× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85d2f07e45e235a5811f3f99bdb0a35cac8c8715628e18dd457c3a1fbe4f31dd
File name: IG.EXE.bin
Detection ratio: 4 / 55
Analysis date: 2015-12-11 13:05:13 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Teslacrypt.Gen 20151211
Avast Win32:Malware-gen 20151211
Kaspersky UDS:DangerousObject.Multi.Generic 20151211
Qihoo-360 Win32/Trojan.Multi.daf 20151211
Ad-Aware 20151211
AegisLab 20151211
Yandex 20151210
Alibaba 20151208
ALYac 20151211
Antiy-AVL 20151211
Arcabit 20151211
AVG 20151211
Avira (no cloud) 20151211
AVware 20151211
Baidu-International 20151211
BitDefender 20151211
Bkav 20151210
ByteHero 20151211
CAT-QuickHeal 20151209
ClamAV 20151211
CMC 20151211
Comodo 20151209
Cyren 20151211
DrWeb 20151211
Emsisoft 20151211
ESET-NOD32 20151211
F-Prot 20151211
F-Secure 20151211
Fortinet 20151211
GData 20151211
Ikarus 20151211
Jiangmin 20151210
K7AntiVirus 20151211
K7GW 20151211
Malwarebytes 20151211
McAfee 20151211
McAfee-GW-Edition 20151211
Microsoft 20151211
eScan 20151211
NANO-Antivirus 20151211
nProtect 20151211
Panda 20151210
Rising 20151210
Sophos AV 20151211
SUPERAntiSpyware 20151211
Symantec 20151210
Tencent 20151211
TheHacker 20151209
TrendMicro 20151211
TrendMicro-HouseCall 20151211
VBA32 20151210
VIPRE 20151211
ViRobot 20151211
Zillya 20151211
Zoner 20151211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-03 01:49:01
Entry Point 0x0003DDF2
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorOwner
GetTokenInformation
MakeSelfRelativeSD
AdjustTokenGroups
IsValidSid
SetSecurityDescriptorDacl
BuildImpersonateTrusteeA
GetTrusteeTypeA
ImpersonateLoggedOnUser
GetFileSecurityA
IsValidSecurityDescriptor
PropertySheetA
ImageList_BeginDrag
CreateToolbarEx
ImageList_Replace
FlatSB_SetScrollInfo
FlatSB_GetScrollProp
ImageList_GetIcon
FlatSB_GetScrollRange
PropertySheetW
FlatSB_SetScrollPos
Ord(5)
ImageList_SetDragCursorImage
FlatSB_GetScrollInfo
ImageList_GetDragImage
FlatSB_SetScrollRange
ImageList_DragMove
ImageList_DragLeave
FlatSB_SetScrollProp
ImageList_DrawIndirect
ImageList_Merge
Ord(17)
ImageList_SetIconSize
ImageList_GetImageInfo
UninitializeFlatSB
FlatSB_ShowScrollBar
ImageList_GetImageCount
DrawStatusTextW
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
DestroyPropertySheetPage
Ord(6)
ImageList_GetBkColor
Ord(15)
Ord(4)
InitializeFlatSB
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_AddMasked
ImageList_Duplicate
ImageList_Copy
InitCommonControlsEx
CreateStatusWindowW
ImageList_LoadImageA
FlatSB_GetScrollPos
ImageList_SetImageCount
Ord(16)
ImageList_EndDrag
CreatePropertySheetPageA
Ord(13)
FlatSB_EnableScrollBar
ImageList_GetIconSize
CreateDCA
CreateBitmapIndirect
AnimatePalette
CreateSolidBrush
SymGetSymFromName
SearchTreeForFile
ImageDirectoryEntryToData
GetTimestampForLoadedLibrary
SymGetLineFromName
ImageAddCertificate
ImagehlpApiVersionEx
ImageRemoveCertificate
BindImageEx
GetStartupInfoA
CommConfigDialogW
GetProcessShutdownParameters
GetModuleHandleA
FindNextFileW
GetProcessHeaps
GetWindowsDirectoryA
DefineDosDeviceA
GetSystemTimeAsFileTime
FillConsoleOutputCharacterW
GetUserDefaultLCID
rand
_wsetlocale
memcmp
_acmdln
_adjust_fdiv
_fstat
__p__commode
_controlfp
__p__fmode
__getmainargs
_initterm
__set_app_type
__setusermatherr
_iob
LPSAFEARRAY_UserMarshal
CreateErrorInfo
RasDeleteEntryW
RasGetErrorStringW
RasGetConnectStatusW
RasEnumDevicesW
RasValidateEntryNameA
RasGetEntryDialParamsA
RasEnumConnectionsW
RasGetEntryPropertiesA
RasHangUpA
RasEnumEntriesA
CreateIconFromResourceEx
ChooseColorA
CoRegisterPSClsid
CoFileTimeNow
CoUnmarshalHresult
HBITMAP_UserMarshal
CoMarshalInterThreadInterfaceInStream
StgOpenStorageEx
PropStgNameToFmtId
CoGetStdMarshalEx
STGMEDIUM_UserUnmarshal
STGMEDIUM_UserFree
CreateItemMoniker
StgGetIFillLockBytesOnFile
CoCreateGuid
HMENU_UserFree
CoLockObjectExternal
HPALETTE_UserSize
RevokeDragDrop
CoLoadLibrary
HGLOBAL_UserUnmarshal
HPALETTE_UserFree
StgCreatePropSetStg
OleDraw
CLIPFORMAT_UserFree
OleGetClipboard
SNB_UserFree
SNB_UserUnmarshal
HMENU_UserSize
OleCreateMenuDescriptor
CoGetCurrentProcess
CoDisconnectObject
BindMoniker
CoBuildVersion
HGLOBAL_UserFree
STGMEDIUM_UserSize
MonikerCommonPrefixWith
StgCreateDocfile
CoTaskMemAlloc
StringFromGUID2
ReadClassStg
StgSetTimes
CoGetInterfaceAndReleaseStream
StringFromCLSID
OleSave
CoIsOle1Class
HBITMAP_UserSize
HACCEL_UserSize
CoRevokeMallocSpy
CoRegisterClassObject
OleNoteObjectVisible
StringFromIID
OleLoadFromStream
OleRegEnumVerbs
HBITMAP_UserUnmarshal
OleQueryLinkFromData
OleSetClipboard
CreateDataAdviseHolder
CoAddRefServerProcess
StgCreatePropStg
CoFreeAllLibraries
OleIsCurrentClipboard
OleUninitialize
CoUninitialize
OleCreateFromData
OleTranslateAccelerator
FreePropVariantArray
FmtIdToPropStgName
StgOpenStorageOnILockBytes
GetConvertStg
CLIPFORMAT_UserUnmarshal
OleCreateEx
OleCreateLinkToFile
CreateClassMoniker
HACCEL_UserUnmarshal
IsAccelerator
OleRegGetMiscStatus
OleConvertOLESTREAMToIStorageEx
OleCreateFromFile
StgGetIFillLockBytesOnILockBytes
OleDoAutoConvert
HWND_UserUnmarshal
CLSIDFromString
CreateStreamOnHGlobal
ProgIDFromCLSID
SNB_UserMarshal
OleGetIconOfFile
CoTaskMemRealloc
OleQueryCreateFromData
CLIPFORMAT_UserMarshal
HACCEL_UserFree
CoUnmarshalInterface
HMENU_UserMarshal
HGLOBAL_UserSize
StgOpenAsyncDocfileOnIFillLockBytes
OleSaveToStream
HWND_UserMarshal
CreateBindCtx
CoDosDateTimeToFileTime
HWND_UserSize
OleSetMenuDescriptor
CoReleaseServerProcess
OleLockRunning
CLIPFORMAT_UserSize
CoGetMarshalSizeMax
OleGetAutoConvert
CoMarshalHresult
OleCreateLinkToFileEx
CreatePointerMoniker
SNB_UserSize
OleCreateLink
CoFreeLibrary
GetHGlobalFromILockBytes
CoGetPSClsid
OleIsRunning
OleLoad
GetClassFile
CoGetClassObject
StgCreateStorageEx
HACCEL_UserMarshal
STGMEDIUM_UserMarshal
CoGetStandardMarshal
StgIsStorageFile
OleCreateEmbeddingHelper
StgCreateDocfileOnILockBytes
OleCreateDefaultHandler
CreateOleAdviseHolder
CoFileTimeToDosDateTime
CLSIDFromProgID
WriteClassStg
HPALETTE_UserUnmarshal
MkParseDisplayName
CreateGenericComposite
Number of PE resources by type
RT_MENU 8
RT_ICON 5
RT_GROUP_ICON 5
RT_ACCELERATOR 2
RT_BITMAP 1
kt642 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 12
CZECH DEFAULT 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
155648

