× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4474cd1a77d22356b72052665cc391f1340ce92d5af0c43cd107ed0ad081a849
File name: f441b8d2f70ef84e8cc71556f293ff7a.virus
Detection ratio: 50 / 66
Analysis date: 2018-05-19 01:00:25 UTC ( 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Dridex.29 20180519
AegisLab Troj.W32.Agent!c 20180518
AhnLab-V3 Trojan/Win32.Crypt.R217007 20180518
ALYac Gen:Variant.Dridex.29 20180519
Antiy-AVL Trojan/Win32.TSGeneric 20180519
Arcabit Trojan.Dridex.29 20180519
Avast Win64:GenX 20180519
AVG Win64:GenX 20180519
Avira (no cloud) TR/AD.Dridex.decxk 20180518
AVware Trojan.Win32.Generic!BT 20180519
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180518
BitDefender Gen:Variant.Dridex.29 20180519
CAT-QuickHeal Trojan.Agent 20180518
Comodo .UnclassifiedMalware 20180518
Cylance Unsafe 20180519
Cyren W64/Trojan.EOKE-7201 20180519
DrWeb Trojan.PackedENT.47 20180519
Emsisoft Gen:Variant.Dridex.29 (B) 20180519
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win64/Dridex.AM 20180518
F-Secure Gen:Variant.Dridex.29 20180519
Fortinet W64/Dridex.AM!tr 20180519
GData Gen:Variant.Dridex.29 20180518
Ikarus Trojan.Win32.Agent 20180518
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 005219951 ) 20180518
K7GW Trojan ( 005219951 ) 20180518
Kaspersky HEUR:Trojan.Win32.Generic 20180518
Malwarebytes Trojan.Dridex 20180518
MAX malware (ai score=97) 20180519
McAfee Drixed-FHC!F441B8D2F70E 20180518
McAfee-GW-Edition Drixed-FHC!F441B8D2F70E 20180518
Microsoft Trojan:Win32/Bitrep.B 20180518
eScan Gen:Variant.Dridex.29 20180518
NANO-Antivirus Trojan.Win64.PackedENT.ewonrt 20180519
Palo Alto Networks (Known Signatures) generic.ml 20180519
Panda Trj/CI.A 20180518
Qihoo-360 Win32/Trojan.ae7 20180519
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Dridex-G 20180518
Symantec Trojan.Gen.2 20180518
Tencent Win32.Trojan.Agent.Ebgb 20180519
TrendMicro TROJ_GEN.R004C0PLS17 20180519
TrendMicro-HouseCall TSPY64_HPDRIDEX.SM 20180518
VBA32 Trojan.Agent 20180518
VIPRE Trojan.Win32.Generic!BT 20180518
Webroot W32.Trojan.Gen 20180519
Yandex Trojan.Agent!UB34xcCarf4 20180518
Zillya Trojan.Agent.Win32.869673 20180516
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180519
Alibaba 20180518
Avast-Mobile 20180518
Babable 20180406
Bkav 20180518
ClamAV 20180518
CMC 20180518
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180519
F-Prot 20180519
Jiangmin 20180519
Kingsoft 20180519
nProtect 20180518
Rising 20180518
SUPERAntiSpyware 20180518
Symantec Mobile Insight 20180518
TheHacker 20180516
TotalDefense 20180518
Trustlook 20180519
ViRobot 20180518
Zoner 20180518
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corp. 1981-1994

Product Microsoft® Visual C++
Original name MSVCRT20.DLL
Internal name MSVCRT20
File version 2.12.000
Description Microsoft® C Runtime Library
Comments Flavor=Retail
PE header basic information
Target machine x64
Compilation timestamp 2017-12-22 22:29:34
Entry Point 0x00001FA0
Number of sections 10
PE sections
PE imports
CryptEncrypt
CertGetIssuerCertificateFromStore
GdiFlush
FlattenPath
SetWaitableTimer
SetEnvironmentVariableW
WriteConsoleOutputA
GetModuleHandleW
ExitProcess
GetCommandLineA
GetCurrentThreadId
GetModuleFileNameA
GetBinaryTypeA
LZOpenFileW
MprAdminPortEnum
MprAdminInterfaceDelete
VarI4FromR8
VariantCopyInd
RpcStringBindingComposeW
SetupOpenMasterInf
SetupGetFieldCount
IsCharAlphaW
SetUserObjectSecurity
GetCapture
GetFocus
GetMenuDefaultItem
GetThreadDesktop
TranslateAcceleratorW
IIDFromString
StgCreateDocfileOnILockBytes
PdhParseCounterPathW
RevokeBindStatusCallback
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Flavor=Retail

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.40305.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft C Runtime Library

ImageFileCharacteristics
Executable, Large address aware, DLL

CharacterSet
Unicode

InitializedDataSize
450560

PrivateBuild
DDBLD687

EntryPoint
0x1fa0

OriginalFileName
MSVCRT20.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp. 1981-1994

FileVersion
2.12.000

TimeStamp
2017:12:22 23:29:34+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
MSVCRT20

ProductVersion
2.12.000

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows command line

MachineType
AMD AMD64

CompanyName
Microsoft Corporatio

CodeSize
0

ProductName
Microsoft Visual C++

ProductVersionNumber
4.0.40305.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 f441b8d2f70ef84e8cc71556f293ff7a
SHA1 316fd031dc2eb8f6eff6646fc6cd4366ef6477db
SHA256 4474cd1a77d22356b72052665cc391f1340ce92d5af0c43cd107ed0ad081a849
ssdeep
12288:fnGAFj1BdXECCKzeYG0ZVyInvIsr2MIgCB0q+4F+B:PVFVuMD3jHIf2

authentihash ed5c5b4b99650501d89b6c9b20c5f0d93de77f35d76f12e395da783b5feb6373
imphash f564105a94cf1b2a122bf61c4250d04e
File size 460.0 KB ( 471040 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2017-12-29 09:20:36 UTC ( 11 months, 3 weeks ago )
Last submission 2018-05-19 01:00:25 UTC ( 7 months ago )
File names MSVCRT20
f441b8d2f70ef84e8cc71556f293ff7a.virus
MSVCRT20.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!