SetConsoleTextAttribute
MprAdminTransportGetInfo
_vswprintf_c_l
strtok
_chkstk
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:11:14 15:46:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
43008

LinkerVersion
18.1

EntryPoint
0xb510

InitializedDataSize
93696

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
2.1

UninitializedDataSize
0

File identification
MD5 822550ca3a092fb31c62289513888faa
SHA1 3bfd47e3df5b420d5c72c12269a89478fd4ca535
SHA256 3c104e63c5477726ca2b7c5e985cddb6fa38f4c321b83c635b17a052625979e1
ssdeep
3072:mQqEJ9bnt2o21qEeI1fG4ic1fv1yjsL1e2fMn8p:5Jt25G4xfvQjIF0n

authentihash 9f3d6ec531e175c22653988eff4883fa53d0e7706ec774aa4bb6e84d781d15dd
imphash dc87380dbcaced720af0f3f72eef0c4e
File size 122.0 KB ( 124928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-15 15:05:40 UTC ( 2 years, 5 months ago )
Last submission 2017-03-15 10:26:08 UTC ( 2 years, 1 month ago )
File names DRIDEX
baltazar.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!