× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f8d8fdc128c5d31569cce5b31072720f5678b0461e1fb817a650cc3f333c9c8
File name: 6f8d8fdc128c5d31569cce5b31072720f5678b0461e1fb817a650cc3f333c9c8
Detection ratio: 45 / 65
Analysis date: 2017-09-02 06:13:59 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5914201 20170902
AegisLab Backdoor.W32.Dridex!c 20170902
AhnLab-V3 Backdoor/Win32.Dridex.R207730 20170901
ALYac Trojan.Dridex.A 20170902
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170902
Arcabit Trojan.Generic.D5A3E59 20170902
Avast Win32:Malware-gen 20170902
AVG Win32:Malware-gen 20170902
Avira (no cloud) TR/Dridex.ssylk 20170901
AVware Trojan.Win32.Generic!BT 20170902
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170831
BitDefender Trojan.GenericKD.5914201 20170902
Bkav HW32.Packed.5A3C 20170901
CAT-QuickHeal Backdoor.Dridex 20170901
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170902
Cyren W32/Trojan.AHHQ-0633 20170902
Emsisoft Trojan.GenericKD.5914201 (B) 20170902
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Dridex.U 20170902
F-Secure Trojan.GenericKD.5914201 20170902
GData Trojan.GenericKD.5914201 20170902
Ikarus Trojan.Win32.Dridex 20170901
Sophos ML heuristic 20170822
K7AntiVirus Trojan ( 004fe38d1 ) 20170901
K7GW Trojan ( 004fe38d1 ) 20170902
Kaspersky Backdoor.Win32.Dridex.np 20170902
Malwarebytes Trojan.Dridex 20170902
MAX malware (ai score=84) 20170902
McAfee Packed-PN!581D1DC4CBAA 20170902
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20170902
Microsoft Backdoor:Win32/Dridex 20170902
eScan Trojan.GenericKD.5914201 20170902
Palo Alto Networks (Known Signatures) generic.ml 20170902
Panda Trj/GdSda.A 20170901
Qihoo-360 HEUR/QVM20.1.8B56.Malware.Gen 20170902
Rising Backdoor.Dridex!8.3226 (cloud:CuHzvSHmGtU) 20170901
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170902
Symantec Trojan.Gen.2 20170901
Tencent Win32.Trojan.Generic.Suef 20170902
TrendMicro TROJ_GEN.R08OC0CI117 20170902
TrendMicro-HouseCall TROJ_GEN.R08OC0CI117 20170902
VIPRE Trojan.Win32.Generic!BT 20170902
ZoneAlarm by Check Point Backdoor.Win32.Dridex.np 20170902
Alibaba 20170901
ClamAV 20170902
CMC 20170828
Comodo 20170902
DrWeb 20170902
F-Prot 20170902
Fortinet 20170902
Jiangmin 20170902
Kingsoft 20170902
NANO-Antivirus 20170902
nProtect 20170902
SUPERAntiSpyware 20170902
Symantec Mobile Insight 20170901
TheHacker 20170828
TotalDefense 20170902
Trustlook 20170902
VBA32 20170901
ViRobot 20170902
Webroot 20170902
WhiteArmor 20170829
Yandex 20170901
Zillya 20170831
Zoner 20170902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Fax Server
Original name WinFax.DLL
Internal name WinFax.DLL
File version 5.2.1776.0
Description Microsoft Fax API Support DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-28 13:39:18
Entry Point 0x00002030
Number of sections 6
PE sections
Overlays
MD5 d3d9446802a44259755d38e6d163e820
File type ASCII text
Offset 122880
Size 2
Entropy 1.00
PE imports
GetServiceKeyNameW
GetSidSubAuthorityCount
GetTokenInformation
AddFontResourceA
FlattenPath
GetSystemPaletteEntries
GetTextFaceA
AreFileApisANSI
GetProfileIntW
FindFirstChangeNotificationA
IsValidCodePage
GetConsoleCursorInfo
DeleteTimerQueueEx
GetTimeFormatA
GetComputerNameExW
FlushViewOfFile
ExitProcess
LoadLibraryA
GetDefaultCommConfigA
GetProcAddress
ExtractIconW
InitializeSecurityContextA
GetCursorPos
LoadKeyboardLayoutA
GetClipboardViewer
GetMenuItemCount
GetSystemMetrics
DdeGetLastError
wsprintfW
GetWindowInfo
DestroyWindow
FindCloseUrlCache
DeleteMonitorW
DeletePrinterDriverExW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.1776.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
139264

EntryPoint
0x2030

OriginalFileName
WinFax.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.1776.0

TimeStamp
2017:08:28 15:39:18+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
WinFax.DLL

ProductVersion
5.2.1776.0

FileDescription
Microsoft Fax API Support DLL

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Fax Server

ProductVersionNumber
5.2.1776.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 581d1dc4cbaa240167c3b16eb84556cf
SHA1 0f3227db684b0bf29fb023a3c6a0ed13c3233b42
SHA256 6f8d8fdc128c5d31569cce5b31072720f5678b0461e1fb817a650cc3f333c9c8
ssdeep
3072:eXcTfS2HPLinejKbTOhitKhnM4ESHF5ca1:Ecz1ee+TGio9M4ESR

authentihash e4de01dfd2bdbe49de9dedf6977f102a635d3e0af6ac8242064a102f45e62f23
imphash 215c2be316a880ea0226be74831afe00
File size 120.0 KB ( 122882 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-09-02 03:12:08 UTC ( 1 year, 7 months ago )
Last submission 2018-05-19 08:44:02 UTC ( 11 months ago )
File names 581d1dc4cbaa240167c3b16eb84556cf.vir
WinFax.DLL
068.vir
aa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications