× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8d924b888f4186efb4552f34455c1ce29ac398ad5af3aad3bc9a1bed54fb22b3
File name: dridex3.exe
Detection ratio: 32 / 56
Analysis date: 2016-03-31 22:36:40 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3127672 20160331
AegisLab Uds.Dangerousobject.Multi!c 20160331
ALYac Trojan.GenericKD.3127672 20160331
Arcabit Trojan.Generic.D2FB978 20160331
Avast Win32:Malware-gen 20160331
AVG FileCryptor.JJB 20160331
Avira (no cloud) TR/Crypt.Xpack.hdfk 20160331
AVware Trojan.Win32.Generic.pak!cobra 20160331
BitDefender Trojan.GenericKD.3127672 20160331
Emsisoft Trojan.Win32.Dridex (A) 20160331
ESET-NOD32 Win32/Dridex.AA 20160331
F-Secure Trojan.GenericKD.3127672 20160331
Fortinet W32/Dridex.AA!tr 20160330
GData Trojan.GenericKD.3127672 20160331
Ikarus Trojan.Win32.Dridex 20160331
K7AntiVirus Trojan ( 004d86461 ) 20160331
K7GW Trojan ( 004d86461 ) 20160331
Kaspersky UDS:DangerousObject.Multi.Generic 20160331
Malwarebytes Trojan.Dridex 20160331
McAfee Generic.xy 20160331
McAfee-GW-Edition BehavesLike.Win32.Ransom.fc 20160331
Microsoft Backdoor:Win32/Drixed 20160331
eScan Trojan.GenericKD.3127672 20160331
nProtect Trojan.GenericKD.3127672 20160331
Panda Trj/Dridex.C 20160331
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160331
Sophos AV Troj/Dridex-ST 20160331
Symantec Trojan.Gen.2 20160331
TrendMicro TSPY_DRIDEX.KE 20160331
TrendMicro-HouseCall TSPY_DRIDEX.KE 20160331
VIPRE Trojan.Win32.Generic.pak!cobra 20160331
ViRobot Trojan.Win32.S.Agent.340480.FU[h] 20160331
AhnLab-V3 20160330
Alibaba 20160323
Antiy-AVL 20160331
Baidu 20160331
Baidu-International 20160331
Bkav 20160331
CAT-QuickHeal 20160331
ClamAV 20160331
CMC 20160322
Comodo 20160331
Cyren 20160331
DrWeb 20160331
F-Prot 20160331
Jiangmin 20160331
Kingsoft 20160331
NANO-Antivirus 20160331
Rising 20160331
SUPERAntiSpyware 20160331
Tencent 20160331
TheHacker 20160330
VBA32 20160331
Yandex 20160316
Zillya 20160331
Zoner 20160331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Neil Hodgson neilh@scintilla.org Copyright 2013. All rights reserved.

