× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a1ae8f69771a20487117d477cfe205b7e0d2a48406dca2810ff75527fda19ff
File name: tk41ocZfV7O2kv2IGXsLbnTRfHXkZqlUaJaAZlzGSREDlXYCNCc56pPKiDrcCdeo@...
Detection ratio: 13 / 56
Analysis date: 2015-08-12 01:56:37 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20150812
Avira (no cloud) TR/Crypt.ZPACK.136891 20150811
AVware Trojan.Win32.Generic!BT 20150812
Baidu-International Adware.Win32.iBryte.DTCD 20150811
ESET-NOD32 a variant of Win32/Kryptik.DTCD 20150812
Fortinet W32/Generic.DTCD!tr 20150812
K7AntiVirus Trojan ( 004ccd651 ) 20150811
Kaspersky HEUR:Trojan.Win32.Generic 20150812
Qihoo-360 Win32/Trojan.f13 20150812
Rising PE:Trojan.Win32.Generic.18F2CFF3!418566131 20150811
Sophos AV Troj/Dridex-GD 20150812
Symantec Trojan.Cridex 20150812
VIPRE Trojan.Win32.Generic!BT 20150812
Ad-Aware 20150812
AegisLab 20150811
Yandex 20150811
AhnLab-V3 20150811
Alibaba 20150803
ALYac 20150812
Arcabit 20150812
Avast 20150812
AVG 20150811
BitDefender 20150812
Bkav 20150811
ByteHero 20150812
CAT-QuickHeal 20150811
ClamAV 20150812
CMC 20150710
Comodo 20150812
Cyren 20150812
DrWeb 20150812
Emsisoft 20150812
F-Prot 20150812
F-Secure 20150812
GData 20150812
Ikarus 20150812
Jiangmin 20150811
K7GW 20150811
Kingsoft 20150812
Malwarebytes 20150812
McAfee 20150812
McAfee-GW-Edition 20150811
Microsoft 20150812
eScan 20150812
NANO-Antivirus 20150812
nProtect 20150811
Panda 20150811
SUPERAntiSpyware 20150812
Tencent 20150812
TheHacker 20150811
TrendMicro 20150812
TrendMicro-HouseCall 20150812
VBA32 20150811
ViRobot 20150812
Zillya 20150811
Zoner 20150810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-11 10:29:34
Entry Point 0x00001073
Number of sections 4
PE sections
Overlays
MD5 3ffe10cda5e60bb32a8e512f30529fa1
File type ASCII text
Offset 140288
Size 7359
Entropy 5.88
PE imports
AVIClearClipboard
EditStreamClone
AVIFileWriteData
IID_IAVIFile
AVISaveVW
EditStreamCut
AVIStreamReadData
AVIFileOpenA
AVIBuildFilterA
AVIFileGetStream
AVISaveW
AVIFileExit
AVIFileRelease
AVIStreamTimeToSample
AVIStreamInfoW
CreateEditableStream
EditStreamSetInfoW
AVIFileInfoW
AVIStreamCreate
AVIFileEndRecord
EditStreamSetInfoA
AVIStreamInfoA
GetStartupInfoA
GetCurrentThreadId
GetModuleHandleA
ExitProcess
GetProcAddress
DsUnquoteRdnValueA
DsGetSpnW
DsCrackNamesA
DsAddSidHistoryW
DsGetSpnA
DsListServersInSiteA
DsMakePasswordCredentialsW
DsBindWithSpnW
DsListServersForDomainInSiteA
DsGetDomainControllerInfoA
DsListServersInSiteW
DsListServersForDomainInSiteW
DsBindWithSpnA
DsListRolesA
DsListDomainsInSiteW
DsInheritSecurityIdentityA
DsServerRegisterSpnW
DsClientMakeSpnForTargetServerA
DsRemoveDsDomainA
DsQuoteRdnValueW
DsFreeSpnArrayW
DsFreeSchemaGuidMapW
DsUnBindA
DsBindWithCredA
DsWriteAccountSpnA
DsFreePasswordCredentials
DsCrackSpnW
DsReplicaAddA
DsWriteAccountSpnW
DsReplicaSyncAllA
PathGetCharTypeA
StrFormatKBSizeA
wvnsprintfA
PathIsUNCA
PathIsContentTypeW
UrlApplySchemeW
SHOpenRegStream2W
StrRetToBufW
PathUndecorateA
StrCmpNIA
UrlEscapeA
StrRetToBufA
UrlApplySchemeA
SHOpenRegStream2A
PathRemoveBackslashW
SHRegEnumUSKeyA
wnsprintfW
PathRemoveExtensionA
StrChrIW
PathStripToRootA
SHOpenRegStreamA
SHEnumValueA
SHRegCreateUSKeyW
StrFormatByteSize64A
ChrCmpIW
PathIsRelativeW
PathUnquoteSpacesW
SHRegSetPathA
StrRStrIA
SHEnumValueW
PathAddExtensionW
ColorRGBToHLS
PathRemoveBlanksW
SHRegWriteUSValueW
Ord(130)
Ord(98)
Ord(154)
Ord(156)
Ord(225)
Ord(91)
Ord(115)
Ord(192)
Ord(17)
Ord(100)
Ord(26)
Ord(52)
Ord(157)
Ord(80)
Ord(59)
Ord(124)
Ord(224)
Ord(226)
Ord(69)
Ord(166)
Ord(36)
Ord(164)
Ord(55)
Ord(195)
Ord(29)
Ord(27)
Ord(214)
RevokeBindStatusCallback
CoInternetQueryInfo
HlinkSimpleNavigateToString
FindMimeFromData
URLOpenStreamW
CoInternetCombineUrl
FindMediaTypeClass
GetSoftwareUpdateInfo
FindMediaType
GetClassFileOrMime
CopyStgMedium
RegisterMediaTypes
ObtainUserAgentString
URLDownloadToCacheFileW
SetSoftwareUpdateAdvertisementState
CoGetClassObjectFromURL
HlinkSimpleNavigateToMoniker
UrlMkSetSessionOption
CoInternetCreateSecurityManager
UrlMkGetSessionOption
CreateFormatEnumerator
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:08:11 11:29:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
127488

LinkerVersion
8.0

EntryPoint
0x1073

InitializedDataSize
11776

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 07c5ce93a30c221e5bda30fe163e5ecd
SHA1 245561498ee449f366817de952b40cb5fca8fab5
SHA256 8a1ae8f69771a20487117d477cfe205b7e0d2a48406dca2810ff75527fda19ff
ssdeep
3072:KHkMX5kLln92vzsgirD9CpxREs1Vw5sxiCimEgnw/:KHkMe9uzsrkyR5sxiqJnw/

authentihash 3f325b087d76ca8e2632bb2250569c70e14a27c6b6caf33461852b2c12a4066e
imphash 58ecb404fc8595d5ab9c3afc32971e0c
File size 144.2 KB ( 147647 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay via-tor

VirusTotal metadata
First submission 2015-08-11 17:41:30 UTC ( 3 years, 3 months ago )
Last submission 2015-10-21 11:30:17 UTC ( 3 years ago )
File names 8a1ae8f69771a20487117d477cfe205b7e0d2a48406dca2810ff75527fda19ff#env#2
sfa3xaf.exe
OyupeifV.exe
tk41ocZfV7O2kv2IGXsLbnTRfHXkZqlUaJaAZlzGSREDlXYCNCc56pPKiDrcCdeo@dl=1
9.exe
newer_Dridex_200.exe
4z6sNm2W.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.