× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7b86f759fa6e8ef9f058af76af6ce49bf88dedd0da188160d2a18f31dec7f1a5
File name: 7b86f759fa6e8ef9f058af76af6ce49bf88dedd0da188160d2a18f31dec7f1a5
Detection ratio: 39 / 64
Analysis date: 2017-10-04 11:39:43 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6065906 20171004
AegisLab Backdoor.W32.Dridex!c 20171004
Arcabit Trojan.Generic.D5C8EF2 20171004
Avast FileRepMalware 20171004
AVG FileRepMalware 20171004
Avira (no cloud) TR/Crypt.ZPACK.oagrm 20171004
AVware Trojan.Win32.Generic!BT 20171004
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170930
BitDefender Trojan.GenericKD.6065906 20171004
CAT-QuickHeal Backdoor.Dridex 20171004
Comodo TrojWare.Win32.Trojan.Agent.hirie 20171004
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171004
Cyren W32/Trojan.SYEA-4553 20171004
DrWeb Trojan.DownLoader25.42008 20171004
Emsisoft Trojan.GenericKD.6065906 (B) 20171004
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Agent.ZER 20171004
F-Secure Trojan.GenericKD.6065906 20171004
Ikarus Trojan.Win32.Agent 20171004
Sophos ML heuristic 20170914
K7GW Trojan ( 005186f61 ) 20171004
Kaspersky Backdoor.Win32.Dridex.nz 20171004
Malwarebytes Trojan.Injector 20171004
MAX malware (ai score=99) 20171004
McAfee RDN/Generic Trojan.i 20171004
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20171004
eScan Trojan.GenericKD.6065906 20171004
nProtect Backdoor/W32.Dridex.155648.C 20171004
Palo Alto Networks (Known Signatures) generic.ml 20171004
Panda Trj/GdSda.A 20171003
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Troj/Inject-CTY 20171004
Symantec Trojan.Cridex 20171003
TrendMicro-HouseCall TROJ_GEN.R03FC0OJ317 20171004
VIPRE Trojan.Win32.Generic!BT 20171004
ViRobot Trojan.Win32.U.Agent.155648.J 20171004
Webroot W32.Trojan.Gen 20171004
ZoneAlarm by Check Point Backdoor.Win32.Dridex.nz 20171004
AhnLab-V3 20171004
Alibaba 20170911
ALYac 20171004
Antiy-AVL 20171004
Avast-Mobile 20171004
Bkav 20171004
ClamAV 20171004
CMC 20171004
F-Prot 20171004
Fortinet 20171004
Jiangmin 20171004
K7AntiVirus 20171004
Kingsoft 20171004
Microsoft 20171004
NANO-Antivirus 20171004
Qihoo-360 20171004
Rising 20171004
SUPERAntiSpyware 20171004
Symantec Mobile Insight 20171004
Tencent 20171004
TheHacker 20171002
TotalDefense 20171004
Trustlook 20171004
VBA32 20171004
WhiteArmor 20170927
Yandex 20170908
Zillya 20171003
Zoner 20171004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-02 05:17:16
Entry Point 0x000021B0
Number of sections 7
PE sections
PE imports
GetServiceKeyNameW
InitiateSystemShutdownW
AddFontResourceA
GetMetaFileBitsEx
GetTextMetricsW
AreFileApisANSI
GetLastError
RaiseException
EraseTape
GetProcAddress
LocalAlloc
IsValidCodePage
LocalFlags
lstrcatA
FindNextFileW
GetStringTypeExW
InterlockedExchange
GetDateFormatW
ExitProcess
LocalFree
GetComputerNameExW
GetLargestConsoleWindowSize
GetUserDefaultLCID
GetCommConfig
LoadLibraryA
FreeLibrary
ExtractIconW
FreeCredentialsHandle
FindFirstUrlCacheEntryW
DeletePortW
fprintf
fgetws
FaultInIEFeature
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 8
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:10:02 06:17:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
8.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, Large address aware, 32-bit

EntryPoint
0x21b0

InitializedDataSize
344064

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 37bb2a6f1a1402a9737631ba77b5af67
SHA1 6413e9bb63640c52235c76abed3d56ae31a5dce4
SHA256 7b86f759fa6e8ef9f058af76af6ce49bf88dedd0da188160d2a18f31dec7f1a5
ssdeep
3072:WcFoMEIsfP7i4pJrWmiy8TFTzW1MbFbRgLh7/47w47RrIfHYTo:Wc2P7lJ2/FG1gbOLh7/47ZsgT

authentihash 759d233a6b17b596dcdb211f975a5da4d6f7d4a0446232b143b0f925391d78d2
imphash 61ab142671d33fbb8749108d6bd00349
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-02 08:42:55 UTC ( 1 year, 4 months ago )
Last submission 2018-05-08 03:53:52 UTC ( 9 months, 2 weeks ago )
File names 7b86f759fa6e8ef9f058af76af6ce49bf88dedd0da188160d2a18f31dec7f1a5
ePe2dKjnl.exe
ePe2dKjnl.exe
ePe2dKjnl.exe
ePe2dKjnl.exe
localfile~
documents.pt
37bb2a6f1a1402a9737631ba77b5af67.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications