× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 868bf86a54c7f5113ef64e2184163cd4ebc9f618cf3724ffb9ef399957e7b355
File name: 42.vir
Detection ratio: 37 / 56
Analysis date: 2015-12-04 15:37:11 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2897016 20151204
Yandex Trojan.SelfDel!+F/0G/Lr7OA 20151203
AhnLab-V3 Trojan/Win32.Dridex 20151204
ALYac Trojan.GenericKD.2897016 20151204
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20151204
Arcabit Trojan.Generic.D2C3478 20151204
Avast Win32:Trojan-gen 20151204
AVG Inject3.RLZ 20151204
Avira (no cloud) TR/AD.DridexDownloader.Y.61 20151204
AVware Trojan.Win32.Generic!BT 20151204
Baidu-International Trojan.Win32.Dridex.Y 20151204
BitDefender Trojan.GenericKD.2897016 20151204
Cyren W32/Trojan.ENMG-8121 20151204
DrWeb Trojan.DownLoader17.64754 20151204
Emsisoft Trojan.GenericKD.2897016 (B) 20151204
ESET-NOD32 Win32/Dridex.Y 20151204
F-Secure Trojan.GenericKD.2897016 20151204
Fortinet W32/Injector.CNMJ!tr 20151204
GData Trojan.GenericKD.2897016 20151204
K7AntiVirus Trojan ( 004d6ae11 ) 20151202
K7GW Trojan ( 004d6ae11 ) 20151202
Kaspersky Trojan.Win32.SelfDel.blde 20151204
Malwarebytes Trojan.Injector 20151204
McAfee GenericR-FFB!1C27B6CBD9A3 20151204
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20151204
Microsoft Backdoor:Win32/Drixed.M 20151204
eScan Trojan.GenericKD.2897016 20151204
NANO-Antivirus Trojan.Win32.Dridex.dyxops 20151204
nProtect Trojan.GenericKD.2897016 20151204
Panda Trj/dridex.A 20151204
Rising PE:Malware.Obscure/Heur!1.9E03 [F] 20151203
Sophos AV Mal/Zbot-UH 20151204
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20151204
Symantec Trojan.Cridex 20151204
Tencent Win32.Trojan.Ad.Dygt 20151204
VIPRE Trojan.Win32.Generic!BT 20151204
Zillya Trojan.Dridex.Win32.335 20151204
AegisLab 20151204
Alibaba 20151204
Bkav 20151204
ByteHero 20151204
CAT-QuickHeal 20151204
ClamAV 20151204
CMC 20151201
Comodo 20151202
F-Prot 20151204
Ikarus 20151204
Jiangmin 20151203
Qihoo-360 20151204
TheHacker 20151202
TotalDefense 20151204
TrendMicro 20151204
TrendMicro-HouseCall 20151204
VBA32 20151204
ViRobot 20151204
Zoner 20151204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-22 11:39:14
Entry Point 0x00002410
Number of sections 4
PE sections
Overlays
MD5 f1d3ff8443297732862df21dc4e57262
File type ASCII text
Offset 176128
Size 4
Entropy 0.00
PE imports
RegDeleteKeyW
GetCharABCWidthsFloatA
CreateCompatibleDC
SetStdHandle
GetStartupInfoA
GetDateFormatA
CreateFileW
GetEnvironmentStrings
GetTimeZoneInformation
MapViewOfFile
GetModuleHandleA
GetModuleFileNameW
FindNextFileW
GetOEMCP
HeapDestroy
ExitProcess
FindFirstFileA
GetCommandLineA
CreateFileA
FlushFileBuffers
GetModuleFileNameA
HeapReAlloc
GetACP
GetLocaleInfoW
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(815)
Ord(3136)
Ord(2486)
Ord(1223)
Ord(1799)
Ord(4033)
Ord(2124)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(5716)
Ord(6215)
Ord(2385)
Ord(6354)
Ord(922)
Ord(641)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(290)
Ord(5500)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(839)
Ord(4424)
Ord(540)
Ord(2623)
Ord(4003)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1206)
Ord(1727)
Ord(823)
Ord(446)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(1199)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(5575)
Ord(4079)
Ord(1146)
Ord(465)
Ord(3147)
Ord(6375)
Ord(6052)
Ord(1669)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(858)
Ord(2396)
Ord(464)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(4486)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(6877)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(1205)
Ord(4278)
Ord(3079)
Ord(433)
Ord(4226)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(743)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(1816)
Ord(4622)
Ord(561)
Ord(434)
Ord(614)
Ord(5717)
Ord(3825)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
strtol
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
VariantClear
GetCursorPos
GetDesktopWindow
GetSystemMetrics
GetCaretBlinkTime
PeekMessageW
UpdateWindow
MessageBoxIndirectA
HideCaret
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
LoadIconA
EnableWindow
ShowWindow
IsIconic
RegisterClipboardFormatW
AppendMenuA
Debug information
ExifTool file metadata
galTrademarks
> OriginalFilename

ivateBuild
.ProductName

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Swedish

FileFlagsMask
0x003f

Tag2014
(

CharacterSet
Unknown (04B0 )

ecialBuild
D

InitializedDataSize
163840

EntryPoint
0x2410

MIMEType
application/octet-stream

mments
$CompanyName

TimeStamp
2015:11:22 12:39:14+01:00

FileType
Win32 EXE

PEType
PE32

ion
: ProductVersion

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
268443648

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1c27b6cbd9a3c38c8bf18657271daa65
SHA1 d87015412d0bb0d4bd081c8783bb1f578c98cfb3
SHA256 868bf86a54c7f5113ef64e2184163cd4ebc9f618cf3724ffb9ef399957e7b355
ssdeep
3072:qZkKstjomW1XBJqhhPQa77l79KQXF6yvf4FkbmB7VU2fMae:zvUmgqkm9KQXF6yvwCbu7gD

authentihash 84c3f8016538d8fe32b969f5921ff74427e31ef2dc92e654303fc7c640d05151
imphash 3c0df6d8c78f9ce11bee326616d075a2
File size 172.0 KB ( 176132 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-04 15:09:46 UTC ( 3 years, 3 months ago )
Last submission 2015-12-04 15:37:11 UTC ( 3 years, 3 months ago )
File names 42.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs