× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 434fe2d5b2b26d3b14d2959567822f9b08730144d7e9ceb234db1f477e2faf2d
File name: 7350657f44067dab6f74c6a5d52254f797506a9d
Detection ratio: 30 / 57
Analysis date: 2015-04-09 15:05:10 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2281276 20150409
AhnLab-V3 Trojan/Win32.Tepfer 20150409
Avast Win32:Malware-gen 20150409
AVG Generic36.BHEI 20150409
Avira (no cloud) TR/DridexDownloader.A.4 20150409
Baidu-International Worm.Win32.Cridex.qae 20150409
BitDefender Trojan.GenericKD.2281276 20150409
Bkav HW32.Packed.921D 20150409
DrWeb Trojan.Dridex.85 20150409
Emsisoft Trojan.GenericKD.2281276 (B) 20150409
ESET-NOD32 Win32/Dridex.N 20150409
F-Secure Trojan.GenericKD.2281276 20150409
GData Trojan.GenericKD.2281276 20150409
Ikarus Trojan.Dridex 20150409
K7AntiVirus Trojan ( 004bc85d1 ) 20150409
K7GW Trojan ( 004bc85d1 ) 20150409
Kaspersky Worm.Win32.Cridex.qae 20150409
Malwarebytes Trojan.Agent.EDG 20150409
McAfee RDN/Generic.hra!cj 20150409
Microsoft Backdoor:Win32/Drixed.E 20150409
eScan Trojan.GenericKD.2281276 20150409
Norman Kryptik.CFBT 20150409
nProtect Trojan.Injector.BHU 20150409
Panda Trj/Chgt.O 20150408
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150409
Sophos AV Troj/Dridex-CG 20150409
Symantec Trojan Horse 20150409
Tencent Trojan.Win32.Qudamah.Gen.0 20150409
TrendMicro TSPY_DRIDEX.KK 20150409
TrendMicro-HouseCall TSPY_DRIDEX.KK 20150409
AegisLab 20150409
Yandex 20150408
Alibaba 20150409
ALYac 20150409
Antiy-AVL 20150409
AVware 20150409
ByteHero 20150409
CAT-QuickHeal 20150409
ClamAV 20150409
CMC 20150408
Comodo 20150409
Cyren 20150409
F-Prot 20150409
Fortinet 20150409
Jiangmin 20150408
Kingsoft 20150409
McAfee-GW-Edition 20150409
NANO-Antivirus 20150409
Rising 20150409
SUPERAntiSpyware 20150409
TheHacker 20150408
TotalDefense 20150409
VBA32 20150408
VIPRE 20150409
ViRobot 20150409
Zillya 20150408
Zoner 20150409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name twext.dll
Internal name twext
File version 6.00.3633.5512 (xpsp.080413-2105)
Description Свойства: Предыдущие версии
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-10 23:13:00
Entry Point 0x0000A530
Number of sections 7
PE sections
PE imports
GetLastError
GetStdHandle
GetConsoleFontSize
LocalAlloc
Sleep
WriteProfileSectionW
ExitThread
SetCommTimeouts
ShowOwnedPopups
isdigit
fabs
Number of PE resources by type
REGINST 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
10240

ImageVersion
1.0

ProductName
Microsoft Windows

FileVersionNumber
6.0.3633.5512

UninitializedDataSize
4608

LanguageCode
Russian

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
twext.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.3633.5512 (xpsp.080413-2105)

TimeStamp
2018:06:11 00:13:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
twext

ProductVersion
6.00.2633.5512

FileDescription
:

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
65536

FileSubtype
0

ProductVersionNumber
6.0.2633.5512

EntryPoint
0xa530

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 3e3a09644170ad3184facb4cace14f8a
SHA1 48659cbb4d0a1dff3606a2d2ad397bc444620fb6
SHA256 434fe2d5b2b26d3b14d2959567822f9b08730144d7e9ceb234db1f477e2faf2d
ssdeep
1536:trRTMueQ0RAlAMJypryyDPnkhnkYBil/Q:rMu6ROlAKnul

authentihash 26568d48c664bc2a6df5891d0b8bf4b6de36f58cc5eeae95a4433652f2ce53ca
imphash d3476618bdf462bfa4970773b425241a
File size 79.0 KB ( 80896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-04-08 08:28:36 UTC ( 4 years, 1 month ago )
Last submission 2017-01-29 22:11:52 UTC ( 2 years, 3 months ago )
File names 004.exe
004.exe
004.exe
twext
dridex_downloader.bin
7350657f44067dab6f74c6a5d52254f797506a9d
fmBeq0.7z
c48.exe
004[1].exe.dr
3e3a09644170ad3184facb4cace14f8a.bin
fzsv.de_004.exe
twext.dll
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications