× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6287776f22b19e409efe6342900d31b499c1077cd36fd8a4d988e3bfe1710d49
File name: f651c64d9ce7ebfa13d2dacc44abacf7
Detection ratio: 36 / 56
Analysis date: 2015-04-17 14:34:14 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2299408 20150417
AhnLab-V3 Win-Trojan/Malpacked6.Gen 20150417
Antiy-AVL Worm/Win32.Cridex 20150417
Avast Win32:Crypt-RKM [Trj] 20150417
AVG Generic_r.ERM 20150417
Avira (no cloud) TR/Crypt.Xpack.187356 20150417
AVware Trojan.Win32.Generic.pak!cobra 20150417
Baidu-International Worm.Win32.Cridex.qdl 20150417
BitDefender Trojan.GenericKD.2299408 20150417
Cyren W32/Dridex.B.gen!Eldorado 20150417
DrWeb Trojan.Dridex.94 20150417
Emsisoft Trojan.GenericKD.2299408 (B) 20150417
ESET-NOD32 Win32/Exploit.CVE-2013-3660.N 20150417
F-Prot W32/Dridex.B.gen!Eldorado 20150417
F-Secure Trojan.GenericKD.2299408 20150417
Fortinet W32/Agent.AMOF!tr 20150417
GData Trojan.GenericKD.2299408 20150417
Ikarus Trojan.Win32.Exploit 20150417
K7AntiVirus Trojan ( 004bd6a51 ) 20150417
K7GW Trojan ( 004bd6a51 ) 20150417
Kaspersky Worm.Win32.Cridex.qdl 20150417
Malwarebytes Trojan.MSIL.Agent 20150417
McAfee Downloader-FASH!F651C64D9CE7 20150417
Microsoft TrojanDropper:Win32/Evotob.C 20150417
eScan Trojan.GenericKD.2299408 20150417
Norman Kryptik.CFCB 20150417
nProtect Trojan.GenericKD.2299408 20150417
Panda Trj/Genetic.gen 20150417
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150417
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150417
Sophos AV Troj/Agent-AMOF 20150417
Symantec Trojan.Cridex 20150417
Tencent Trojan.Win32.Qudamah.Gen.2 20150417
TrendMicro TROJ_GEN.R0CCC0DDH15 20150417
TrendMicro-HouseCall TROJ_GEN.R0CCC0DDH15 20150417
VIPRE Trojan.Win32.Generic.pak!cobra 20150417
AegisLab 20150417
Yandex 20150417
Alibaba 20150417
Bkav 20150417
ByteHero 20150417
CAT-QuickHeal 20150417
ClamAV 20150417
CMC 20150416
Comodo 20150417
Jiangmin 20150414
Kingsoft 20150417
McAfee-GW-Edition 20150417
NANO-Antivirus 20150417
SUPERAntiSpyware 20150417
TheHacker 20150417
TotalDefense 20150417
VBA32 20150417
ViRobot 20150417
Zillya 20150417
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name bitsprx4.dll
Internal name bitsprx4.dll
File version 6.7.2600.5512 (xpsp.080413-2108)
Description Background Intelligent Transfer Service 2.5 Proxy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-15 12:48:33
Entry Point 0x00001078
Number of sections 5
PE sections
Overlays
MD5 66e02cdeba64ba43a1d3da637f97e8d6
File type ASCII text
Offset 225280
Size 5755
Entropy 5.88
PE imports
ClusterNetworkEnum
JetRestore2
BuildCommDCBA
GetLastError
GlobalFindAtomW
GetPrivateProfileStructA
FindFirstChangeNotificationA
WriteConsoleInputA
DefineDosDeviceW
OpenEventW
FreeLibrary
SetConsoleActiveScreenBuffer
GetProcessTimes
IsBadWritePtr
SetFileApisToANSI
SetConsoleCursorPosition
LoadLibraryA
LockFile
GetACP
UpdateResourceA
FreeEnvironmentStringsA
SetupComm
GetCurrentProcess
EnumSystemLocalesA
InterlockedExchangeAdd
BuildCommDCBAndTimeoutsW
GetConsoleMode
LocalAlloc
GetStringTypeExW
MapViewOfFileEx
GetCurrentDirectoryA
UnhandledExceptionFilter
SetErrorMode
GetBinaryTypeA
RaiseException
DeleteTimerQueueTimer
GetProcAddress
ConvertFiberToThread
WritePrivateProfileStringW
ReadConsoleInputW
CreateWaitableTimerW
GlobalMemoryStatus
GetFirmwareEnvironmentVariableW
GetThreadSelectorEntry
WriteConsoleOutputAttribute
GetGeoInfoA
EnumTimeFormatsW
EnumSystemLanguageGroupsA
InterlockedExchange
SetUnhandledExceptionFilter
EnumCalendarInfoA
EnumResourceNamesA
MulDiv
lstrcpynA
GetThreadTimes
TransmitCommChar
ExitThread
SetComputerNameA
FreeResource
SetFileAttributesA
LocalFree
CreatePipe
TerminateProcess
GetProcessWorkingSetSize
WriteConsoleOutputCharacterW
WriteConsoleA
GetDefaultCommConfigW
SetConsoleWindowInfo
FindNextVolumeMountPointW
GetFileType
CloseHandle
SetMailslotInfo
ReadConsoleOutputA
MprAdminMIBEntrySet
MprConfigInterfaceTransportAdd
MprAdminTransportGetInfo
VarR4FromCy
SetupGetLineTextW
ExtractIconA
SHFreeNameMappings
DrawEdge
EnableWindow
LoadMenuA
WindowFromPoint
GetThreadDesktop
SetPropW
InvalidateRect
_except_handler3
tmpfile
srand
_unlock
_lock
__dllonexit
_onexit
wscanf
wcstod
wcslen
isalpha
isxdigit
sin
wcscpy
PdhRemoveCounter
URLDownloadToFileA
HlinkGoBack
FindMediaTypeClass
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.7.2600.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
180224

EntryPoint
0x1078

OriginalFileName
bitsprx4.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.7.2600.5512 (xpsp.080413-2108)

TimeStamp
2015:04:15 13:48:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bitsprx4.dll

ProductVersion
6.7.2600.5512

FileDescription
Background Intelligent Transfer Service 2.5 Proxy

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
61440

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.7.2600.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 f651c64d9ce7ebfa13d2dacc44abacf7
SHA1 10b6b5dd2d87aaee2d31f80ea65acb39bbb7cf65
SHA256 6287776f22b19e409efe6342900d31b499c1077cd36fd8a4d988e3bfe1710d49
ssdeep
3072:DIgKjFMrZO425Avxb/svtlp3UyLyC1e0fB8p7X:EJpV425Avxb/svt73pyCQ056

authentihash 343dec42d681d6ad7c831caa1cfc64010ae60d258ce2fd57faf0525afdf2f33f
imphash a9d49616d4b05b1aaea347af53db4c2e
File size 225.6 KB ( 231035 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe cve-2013-3660 exploit overlay

VirusTotal metadata
First submission 2015-04-15 15:30:32 UTC ( 4 years, 1 month ago )
Last submission 2015-06-25 12:31:03 UTC ( 3 years, 11 months ago )
File names bitsprx4.dll
TRANSFER 8111.scr
f651c64d9ce7ebfa13d2dacc44abacf7
7498.scr
4.scr
f651c64d9ce7ebfa13d2dacc44abacf7
Malware (3).scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections