× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e534817ebe5caf359211610a55f157f653967107a9d8e26b24ce81c610f2935
File name: 1ec6225fd57adb797f9eac50c16fd118.twitter
Detection ratio: 20 / 56
Analysis date: 2016-04-29 06:15:54 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3183195 20160429
Arcabit Trojan.Generic.D30925B 20160429
Avast Win32:Malware-gen 20160429
AVG FileCryptor.KQF 20160429
Baidu Win32.Trojan.WisdomEyes.151026.9950.9958 20160429
BitDefender Trojan.GenericKD.3183195 20160429
Bkav HW32.Packed.AE7A 20160428
DrWeb Trojan.Dridex.397 20160429
Emsisoft Trojan.GenericKD.3183195 (B) 20160429
ESET-NOD32 Win32/Dridex.AA 20160429
F-Secure Trojan.GenericKD.3183195 20160429
GData Trojan.GenericKD.3183195 20160429
Kaspersky Trojan.Win32.Waldek.ljk 20160429
Malwarebytes Trojan.Dridex 20160429
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.dh 20160429
eScan Trojan.GenericKD.3183195 20160429
Qihoo-360 QVM07.1.Malware.Gen 20160429
Rising Malware.XPACK-HIE/Heur!1.9C48 20160429
Sophos AV Mal/Generic-S 20160428
Symantec Trojan Horse 20160429
AegisLab 20160429
AhnLab-V3 20160428
Alibaba 20160429
ALYac 20160429
Antiy-AVL 20160429
AVware 20160429
Baidu-International 20160428
CAT-QuickHeal 20160428
ClamAV 20160429
CMC 20160428
Comodo 20160429
Cyren 20160429
F-Prot 20160429
Fortinet 20160429
Ikarus 20160428
Jiangmin 20160429
K7AntiVirus 20160428
K7GW 20160429
Kingsoft 20160429
McAfee 20160429
Microsoft 20160429
NANO-Antivirus 20160429
nProtect 20160428
Panda 20160428
SUPERAntiSpyware 20160429
Tencent 20160429
TheHacker 20160429
TotalDefense 20160426
TrendMicro 20160429
TrendMicro-HouseCall 20160429
VBA32 20160428
VIPRE 20160429
ViRobot 20160429
Yandex 20160428
Zillya 20160429
Zoner 20160429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-08 08:29:21
Entry Point 0x00029B68
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LsaNtStatusToWinError
OpenServiceA
QueryServiceConfigA
RegSetValueA
OpenServiceW
GetNumberOfEventLogRecords
DeleteService
RegSetValueW
LsaOpenPolicy
CloseServiceHandle
RegisterEventSourceW
CreateServiceA
QueryServiceStatus
CloseEventLog
OpenEventLogA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ChangeServiceConfig2A
EqualSid
NotifyBootConfigStatus
InitiateSystemShutdownA
SetServiceStatus
CreateProcessAsUserA
RegDeleteValueW
LockServiceDatabase
LsaAddAccountRights
IsTextUnicode
OpenSCManagerA
ReadEventLogA
StartServiceW
BackupEventLogA
DeregisterEventSource
QueryServiceLockStatusW
EnumServicesStatusW
ReadEventLogW
ChangeServiceConfigW
ReportEventA
RegNotifyChangeKeyValue
ImageList_GetImageCount
PropertySheetA
ImageList_Destroy
ImageList_AddMasked
ImageList_LoadImageA
FlatSB_SetScrollInfo
ImageList_Create
ImageList_Remove
Ord(17)
Ord(16)
ImageList_SetIconSize
ImageList_ReplaceIcon
ImageList_Add
SymGetOptions
__p__fmode
_acmdln
_ftol
__p__commode
__setusermatherr
_wcsnset
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
RasEnumEntriesA
ExtractIconA
SHChangeNotify
Shell_NotifyIconW
SHBrowseForFolderA
ExtractIconW
Shell_NotifyIconA
SHGetFileInfoA
ShellAboutA
ShellExecuteExA
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHEmptyRecycleBinA
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListA
SHLoadInProc
ShellAboutW
SHGetSpecialFolderPathA
FindExecutableA
ExtractIconExA
DoEnvironmentSubstA
ShellExecuteW
SHGetSettings
CommandLineToArgvW
ExtractIconExW
FindExecutableW
SHAppBarMessage
ShellExecuteA
InternetSetStatusCallback
InternetSetCookieA
HttpOpenRequestA
InternetGetConnectedState
InternetErrorDlg
InternetCanonicalizeUrlA
HttpSendRequestExA
InternetTimeFromSystemTime
InternetCombineUrlA
InternetCloseHandle
InternetConnectA
InternetGetCookieA
InternetQueryOptionA
InternetSetOptionExA
InternetAttemptConnect
InternetQueryDataAvailable
InternetWriteFile
FindFirstUrlCacheEntryExA
HttpSendRequestA
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
HttpAddRequestHeadersA
InternetCrackUrlA
InternetOpenW
timeSetEvent
mixerGetDevCapsA
waveOutOpen
mixerOpen
midiInOpen
mmioDescend
timeGetSystemTime
waveOutPrepareHeader
mciGetErrorStringA
waveOutWrite
mixerGetLineInfoW
OpenDriver
joyGetDevCapsA
waveInGetErrorTextA
CommDlgExtendedError
GetOpenFileNameW
GetFileTitleA
PrintDlgW
PageSetupDlgW
GetSaveFileNameA
ChooseFontA
CoFileTimeNow
CoCreateInstance
CoCreateGuid
CoLockObjectExternal
OleSetContainedObject
CoFileTimeToDosDateTime
CLSIDFromProgID
StgOpenStorage
CoGetCurrentProcess
CreateBindCtx
StgOpenStorageOnILockBytes
StgCreateDocfile
CoGetMalloc
OleGetClipboard
CoTaskMemFree
OleRun
Number of PE resources by type
RT_MENU 9
RT_ACCELERATOR 2
RT_DIALOG 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.245.226.9

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
188416

EntryPoint
0x29b68

OriginalFileName
Watermelon.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012

FileVersion
129, 207, 229, 139

TimeStamp
2015:06:08 09:29:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Colons

ProductVersion
248, 218, 178, 52

FileDescription
Cheetah

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Docudesk Corporation

CodeSize
167936

FileSubtype
0

ProductVersionNumber
0.148.115.122

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1ec6225fd57adb797f9eac50c16fd118
SHA1 fe8fa0def22e007013f2f7d49234db337848cc2a
SHA256 8e534817ebe5caf359211610a55f157f653967107a9d8e26b24ce81c610f2935
ssdeep
6144:jmtg/Ekmebt0lNEU3cl2OUec4qdeWk57Px:jk+EHp+midUe2XG

authentihash da0bdb8818d7943e4a67b777e41b054590aaba5b0da15f1c39226278808d371e
imphash 4d0dd49fc0ed150204992bfb9eb63b51
File size 232.0 KB ( 237568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-27 16:41:26 UTC ( 2 years, 9 months ago )
Last submission 2016-04-27 21:31:15 UTC ( 2 years, 9 months ago )
File names dri.exe
1ec6225fd57adb797f9eac50c16fd118.twitter
DridexBOT.twitter
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications