× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 525a131cf8ceffafd514545840d3520fde728f0c46e517e5dc2fcdbeb5a666e9
File name: afbd9766b467a2b51a035fa53b27682c.virus
Detection ratio: 21 / 68
Analysis date: 2017-11-10 04:42:24 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20171110
Avast FileRepMalware 20171110
AVG FileRepMalware 20171110
Avira (no cloud) TR/AD.Dridex.yttsz 20171110
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171109
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171110
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/Dridex.U 20171110
Fortinet W32/Dridex.U!tr 20171110
GData Win32.Trojan.Agent.BXPL3J 20171110
Sophos ML heuristic 20170914
Kaspersky Backdoor.Win32.Dridex.qx 20171110
McAfee Artemis!AFBD9766B467 20171110
McAfee-GW-Edition BehavesLike.Win32.PUPXAX.cc 20171110
Qihoo-360 HEUR/QVM20.1.0D62.Malware.Gen 20171110
Sophos AV Mal/Generic-S 20171110
Symantec Trojan.Gen.2 20171109
TrendMicro-HouseCall TROJ_GEN.R020H0DK817 20171110
Webroot W32.Trojan.Gen 20171110
ZoneAlarm by Check Point Backdoor.Win32.Dridex.qx 20171110
Ad-Aware 20171110
AegisLab 20171110
AhnLab-V3 20171110
Alibaba 20170911
ALYac 20171110
Arcabit 20171110
Avast-Mobile 20171109
AVware 20171110
BitDefender 20171110
Bkav 20171109
CAT-QuickHeal 20171110
ClamAV 20171110
CMC 20171109
Comodo 20171110
Cybereason 20171030
Cyren 20171110
DrWeb 20171110
eGambit 20171110
Emsisoft 20171110
F-Prot 20171110
F-Secure 20171110
Ikarus 20171109
Jiangmin 20171110
K7AntiVirus 20171109
K7GW 20171110
Kingsoft 20171110
Malwarebytes 20171110
MAX 20171110
Microsoft 20171110
eScan 20171110
NANO-Antivirus 20171110
nProtect 20171110
Palo Alto Networks (Known Signatures) 20171110
Panda 20171109
Rising 20171110
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171110
Symantec Mobile Insight 20171110
Tencent 20171110
TheHacker 20171102
TotalDefense 20171110
TrendMicro 20171110
Trustlook 20171110
VBA32 20171109
VIPRE 20171110
ViRobot 20171110
WhiteArmor 20171104
Yandex 20171109
Zillya 20171109
Zoner 20171110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-07 19:55:50
Entry Point 0x00001830
Number of sections 5
PE sections
PE imports
TextOutA
WaitCommEvent
GetCurrentProcess
GetBinaryTypeW
lstrcmpA
GetModuleFileNameW
CreateMailslotW
ExitProcess
MoveFileW
GetProcAddress
lstrcmpW
GetModuleHandleW
SetupGetMultiSzFieldW
wsprintfA
DialogBoxIndirectParamW
wsprintfW
RealGetWindowClassW
SetCaretBlinkTime
FindWindowA
mmioClose
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:11:07 20:55:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
12.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, Large address aware, 32-bit

EntryPoint
0x1830

InitializedDataSize
0

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 afbd9766b467a2b51a035fa53b27682c
SHA1 b15e6f9d7531c50552458c53136d4365b2296741
SHA256 525a131cf8ceffafd514545840d3520fde728f0c46e517e5dc2fcdbeb5a666e9
ssdeep
3072:YAjaZXTMuRvEg2bULGHhpyaG8aZbdzBr+UdGQckMpO9fi:YAjEXVRv72lWhBzBr+UdGQckMANi

authentihash 9149483508985a4c2fc5a53edd08dfefda5d4c02669d1031874279b94d57f134
imphash 687eaf23b9c4ff8d6dbdfd43ca9f4a43
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-10 04:42:24 UTC ( 1 year, 4 months ago )
Last submission 2017-11-10 04:42:24 UTC ( 1 year, 4 months ago )
File names 1032-b15e6f9d7531c50552458c53136d4365b2296741
afbd9766b467a2b51a035fa53b27682c.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs