× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d43395c88efb3c172bc49ddac384fe67409e98041528de076a4e5df4457d49f
File name: 7d43395c88efb3c172bc49ddac384fe67409e98041528de076a4e5df4457d49f
Detection ratio: 17 / 62
Analysis date: 2017-03-24 02:11:48 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
AegisLab Backdoor.W32.Dridex!c 20170324
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170323
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170317
ESET-NOD32 a variant of Win32/Kryptik.FQEG 20170324
Fortinet W32/Agent.AVUV!tr 20170323
Sophos ML trojandownloader.win32.renos.pt 20170203
Kaspersky Backdoor.Win32.Dridex.dm 20170323
McAfee Artemis!1F0C227ABE77 20170323
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20170324
Palo Alto Networks (Known Signatures) generic.ml 20170324
Qihoo-360 HEUR/QVM20.1.FDEB.Malware.Gen 20170324
Rising Malware.Heuristic!ET#82% (cloud:NqF45fcHx7M) 20170324
Sophos AV Troj/Agent-AVUV 20170324
Symantec Trojan.Cridex 20170322
Webroot W32.Trojan.Gen 20170324
ZoneAlarm by Check Point Backdoor.Win32.Dridex.dm 20170323
Ad-Aware 20170324
AhnLab-V3 20170323
Alibaba 20170323
ALYac 20170323
Antiy-AVL 20170323
Arcabit 20170323
Avast 20170323
AVG 20170323
Avira (no cloud) 20170324
AVware 20170323
BitDefender 20170323
Bkav 20170323
CAT-QuickHeal 20170322
ClamAV 20170323
CMC 20170317
Comodo 20170324
Cyren 20170323
DrWeb 20170324
Emsisoft 20170323
F-Prot 20170324
F-Secure 20170323
GData 20170323
Ikarus 20170323
Jiangmin 20170324
K7AntiVirus 20170323
K7GW 20170323
Kingsoft 20170324
Malwarebytes 20170323
Microsoft 20170323
eScan 20170324
NANO-Antivirus 20170323
nProtect 20170324
Panda 20170323
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170324
Symantec Mobile Insight 20170324
Tencent 20170324
TheHacker 20170321
TotalDefense 20170323
TrendMicro 20170324
TrendMicro-HouseCall 20170324
Trustlook 20170324
VBA32 20170323
VIPRE 20170324
ViRobot 20170323
WhiteArmor 20170315
Yandex 20170323
Zillya 20170323
Zoner 20170323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SPINF.DLL
Internal name SPINF.DLL
File version 6.1.7601.16385 (win7_rtm.090713-1255)
Description Windows SPINF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-22 17:41:25
Entry Point 0x000016C0
Number of sections 10
PE sections
PE imports
DeregisterEventSource
SetServiceBits
GetUserNameW
DestroyPropertySheetPage
JetUpdate
FrameRgn
CreatePalette
LPtoDP
GetCommandLineA
DeviceIoControl
GetProcAddress
GetModuleHandleW
FreeConsole
CreateStdDispatch
RasGetEntryDialParamsW
RpcFreeAuthorizationContext
ExtractAssociatedIconA
PathIsFileSpecA
StrRChrIA
StrRStrIA
GetUrlCacheEntryInfoA
SetPortW
MonikerCommonPrefixWith
CoCreateFreeThreadedMarshaler
CoInternetCreateSecurityManager
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
159744

EntryPoint
0x16c0

OriginalFileName
SPINF.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.16385 (win7_rtm.090713-1255)

TimeStamp
2017:03:22 18:41:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SPINF.DLL

ProductVersion
6.1.7601.16385

FileDescription
Windows SPINF

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 1f0c227abe77b4fd3f04bae18f3f742e
SHA1 7585295269ea8260de2db1724a0bd2bb134b0963
SHA256 7d43395c88efb3c172bc49ddac384fe67409e98041528de076a4e5df4457d49f
ssdeep
3072:Ob+gQcAz0O1Uiq1mRQkQ/xsNQDJp1B1/aR9+ABXZ+cC/:Ob+n7ziygxaSTB1ChXZfC

authentihash 575813f4b1ec5ad352c8da42625070e04408f35962e24d9a39d98c1759508d0b
imphash bb996567f4a7905a0d3c4eef13acde0f
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-23 23:37:00 UTC ( 1 year, 12 months ago )
Last submission 2017-03-24 13:13:25 UTC ( 1 year, 12 months ago )
File names SPINF.DLL
jimmichu.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications