× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010
File name: emt7ren.dll
Detection ratio: 48 / 55
Analysis date: 2016-08-09 12:41:58 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3102059 20160809
AegisLab Suspicious.Cloud.7!c 20160809
AhnLab-V3 Trojan/Win32.Agent.N1940679000 20160809
ALYac Trojan.GenericKD.3102059 20160807
Antiy-AVL Trojan[Backdoor]/Win32.Cridex 20160809
Arcabit Trojan.Generic.D2F556B 20160809
Avast Win32:Malware-gen 20160809
AVG Crypt5.APOF 20160809
Avira (no cloud) TR/Crypt.Xpack.433161 20160809
AVware Trojan.Win32.Generic!BT 20160809
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160809
BitDefender Trojan.GenericKD.3102059 20160809
Bkav W32.Clod660.Trojan.80e0 20160809
CAT-QuickHeal Trojan.Drixed.A5 20160809
Comodo UnclassifiedMalware 20160806
Cyren W32/Fakems.EPXM-9303 20160809
DrWeb Trojan.Dridex.358 20160809
Emsisoft Trojan.Win32.Dridex (A) 20160809
ESET-NOD32 Win32/Dridex.AA 20160809
F-Prot W32/Fakems.L 20160809
F-Secure Trojan.GenericKD.3102059 20160809
Fortinet W32/Malicious_Behavior.VEX 20160809
GData Trojan.GenericKD.3102059 20160809
Ikarus Trojan.Win32.Dridex 20160809
K7AntiVirus Trojan ( 004d86461 ) 20160809
K7GW Trojan ( 004d86461 ) 20160809
Kaspersky Backdoor.Win32.Cridex.ej 20160809
Malwarebytes Trojan.Dridex 20160809
McAfee Generic.yk 20160809
McAfee-GW-Edition BehavesLike.Win32.Rootkit.ch 20160809
Microsoft Backdoor:Win32/Drixed 20160809
eScan Trojan.GenericKD.3102059 20160809
NANO-Antivirus Trojan.Win32.Dridex.ebavck 20160809
nProtect Backdoor/W32.Cridex.180736 20160809
Panda Trj/WLT.B 20160809
Qihoo-360 Win32/Backdoor.16f 20160809
Sophos AV Troj/Dridex-QU 20160809
Symantec Trojan.Cridex 20160809
Tencent Win32.Backdoor.Cridex.Ebgj 20160809
TheHacker Trojan/Dridex.aa 20160806
TrendMicro TROJ_FAKEMS.EN 20160809
TrendMicro-HouseCall TROJ_FAKEMS.EN 20160809
VBA32 Backdoor.Cridex 20160808
VIPRE Trojan.Win32.Generic!BT 20160809
ViRobot Trojan.Win32.Z.Dridex.180736[h] 20160809
Yandex Backdoor.Cridex! 20160808
Zillya Trojan.Dridex.Win32.515 20160809
Zoner TrojanDownloader.Dridex 20160809
Alibaba 20160809
ClamAV 20160809
CMC 20160804
Jiangmin 20160809
Kingsoft 20160809
SUPERAntiSpyware 20160809
TotalDefense 20160808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name emt7ren.dll
Internal name emt7ren.dll
File version 5.1.2615.5512 (xpsp.080413-0852)
Description Media
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-15 10:34:09
Entry Point 0x0000105F
Number of sections 8
PE sections
PE imports
SetFirmwareEnvironmentVariableW
UnlockFile
FreeUserPhysicalPages
EncodeSystemPointer
SetFileTime
PurgeComm
ReadFile
CreateFileA
GetProcAddress
GetStringTypeW
GetModuleHandleW
SetCommTimeouts
LoadMenuA
iswupper
isdigit
isprint
_chkstk
sin
strncpy
Number of PE resources by type
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2605.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x105f

OriginalFileName
emt7ren.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2615.5512 (xpsp.080413-0852)

TimeStamp
2016:03:15 11:34:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
emt7ren.dll

ProductVersion
5.1.2615.5512

FileDescription
Media

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
50176

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2605.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 f71977440032b680e91baef49d9ca7f8
SHA1 b1259b8287e38e79a2afc003471fe4750edefdaa
SHA256 4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010
ssdeep
3072:6s8pJ39h/qAkIHW/eIY8toGqKZfFyq7P6SKykCbZxW:6s8pV/qCWmIYwHqG37PyykgZx

authentihash 4143d793bde977f3efc71b9ae973f3e500602771eaba803fe30ebeddc2ce9613
imphash 4ea18692887336d00f4c55072b544a6f
File size 176.5 KB ( 180736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-15 11:03:35 UTC ( 3 years, 2 months ago )
Last submission 2016-08-09 12:41:58 UTC ( 2 years, 9 months ago )
File names IMG_0024415_02-2016 JPG,jpeg.exe
emt7ren.dll
1278630.exe
IMG_0024415_02-2016 JPG_jpeg.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications