× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d133cb8978fb613c0dc51fd78d723140b49e68eb15d2664d9e97cd87e880a8f
File name: dfsdfff.exe
Detection ratio: 29 / 54
Analysis date: 2015-04-05 19:46:11 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2270604 20150405
ALYac Trojan.GenericKD.2270604 20150405
Avast Win32:GenMaliciousA-MLA [Trj] 20150405
AVG Crypt4.IUT 20150405
Baidu-International Trojan.Win32.Dridex.M 20150405
BitDefender Trojan.GenericKD.2270604 20150405
DrWeb Trojan.Dridex.76 20150405
Emsisoft Trojan.GenericKD.2270604 (B) 20150405
ESET-NOD32 Win32/Dridex.M 20150405
F-Secure Trojan.GenericKD.2270604 20150405
Fortinet W32/Dridex.CJF!tr 20150405
GData Trojan.GenericKD.2270604 20150405
Ikarus Trojan.Win32.Dridex 20150405
K7GW Trojan ( 004baddc1 ) 20150405
Kaspersky Worm.Win32.Cridex.pzn 20150405
Malwarebytes Trojan.MSIL.ED 20150405
McAfee RDN/Generic.dx!dpf 20150405
McAfee-GW-Edition RDN/Generic.dx!dpf 20150405
Microsoft Trojan:Win32/Dynamer!ac 20150405
eScan Trojan.GenericKD.2270604 20150405
NANO-Antivirus Trojan.Win32.Cridex.dqbwsb 20150405
Norman Troj_Generic.ZUVGY 20150405
Panda Generic Suspicious 20150401
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150405
Sophos AV Troj/MSIL-CJF 20150405
Symantec Trojan.Cridex 20150405
Tencent Trojan.Win32.Qudamah.Gen.18 20150405
TrendMicro-HouseCall Suspicious_GEN.F47V0404 20150405
VIPRE Win32.Malware!Drop 20150405
AegisLab 20150405
Yandex 20150405
AhnLab-V3 20150405
Alibaba 20150405
Antiy-AVL 20150405
Avira (no cloud) 20150405
AVware 20150405
Bkav 20150404
ByteHero 20150405
CAT-QuickHeal 20150404
ClamAV 20150404
CMC 20150403
Comodo 20150405
Cyren 20150405
F-Prot 20150401
Jiangmin 20150405
K7AntiVirus 20150405
Kingsoft 20150405
nProtect 20150404
Rising 20150405
SUPERAntiSpyware 20150405
TheHacker 20150403
TotalDefense 20150405
TrendMicro 20150405
VBA32 20150403
ViRobot 20150405
Zillya 20150405
Zoner 20150403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Publisher SupervisorsSizesRegions
Product TakenRefinance SwitchingStripperScald
Original name UrinaryRestoredSilent.exe
Internal name UrinaryRestoredSilent.exe
File version 4.1.8.1
Description SpotonReplenishment ReorganisingSupersedes
Comments SchemeSheltersRequirement SimulationSoftener
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-09-17 15:16:58
Entry Point 0x0003249E
Number of sections 3
.NET details
Module Version ID dc769f65-ffec-4538-b97c-ddfd957b38bf
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
SchemeSheltersRequirement SimulationSoftener

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.8.1

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x3249e

OriginalFileName
UrinaryRestoredSilent.exe

MIMEType
application/octet-stream

FileVersion
4.1.8.1

TimeStamp
2005:09:17 16:16:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UrinaryRestoredSilent.exe

SubsystemVersion
4.0

ProductVersion
4.1.8.1

FileDescription
SpotonReplenishment ReorganisingSupersedes

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SupervisorsSizesRegions

CodeSize
198144

ProductName
TakenRefinance SwitchingStripperScald

ProductVersionNumber
4.1.8.1

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.9.0.5

File identification
MD5 c37edcda89acf163085649cf139879a9
SHA1 c656188aa246424429175b9094a20633ab97f3b6
SHA256 7d133cb8978fb613c0dc51fd78d723140b49e68eb15d2664d9e97cd87e880a8f
ssdeep
3072:fYT9juobYOFIQSaIsCiuGLSm7JC6jjNWPAmSmVdMUXhEl:fKuobYyvFhLvAomVd

authentihash 2f6b66f1c2a8bcdbbe4a30587371b4b5735bd15b165640f21f931e7309a16c66
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 196.5 KB ( 201216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-04-03 12:33:58 UTC ( 3 years, 11 months ago )
Last submission 2015-04-06 07:01:19 UTC ( 3 years, 11 months ago )
File names dfsdfff.exe
output.63790949.txt
63790949
dfsdfff.exe.dr
kansp1.exe
UrinaryRestoredSilent.exe
kansp1.jpg
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F0C2C00DT15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
TCP connections
UDP communications