Product PharmingDnd
Original name PharmingDnd
File version 4.2.5.6
Description Resorted Digitizing Brouter
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-29 11:18:33
Entry Point 0x00008511
Number of sections 5
PE sections
PE imports
ReadEventLogA
RegCloseKey
CreateWellKnownSid
RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExW
GetUserNameA
GetOldestEventLogRecord
RegCreateKeyExA
ConvertSidToStringSidA
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzInitializeResourceManager
AuthzFreeContext
Ord(412)
Ord(413)
ImageList_Destroy
Ord(410)
Ord(6)
ImageList_Create
ImageList_ReplaceIcon
GetObjectA
CreateEllipticRgn
ExtTextOutW
SetMapMode
DeleteDC
PatBlt
GetMapMode
CreateBitmap
CreateCompatibleBitmap
SetTextAlign
SelectObject
CombineRgn
BitBlt
SetBkColor
GetStockObject
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
EnumUILanguagesA
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
TlsGetValue
SetLastError
GetUserDefaultUILanguage
DeviceIoControl
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
GetProcAddress
GetFileInformationByHandle
GlobalLock
GetNumberOfConsoleInputEvents
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetConsoleTitleA
CloseHandle
PeekConsoleInputA
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GradientFill
VariantChangeType
SafeArrayGetElement
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SysFreeString
SafeArrayPutElement
VariantInit
GetModuleBaseNameA
GetModuleInformation
EnumProcessModules
SHBindToParent
Ord(189)
ExtractIconA
StrRetToBufA
SHCreateStreamOnFileA
PathRemoveBackslashW
SetFocus
RedrawWindow
RegisterClipboardFormatA
GetForegroundWindow
SetWindowRgn
UpdateWindow
EndDialog
BeginPaint
HideCaret
EnumWindows
DrawIcon
DefWindowProcA
KillTimer
DestroyMenu
PostQuitMessage
ScreenToClient
GetIconInfo
SetWindowLongA
SetMenuInfo
SetWindowPos
GetParent
SendDlgItemMessageA
GetSystemMetrics
IsWindow
SetMessageQueue
GetWindowRect
EndPaint
GetCursorInfo
LoadImageA
MessageBoxA
CopyImage
GetWindowLongA
GetWindow
InvalidateRect
SetActiveWindow
GetDC
RegisterClassExA
GetCursorPos
CreatePopupMenu
GetSysColor
SetWindowTextA
CheckMenuItem
DestroyIcon
GetTopWindow
ShowWindow
DrawIconEx
IsWindowVisible
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
AppendMenuA
ClientToScreen
TrackPopupMenuEx
InsertMenuA
wsprintfA
FindWindowExA
SetTimer
LoadCursorA
LoadIconA
CheckRadioButton
FillRect
OpenClipboard
GetWindowTextW
CallWindowProcA
GetClassNameA
EnableWindow
GetWindowTextA
DestroyWindow
ExitWindowsEx
SetCursor
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFile
GdipCloneImage
GdipFree
CoUninitialize
CoInitialize
ReleaseStgMedium
CreateBindCtx
StgCreateDocfile
CoTaskMemFree
CreateURLMoniker
Number of PE resources by type
RT_DIALOG 11
RT_RCDATA 8
RT_ICON 7
RT_BITMAP 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 32
PE resources
ExifTool file metadata
CodeSize
107008

SubsystemVersion
5.0

Languages
English

InitializedDataSize
232448

ImageVersion
0.0

ProductName
PharmingDnd

FileVersionNumber
4.2.5.6

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
4.2.5.6

FileTypeExtension
exe

OriginalFileName
PharmingDnd

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.2.5.6

TimeStamp
2016:03:29 12:18:33+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
4.2.5.6

FileDescription
Resorted Digitizing Brouter

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Neil Hodgson neilh@scintilla.org Copyright 2013. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Neil Hodgson neilh@scintilla.org

LegalTrademarks
Neil Hodgson neilh@scintilla.org Copyright 2013. All rights reserved.

FileSubtype
0

ProductVersionNumber
4.2.5.6

EntryPoint
0x8511

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fbf5b960ddbedf68c77acee11d8de31d
SHA1 31ecc2879f2e3542c68c7000a3924fc511c8f074
SHA256 8d924b888f4186efb4552f34455c1ce29ac398ad5af3aad3bc9a1bed54fb22b3
ssdeep
6144:M7RdJWsgqLBG2QC/BtxS4n6dkSqCk50f0xpvSdfksOeWhySxcsrX+:6dJWsgYG2QCbxS4n6CbCsFxifkVeWhaJ

authentihash 7a60465e52d41cafe988c51b1df2e69fc54d2420dac3f0d529f2db215f647677
imphash 73abc637923a197e32cc944f0b412b1a
File size 332.5 KB ( 340480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-29 11:56:00 UTC ( 2 years, 4 months ago )
Last submission 2017-10-24 17:07:43 UTC ( 9 months, 3 weeks ago )
File names 5478hj.exe
5478hj.exe
VirusShare_fbf5b960ddbedf68c77acee11d8de31d
wCD9f.bmp
PharmingDnd
5478hj[1].exe
5478hj.exe
8d924b888f4186efb4552f34455c1ce29ac398ad5af3aad3bc9a1bed54fb22b3
dridex3.exe
VirusShare_fbf5b960ddbedf68c77acee11d8de31d
5478hj.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs