× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6fdfebe5011be92b952b98282831c0cab4e12234c119f68a99688e092fc5c32b
File name: 6fdfebe5011be92b952b98282831c0cab4e12234c119f68a99688e092fc5c32b
Detection ratio: 34 / 57
Analysis date: 2016-10-03 04:38:43 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3557153 20161003
AhnLab-V3 Malware/Win32.Generic.N2116003339 20161002
Arcabit Trojan.Generic.D364721 20161003
Avast Win32:Trojan-gen 20161003
AVG Atros4.WFQ 20161003
Avira (no cloud) TR/Crypt.Xpack.rbnns 20161002
AVware Trojan.Win32.Generic!BT 20161003
BitDefender Trojan.GenericKD.3557153 20161003
CAT-QuickHeal Trojan.Dynamer 20161001
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Trojan.EDQC-8602 20161003
Emsisoft Trojan.GenericKD.3557153 (B) 20161003
ESET-NOD32 a variant of Win32/Kryptik.FHDC 20161002
F-Secure Trojan.GenericKD.3557153 20161003
Fortinet W32/Dridex.FDR!tr 20161003
GData Trojan.GenericKD.3557153 20161003
Ikarus Trojan.Inject 20161002
Sophos ML trojandropper.win32.gepys.a 20160928
K7AntiVirus Trojan ( 004f964e1 ) 20161002
K7GW Trojan ( 004f964e1 ) 20161003
Kaspersky UDS:DangerousObject.Multi.Generic 20161003
Malwarebytes Trojan.FakeMS 20161003
McAfee Trojan-FJUN!2510BBE75100 20161003
McAfee-GW-Edition Trojan-FJUN!2510BBE75100 20161003
Microsoft Trojan:Win32/Dynamer!ac 20161003
eScan Trojan.GenericKD.3557153 20161003
Panda Trj/GdSda.A 20161002
Sophos AV Troj/Dridex-WD 20161003
Symantec Trojan.Cridex 20161003
Tencent Win32.Trojan.Kryptik.Hoei 20161003
TrendMicro TROJ_GEN.R01BC0EIT16 20161003
TrendMicro-HouseCall TROJ_GEN.R01BC0EIT16 20161003
VIPRE Trojan.Win32.Generic!BT 20161003
ViRobot Trojan.Win32.Z.Agent.262428[h] 20161003
AegisLab 20161003
Alibaba 20160930
ALYac 20160930
Antiy-AVL 20161003
Baidu 20161001
Bkav 20161002
ClamAV 20161003
CMC 20160930
Comodo 20161003
DrWeb 20161003
F-Prot 20160926
Jiangmin 20161003
Kingsoft 20161003
NANO-Antivirus 20161003
nProtect 20161003
Qihoo-360 20161003
Rising 20161003
SUPERAntiSpyware 20161002
TheHacker 20161001
VBA32 20161001
Yandex 20161002
Zillya 20161001
Zoner 20161003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name resmon.exe
Internal name resmon.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Resource Monitor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-26 15:18:16
Entry Point 0x0000C0F0
Number of sections 14
PE sections
PE imports
AddClusterResourceNode
SetDefaultCommConfigW
HeapSetInformation
GetDriveTypeW
WritePrivateProfileStructA
VirtualQuery
GetLongPathNameA
CopyFileA
GetComputerNameA
VirtualProtect
GetProcAddress
LoadLibraryA
FindFirstVolumeW
wnsprintfA
fclose
isprint
wcsncat
isleadbyte
CompareSecurityIds
Number of PE resources by type
RT_ICON 13
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.56

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0xc0f0

OriginalFileName
resmon.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2016:09:26 16:18:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
resmon.exe

ProductVersion
6.1.7600.16385

FileDescription
Resource Monitor

OSVersion
3.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2510bbe7510051c28caccd58ddb52007
SHA1 9e7f054aeebee07e5f187576e08228be2fc38de4
SHA256 6fdfebe5011be92b952b98282831c0cab4e12234c119f68a99688e092fc5c32b
ssdeep
6144:krYZ9tBnczIq+DqZja3DwMbbFA7aQoKORnyl:KYrK+fzwMbRA7aQoKu6

authentihash f56e9e7f7c3c723da18b161d9537ed6580daeb34a77358bf8713bf6868010524
imphash 03f3f0c461df0814c5fa9f77f8b2591d
File size 256.3 KB ( 262428 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-27 12:42:34 UTC ( 2 years, 4 months ago )
Last submission 2016-12-17 05:38:41 UTC ( 2 years, 2 months ago )
File names dridex-14x.exe
img-0879039984002 jpg.jpg.exe
resmon.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs