× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93fe907b3190e54d53557b2d9749c516a00388edea1e8b257378ee70779fc5aa
File name: 93fe907b3190e54d53557b2d9749c516a00388edea1e8b257378ee70779fc5aa
Detection ratio: 37 / 59
Analysis date: 2017-03-02 09:38:05 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4495123 20170302
AegisLab Backdoor.W32.Dridex!c 20170302
ALYac Trojan.GenericKD.4495123 20170302
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170302
Arcabit Trojan.Generic.D449713 20170302
Avast Win32:Trojan-gen 20170302
AVG Crypt7.IQQ 20170302
Avira (no cloud) TR/Crypt.ZPACK.hsgcz 20170302
AVware Trojan.Win32.Generic!BT 20170302
BitDefender Trojan.GenericKD.4495123 20170302
Bkav HW32.Packed.FEDC 20170301
CAT-QuickHeal Trojan.Dridex 20170302
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Emsisoft Trojan.GenericKD.4495123 (B) 20170302
Endgame malicious (high confidence) 20170222
ESET-NOD32 Win32/Dridex.AX 20170302
F-Secure Trojan.GenericKD.4495123 20170302
Fortinet W32/Dridex.CQ!tr.bdr 20170302
GData Trojan.GenericKD.4495123 20170302
Ikarus Trojan.Win32.Dridex 20170302
Sophos ML backdoor.win32.drixed.m 20170203
K7AntiVirus Trojan ( 004feef81 ) 20170302
K7GW Trojan ( 004feef81 ) 20170302
Kaspersky Backdoor.Win32.Dridex.cq 20170228
Malwarebytes Trojan.Dridex 20170302
McAfee RDN/Generic.grp 20170302
McAfee-GW-Edition BehavesLike.Win32.Suspect.ch 20170302
Microsoft Trojan:Win32/Dridex 20170302
eScan Trojan.GenericKD.4495123 20170302
Rising Malware.Generic.2!tfe (thunder:2:UVGCd5hVtAJ) 20170302
Sophos AV Mal/Generic-S 20170302
Symantec Trojan.Gen 20170301
Tencent Win32.Backdoor.Dridex.Ahxr 20170302
TrendMicro TSPY_DRIDEX.YSVI 20170302
TrendMicro-HouseCall TSPY_DRIDEX.YSVI 20170302
VIPRE Trojan.Win32.Generic!BT 20170302
Webroot W32.Trojan.Gen 20170302
AhnLab-V3 20170301
Alibaba 20170228
Baidu 20170302
ClamAV 20170302
CMC 20170302
Comodo 20170302
Cyren 20170302
DrWeb 20170302
F-Prot 20170302
Jiangmin 20170301
Kingsoft 20170302
NANO-Antivirus 20170302
nProtect 20170302
Panda 20170301
Qihoo-360 20170302
SUPERAntiSpyware 20170302
TheHacker 20170302
TotalDefense 20170302
Trustlook 20170302
VBA32 20170301
ViRobot 20170302
WhiteArmor 20170222
Yandex 20170225
Zillya 20170301
Zoner 20170302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name MSAC3ENC.dll
Internal name MSAC3ENC.dll
File version 6.3.9600.17415 (winblue_r4.141028-1500)
Description Microsoft AC-3 Encoder
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-27 01:27:35
Entry Point 0x0000D710
Number of sections 12
PE sections
PE imports
EnumUILanguagesA
EnumResourceLanguagesW
ConvertFiberToThread
IsDBCSLeadByteEx
SetVolumeLabelA
GlobalAddAtomW
SetEnvironmentVariableW
GetModuleHandleExW
SetFilePointer
GetSystemDefaultUILanguage
WritePrivateProfileSectionW
CreateActCtxA
LoadLibraryExW
CancelWaitableTimer
GetConsoleDisplayMode
FreeConsole
GetCommandLineA
CopyFileExW
LocalHandle
WriteConsoleOutputW
EnumUILanguagesW
VarUI4FromDisp
DragQueryFileA
IsWindowEnabled
vprintf
fputws
atan
fwrite
_snwprintf_l
sin
fgetws
PdhGetCounterInfoW
Number of PE resources by type
RT_RCDATA 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
4.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.9600.17415

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
114176

EntryPoint
0xd710

OriginalFileName
MSAC3ENC.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.9600.17415 (winblue_r4.141028-1500)

TimeStamp
2017:02:27 02:27:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSAC3ENC.dll

ProductVersion
6.3.9600.17415

FileDescription
Microsoft AC-3 Encoder

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
51712

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e3434bc58a30f5f07d4430b6e7bbf0a2
SHA1 8e4df20de99dcc79ade41ab6e16eab4a3c37a202
SHA256 93fe907b3190e54d53557b2d9749c516a00388edea1e8b257378ee70779fc5aa
ssdeep
3072:2BN7yy/fkYNO3yZUA+PgGrvGlf+w2mKOjfRdIMuyhvtX7aoYbLrqTr3:u+YI3yZKPgGrvGB+1KfIMuyhBa7Lrqn

authentihash e6f36304483028e169f1c61666c9d073dc87d69226e4c54406a899bd4e347cf8
imphash a98cf4b4153f72794542173986f14cd3
File size 147.8 KB ( 151364 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-28 09:20:27 UTC ( 2 years ago )
Last submission 2018-01-22 12:22:09 UTC ( 1 year, 2 months ago )
File names swisscom_dridex.exe
c8p5yog.exe
c8P5YoG.exe
MSAC3ENC.dll
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!