ImageVersion
0.0

FileVersionNumber
0.45.115.143

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Chatter

CharacterSet
Unicode

LinkerVersion
7.0

FileTypeExtension
exe

OriginalFileName
Aristocratic.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
2, 146, 20, 23

TimeStamp
2007:10:03 02:49:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ashamed

ProductVersion
247, 213, 155, 239

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2016

MachineType
Intel 386 or later, and compatibles

CompanyName
ALi Laboratories Inc.

CodeSize
249856

FileSubtype
0

ProductVersionNumber
0.72.227.230

EntryPoint
0x3ddf2

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 feaca8ba663190cbff32892312043b27
SHA1 9b5aac00af7d450ac1751e8402627c583bd84817
SHA256 85d2f07e45e235a5811f3f99bdb0a35cac8c8715628e18dd457c3a1fbe4f31dd
ssdeep
6144:W5jzYHJ3ye41buR1afR8Fq9DxpovupgRBGCm/w:wjzYH4e4kR0fRcC9dwBs/w

authentihash 0ac949982a7cea2ed68cca311c19690f9013d288b3914c5df85a0f5a45d8d113
imphash 2abd1aec83727218cce536562706103a
File size 300.0 KB ( 307200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-11 09:22:41 UTC ( 3 years, 3 months ago )
Last submission 2017-02-10 15:23:03 UTC ( 2 years, 1 month ago )
File names IG.exe.3908.dr
gogol.exe
gogol.exe
85d2f07e45e235a5811f3f99bdb0a35cac8c8715628e18dd457c3a1fbe4f31dd.exe
IG.exe
gogol.exe
IG.exe.2512.dr
IG.EXE.bin
Live Triage Lab 4 - dridex.exe
IG.exe.3816.dr
feaca8ba663190cbff32892312043b27.exe
lab 8 - dridex.exe
succession.php
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections