× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 86d5ea371b13ad40d85957bf2e6b1883c3c413f1689a281ef4fbca7f89cb1fbc
File name: 61.exe
Detection ratio: 42 / 56
Analysis date: 2015-12-28 17:58:20 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2321262 20151224
Yandex Trojan.Dridex! 20151226
AhnLab-V3 Trojan/Win32.Dyre 20151228
Avast Win32:Pierre-A [Trj] 20151228
AVG Crypt4.TIP 20151228
Avira (no cloud) TR/Crypt.EPACK.34178 20151228
AVware Win32.Malware!Drop 20151228
Baidu-International Worm.Win32.Cridex.rm 20151228
BitDefender Trojan.GenericKD.2321262 20151228
Bkav HW32.Packed.A8B8 20151228
ByteHero Trojan.Malware.Obscu.Gen.002 20151228
CAT-QuickHeal WormAPT.Cridex.r5 20151228
Cyren W32/Trojan.MLPT-8765 20151228
DrWeb Trojan.Siggen6.34465 20151228
Emsisoft Trojan.Win32.Dridex (A) 20151228
ESET-NOD32 Win32/Dridex.P 20151228
F-Secure Trojan.GenericKD.2321262 20151228
Fortinet W32/Dridex.P!tr 20151228
GData Trojan.GenericKD.2321262 20151228
Ikarus Trojan.Win32.Dridex 20151228
Jiangmin Worm/Cridex.jv 20151228
K7AntiVirus Trojan ( 004beaac1 ) 20151228
K7GW Trojan ( 004beaac1 ) 20151228
Kaspersky Worm.Win32.Cridex.rm 20151228
Malwarebytes Trojan.InfoStealer.RND 20151228
McAfee PWS-FCBL!DA26ED1B6FE6 20151228
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20151228
Microsoft Backdoor:Win32/Drixed.D 20151228
eScan Trojan.GenericKD.2321262 20151228
NANO-Antivirus Trojan.Win32.Siggen6.dqzysv 20151228
nProtect Worm/W32.Cridex.150528 20151228
Panda Trj/Genetic.gen 20151228
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151226
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20151228
Sophos AV Troj/Agent-AMOP 20151228
Symantec Trojan.Cridex 20151228
Tencent Win32.Worm.Cridex.Wqwk 20151228
TheHacker Trojan/Dridex.p 20151228
TrendMicro TSPY_DRIDEX.XTK 20151228
TrendMicro-HouseCall TSPY_DRIDEX.XTK 20151228
VIPRE Win32.Malware!Drop 20151228
Zillya Worm.Cridex.Win32.574 20151228
AegisLab 20151228
Alibaba 20151208
ALYac 20151231
Antiy-AVL 20151228
Arcabit 20151228
ClamAV 20151228
CMC 20151228
Comodo 20151228
F-Prot 20151228
SUPERAntiSpyware 20151228
TotalDefense 20151228
VBA32 20151228
ViRobot 20151228
Zoner 20151228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-02-08 17:10:31
Entry Point 0x0000409E
Number of sections 5
PE sections
PE imports
PhoneBookFreeFilter
PhoneBookEnumNumbersWithRegionsZero
PhoneBookGetPhoneNonCanonicalA
PhoneBookEnumNumbers
PhoneBookEnumCountries
PhoneBookGetPhoneDescA
PhoneBookUnload
SetBkMode
GetStockObject
EqualRgn
STROBJ_dwGetCodePage
GdiValidateHandle
EngDeleteClip
GdiComment
GetNetworkParams
SetAdapterIpAddress
InternalGetIpNetTable
NotifyAddrChange
GetIpNetTable
GetRTTAndHopCount
_PfDeleteInterface@4
GetIfEntry
UnenableRouter
InternalDeleteIpNetEntry
InternalCreateIpForwardEntry
DeleteIPAddress
NhpAllocateAndGetInterfaceInfoFromStack
_PfRemoveFiltersFromInterface@20
_PfAddFiltersToInterface@24
GetTcpStatistics
GetInterfaceInfo
InternalGetIpForwardTable
GetUdpStatistics
IpReleaseAddress
GetSystemTime
GetLastError
HeapFree
lstrlenA
GetFileAttributesA
HeapAlloc
GetFileAttributesW
GetLocalTime
GetStartupInfoA
AddAtomA
GetCompressedFileSizeW
GetConsoleTitleA
GetProcessHeap
lstrcpynW
lstrcmpA
lstrcpynA
lstrcmpW
GetConsoleWindow
VirtualFree
GetTickCount
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
GradientFill
AlphaBlend
DllInitialize
TransparentBlt
vSetDdrawflag
StgSetTimes
CoUninitialize
CoUnmarshalHresult
CLIPFORMAT_UserFree
UtGetDvtd32Info
StgOpenAsyncDocfileOnIFillLockBytes
SetConvertStg
OleCreateFromData
CoEnableCallCancellation
CoResumeClassObjects
HICON_UserFree
IsEqualGUID
CoInitialize
HPALETTE_UserFree
OleCreateFromDataEx
PdhEnumObjectsA
PdhVbGetDoubleCounterValue
PdhVbUpdateLog
PdhSetQueryTimeRange
PdhValidatePathA
PdhSelectDataSourceA
PdhEnumObjectItemsA
PdhOpenLogW
PdhGetCounterTimeBase
PdhVbGetCounterPathFromList
PdhEnumObjectsW
PdhGetDefaultPerfCounterW
PdhGetDefaultPerfObjectA
PdhMakeCounterPathA
RasGetSubEntryHandleA
RasGetCountryInfoA
RasGetEntryPropertiesA
RasGetEapUserDataA
RasGetAutodialAddressA
RasGetProjectionInfoW
RasGetAutodialAddressW
RasDialA
RasSrvHangupConnection
RouterEntryDlgA
RasSrvEnumConnections
RasDialDlgW
DwTerminalDlg
RasUserPrefsDlg
RasSrvCleanupService
RasEntryDlgA
RasDialDlgA
RouterEntryDlgW
RasUserGetManualDial
RasSrvInitializeService
CPGetHashParam
CPCreateHash
CPHashSessionKey
CPReleaseContext
CPDestroyHash
CPDecrypt
PathGetDriveNumberA
UrlCanonicalizeA
PathGetDriveNumberW
PathFindFileNameW
StrTrimW
IntlStrEqWorkerA
PathFindFileNameA
PathCommonPrefixA
PathFindExtensionW
PathSkipRootW
PathStripPathA
PathRemoveBlanksW
PathStripToRootA
StrCSpnW
SHCreateShellPalette
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:02:08 18:10:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16896

LinkerVersion
2.25

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
161280

SubsystemVersion
4.0

EntryPoint
0x409e

OSVersion
4.0

ImageVersion
5.2

UninitializedDataSize
0

File identification
MD5 da26ed1b6fe69d15a400b3bc70001918
SHA1 c46c4c6e11813c9964fee6af6c0d02a0023adc02
SHA256 86d5ea371b13ad40d85957bf2e6b1883c3c413f1689a281ef4fbca7f89cb1fbc
ssdeep
3072:U4hxmWXO5o9l39eLLWyHy0WS/Tx8dfnx5dEmvQ1xJIlIu9DihrhAFq+qWDRt:UUln95ELWySJndfn7Om3X9O+q+qC

authentihash 40a14672e336cb9ba6b3ca658a2e109fe3aa79fe75fccbd6046107a2e483d6d7
imphash b72a9f24b0b107bdc210bfb97f6b6a7b
File size 147.0 KB ( 150528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-24 07:25:21 UTC ( 2 years, 7 months ago )
Last submission 2015-05-13 14:48:01 UTC ( 2 years, 6 months ago )
File names pierre4.exe
pierre5.bad.exe
c46c4c6e11813c9964fee6af6c0d02a0023adc02.exe
61.EXE
61.exe
pierre5.exe.dr
61.dat
oh8N_0NF7.sys
pierre6.exe
5PkFzMUI.exe
da26ed1b6fe69d15a400b3bc70001918.exe
VirusShare_da26ed1b6fe69d15a400b3bc70001918
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications