× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88fa0034b3d5f2cad5d34e333ba703242237dfcb6880992b49ed73d102005b66
File name: 11.exe
Detection ratio: 6 / 57
Analysis date: 2015-06-10 13:03:52 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Dridex 20150610
Fortinet W32/Dridex.P!tr 20150610
Kaspersky UDS:DangerousObject.Multi.Generic 20150610
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150610
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150610
Tencent Trojan.Win32.YY.Gen.4 20150610
Ad-Aware 20150610
AegisLab 20150610
Yandex 20150609
Alibaba 20150610
ALYac 20150610
Antiy-AVL 20150610
Arcabit 20150610
Avast 20150610
AVG 20150610
Avira (no cloud) 20150610
AVware 20150610
Baidu-International 20150610
BitDefender 20150610
Bkav 20150610
ByteHero 20150610
CAT-QuickHeal 20150610
ClamAV 20150610
CMC 20150610
Comodo 20150610
Cyren 20150610
DrWeb 20150610
Emsisoft 20150610
ESET-NOD32 20150610
F-Prot 20150610
F-Secure 20150610
GData 20150610
Ikarus 20150610
Jiangmin 20150609
K7AntiVirus 20150610
K7GW 20150610
Kingsoft 20150610
Malwarebytes 20150610
McAfee 20150610
McAfee-GW-Edition 20150609
Microsoft 20150610
eScan 20150610
NANO-Antivirus 20150610
nProtect 20150610
Panda 20150610
Sophos AV 20150610
SUPERAntiSpyware 20150610
Symantec 20150610
TheHacker 20150609
TotalDefense 20150610
TrendMicro 20150610
TrendMicro-HouseCall 20150610
VBA32 20150609
VIPRE 20150610
ViRobot 20150610
Zillya 20150610
Zoner 20150609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name INETRES.DLL
Internal name INETRES
File version 6.00.2902.5532 (xpsp.080413-2105)
Description Ресурсы API почты Интернета
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-10 09:56:19
Entry Point 0x00001078
Number of sections 10
PE sections
PE imports
GetVolumePathNamesForVolumeNameW
GetComputerNameW
GetCurrentProcess
SetConsoleScreenBufferSize
VerLanguageNameW
GetDefaultCommConfigW
CreateFileW
GetDriveTypeA
CreateEventA
FreeEnvironmentStringsW
TlsGetValue
CreateMailslotA
SetProcessAffinityMask
GetUserGeoID
GetVersionExA
VirtualQueryEx
GetProcessHeap
SetupGetLineTextW
isalpha
_chkstk
atan
Number of PE resources by type
RT_STRING 18
RT_DIALOG 8
RT_BITMAP 5
RT_MENU 4
RT_ICON 3
RT_GROUP_ICON 2
REGINST 1
RT_ACCELERATOR 1
Struct(2110) 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 44
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.254

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.2900.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
133120

EntryPoint
0x1078

OriginalFileName
INETRES.DLL

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
6.00.2902.5532 (xpsp.080413-2105)

TimeStamp
2015:06:10 10:56:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
INETRES

ProductVersion
6.00.2901.5512

FileDescription
API

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
39936

ProductName
Microsoft Windows

ProductVersionNumber
6.0.2900.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 80e51715a4242d0d25668d499796b733
SHA1 5d0ea3a53d166bc10321fae3a16d9a01fb363551
SHA256 88fa0034b3d5f2cad5d34e333ba703242237dfcb6880992b49ed73d102005b66
ssdeep
1536:pspUQKCkuwsG+p8J2Ksy7kjCkI21KyJkkhwDAY4oYa6ZVVLh6e:pspAeBGLJ9sy7Z21KtkhwDL6LVLh6e

authentihash 33186d15edfb4b474ddc8cdd5e70b0d53c7cbcaca9bff49ce84e9d40370cf05f
imphash c5ebf69f22ea07d2a57d43eb34e26c03
File size 151.0 KB ( 154624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-06-10 11:15:26 UTC ( 3 years, 11 months ago )
Last submission 2018-06-18 10:48:32 UTC ( 11 months, 1 week ago )
File names 80e51715a4242d0d25668d499796b733.exe
80e51715a4242d0d25668d499796b733
INETRES
output.72673076.txt
80E51715A4242D0D25668D499796B733
birsafpc.exe
11.exe
www.igbwesthoek.be_11.exe
NdL9z1.ps1
output.72829614.txt
80e51715a4242d0d25668d499796b733
INETRES.DLL
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections