× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57677545eebd229744f717936efed7272b7d824c1201fc099091386e192722e5
File name: 57677545eebd229744f717936efed7272b7d824c1201fc099091386e192722e5
Detection ratio: 45 / 65
Analysis date: 2017-09-30 13:48:00 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12409245 20170930
AegisLab Backdoor.W32.Dridex!c 20170930
AhnLab-V3 Backdoor/Win32.Dridex.C2172953 20170930
ALYac Trojan.Dridex.A 20170930
Antiy-AVL Trojan/Win32.TSGeneric 20170930
Arcabit Trojan.Generic.DBD599D 20170930
Avast Win32:Malware-gen 20170930
AVG Win32:Malware-gen 20170930
Avira (no cloud) TR/Crypt.ZPACK.bbylt 20170930
AVware Trojan.Win32.Generic!BT 20170930
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170930
BitDefender Trojan.GenericKD.12409245 20170930
CAT-QuickHeal Trojan.IGENERIC 20170930
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170930
Cyren W32/Trojan.LRGJ-7540 20170930
DrWeb Trojan.Gozi.44 20170930
Emsisoft Trojan.GenericKD.12409245 (B) 20170930
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Dridex.U 20170930
F-Secure Trojan.GenericKD.12409245 20170930
GData Win32.Trojan-Spy.Emotet.CO 20170930
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 004fe38d1 ) 20170928
K7GW Trojan ( 004fe38d1 ) 20170930
Kaspersky Backdoor.Win32.Dridex.ny 20170930
Malwarebytes Trojan.Dridex 20170930
MAX malware (ai score=85) 20170930
McAfee RDN/Trojan-FOFO 20170930
McAfee-GW-Edition BehavesLike.Win32.Ramnit.cc 20170930
Microsoft Backdoor:Win32/Dridex 20170930
eScan Trojan.GenericKD.12409245 20170930
NANO-Antivirus Trojan.Win32.Dridex.etbqec 20170930
Palo Alto Networks (Known Signatures) generic.ml 20170930
Panda Trj/GdSda.A 20170930
Qihoo-360 HEUR/QVM20.1.28D4.Malware.Gen 20170930
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170930
Symantec Trojan.Cridex 20170929
Tencent Win32.Backdoor.Dridex.Eddz 20170930
TrendMicro TROJ_GEN.R020C0DIT17 20170930
TrendMicro-HouseCall TROJ_GEN.R020C0DIT17 20170930
VIPRE Trojan.Win32.Generic!BT 20170930
Webroot W32.Trojan.Gen 20170930
ZoneAlarm by Check Point Backdoor.Win32.Dridex.ny 20170930
Alibaba 20170911
Avast-Mobile 20170929
ClamAV 20170930
CMC 20170928
Comodo 20170930
F-Prot 20170930
Fortinet 20170929
Ikarus 20170930
Jiangmin 20170930
Kingsoft 20170930
nProtect 20170929
Rising 20170930
SUPERAntiSpyware 20170930
Symantec Mobile Insight 20170928
TheHacker 20170928
TotalDefense 20170930
Trustlook 20170930
VBA32 20170929
ViRobot 20170930
WhiteArmor 20170927
Yandex 20170908
Zillya 20170929
Zoner 20170930
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name D3D10_1.dll
Internal name D3D10_1.dll
File version 6.2.9200.16492 (win8_gdr_oobssr.130113-0015)
Description Direct3D 10.1 Runtime
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-25 13:34:02
Entry Point 0x00002290
Number of sections 7
PE sections
Overlays
MD5 d3d9446802a44259755d38e6d163e820
File type ASCII text
Offset 139264
Size 2
Entropy 1.00
PE imports
LogonUserExW
GetDeviceCaps
ExcludeClipRect
AddFontResourceA
GetWindowExtEx
GetMetaFileA
GetTextMetricsA
GetCharWidthA
GetFontLanguageInfo
DeleteObject
GetRasterizerCaps
GetUserDefaultUILanguage
AreFileApisANSI
GetLastError
FreeLibrary
DeleteTimerQueueEx
LoadLibraryA
GetVolumePathNamesForVolumeNameW
Module32FirstW
LocalAlloc
GetConsoleTitleW
ExitProcess
GetProcAddress
RaiseException
LockFileEx
InterlockedExchange
GetComputerNameExW
LocalFree
FormatMessageW
GetProcessAffinityMask
IsValidCodePage
FindFirstVolumeMountPointW
EnumSystemGeoID
GetStringTypeExA
GetFileSize
GetUserNameExW
DeleteMonitorA
GetPrintProcessorDirectoryW
system
_time64
MkParseDisplayNameEx
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.9200.16492

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Direct3D 10.1 Runtime

ImageFileCharacteristics
Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
147456

EntryPoint
0x2290

OriginalFileName
D3D10_1.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.2.9200.16492 (win8_gdr_oobssr.130113-0015)

TimeStamp
2017:09:25 14:34:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
D3D10_1.dll

ProductVersion
6.2.9200.16492

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Melcosoft Copronation

CodeSize
10240

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.2.9200.16492

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 8d73966dad8e824a75fedee9257fccf8
SHA1 fdc14899c2deb89640f87f67d7a0d3ace63fa981
SHA256 57677545eebd229744f717936efed7272b7d824c1201fc099091386e192722e5
ssdeep
3072:m2IBHi1aGVDySqh97LLdmqmT+S/0keMC9ICuE7xPa9r4mru+ARJ2i:m2iitVHqh97Lx5mT+S9eL4uVEr16+ARx

authentihash 186299629b9c74fd608849a1097bcf27b1e7599aaacee6e15e20aa9dce786e28
imphash 3e797aa7f02698472cbf8cf2ef01c44e
File size 136.0 KB ( 139266 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-09-30 11:19:29 UTC ( 1 year, 4 months ago )
Last submission 2017-09-30 13:48:00 UTC ( 1 year, 4 months ago )
File names 8d73966dad8e824a75fedee9257fccf8
D3D10_1.dll
054.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications