× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92e7ff162dc777d45cca3917a03680a886e0e9a5c46de3bd3d172d389c8ba00f
File name: 92e7ff162dc777d45cca3917a03680a886e0e9a5c46de3bd3d172d389c8ba00f
Detection ratio: 36 / 62
Analysis date: 2017-03-16 11:07:31 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4589788 20170316
AegisLab Backdoor.W32.Dridex!c 20170316
AhnLab-V3 Malware/Win32.Generic.C1860214 20170316
ALYac Trojan.GenericKD.4589788 20170316
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170316
Arcabit Trojan.Generic.D4608DC 20170316
Avast Win32:Rootkit-gen [Rtk] 20170316
AVG Crypt7.KZF 20170316
Avira (no cloud) TR/AD.DridexDownloader.usmwq 20170316
AVware Trojan.Win32.Generic!BT 20170316
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170316
BitDefender Trojan.GenericKD.4589788 20170316
CAT-QuickHeal (Suspicious) - DNAScan 20170316
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Emsisoft Trojan.GenericKD.4589788 (B) 20170316
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/Kryptik.FPSI 20170316
F-Secure Trojan.GenericKD.4589788 20170316
Fortinet W32/Dridex.CT!tr.bdr 20170316
GData Trojan.GenericKD.4589788 20170316
Sophos ML backdoor.win32.drixed.m 20170203
Kaspersky Backdoor.Win32.Dridex.ct 20170316
Malwarebytes Trojan.Dridex 20170316
McAfee Artemis!BD7D8C347585 20170316
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20170316
Microsoft Trojan:Win32/Dynamer!ac 20170316
eScan Trojan.GenericKD.4589788 20170316
Palo Alto Networks (Known Signatures) generic.ml 20170316
Qihoo-360 Win32/Backdoor.481 20170316
Rising Malware.Generic.2!tfe (cloud:waOcBRcDD2I) 20170316
Sophos AV Mal/Generic-S 20170316
Symantec Trojan.Gen 20170315
Tencent Win32.Trojan.Kryptik.Piaf 20170316
VIPRE Trojan.Win32.Generic!BT 20170316
Webroot W32.Malware.Gen 20170316
ZoneAlarm by Check Point Backdoor.Win32.Dridex.ct 20170316
Alibaba 20170228
Bkav 20170315
ClamAV 20170316
CMC 20170316
Comodo 20170316
Cyren 20170316
DrWeb 20170316
F-Prot 20170316
Ikarus 20170316
Jiangmin 20170316
K7AntiVirus 20170316
K7GW 20170316
Kingsoft 20170316
NANO-Antivirus 20170316
nProtect 20170316
Panda 20170315
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170316
TheHacker 20170315
TotalDefense 20170316
TrendMicro 20170316
TrendMicro-HouseCall 20170316
Trustlook 20170316
VBA32 20170316
ViRobot 20170316
WhiteArmor 20170315
Yandex 20170315
Zillya 20170314
Zoner 20170316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name c_iscii.dll
Internal name c_iscii
File version 6.3.9600.17415 (winblue_r4.141028-1500)
Description ISCII Code Page Translation DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-12 20:23:25
Entry Point 0x0000D7F0
Number of sections 20
PE sections
PE imports
GetComputerNameExA
GetComputerNameW
GetVolumePathNameW
CopyFileW
GetTapeParameters
SetEnvironmentVariableW
CreateDirectoryExW
GetPrivateProfileIntA
SetProcessPriorityBoost
WaitNamedPipeA
SetCommMask
SearchPathW
FreeConsole
GetCommandLineA
GetProcAddress
SetConsoleScreenBufferSize
GetModuleHandleW
LPSAFEARRAY_UserSize
DragQueryFileW
StrStrIA
fgetc
free
PdhCollectQueryDataEx
PdhMakeCounterPathW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
128512

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.3.9600.17415

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ISCII Code Page Translation DLL

CharacterSet
Unicode

LinkerVersion
4.0

FileTypeExtension
exe

OriginalFileName
c_iscii.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.3.9600.17415 (winblue_r4.141028-1500)

TimeStamp
2017:03:12 21:23:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
c_iscii

ProductVersion
6.3.9600.17415

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
54784

FileSubtype
0

ProductVersionNumber
6.3.9600.17415

EntryPoint
0xd7f0

ObjectFileType
Dynamic link library

File identification
MD5 bd7d8c34758553a6dc4690aeeb5eea53
SHA1 3b04f1a406a2e02eed359babc2af6cf983f86396
SHA256 92e7ff162dc777d45cca3917a03680a886e0e9a5c46de3bd3d172d389c8ba00f
ssdeep
3072:H+/oo0jifyHJzh3w/ZOs08ewHJb0G45tYJEEw989qPIz7U1u:e/dqiaHv3wq3EnutUgA33

authentihash 42401765262880670401156d8fb84f191a584d461626a41e9c7b1ff48989db1f
imphash bb863176244cdbfc78d4bf286ee57aad
File size 164.4 KB ( 168320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-16 08:57:35 UTC ( 1 year, 11 months ago )
Last submission 2017-03-16 11:07:31 UTC ( 1 year, 11 months ago )
File names c_iscii.dll
bd7d8c34758553a6dc4690aeeb5eea53.virus
c_iscii
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!