× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98a89dd299599b9b42d6dd43e6618f0b197596d7ea20d9d335812d178490605a
File name: 733.exe
Detection ratio: 11 / 54
Analysis date: 2015-04-17 18:21:55 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Emsisoft Trojan.Win32.Dridex (A) 20150417
ESET-NOD32 Win32/Dridex.N 20150417
Fortinet W32/Kryptik.DFAR!tr 20150417
McAfee Packed-EA!6C784BEC892C 20150417
Norman Kryptik.CFBT 20150417
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150417
Sophos AV Troj/Dridex-CP 20150417
Symantec Trojan.Cridex 20150417
Tencent Trojan.Win32.Qudamah.Gen.2 20150417
TrendMicro TSPY_DRIDEX.VVQY 20150417
TrendMicro-HouseCall TSPY_DRIDEX.VVQY 20150417
Ad-Aware 20150417
AegisLab 20150417
Yandex 20150417
AhnLab-V3 20150417
Alibaba 20150417
Antiy-AVL 20150417
Avast 20150417
AVG 20150417
Baidu-International 20150417
BitDefender 20150417
Bkav 20150417
ByteHero 20150417
CAT-QuickHeal 20150417
ClamAV 20150417
CMC 20150416
Comodo 20150417
Cyren 20150417
DrWeb 20150417
F-Prot 20150417
F-Secure 20150417
GData 20150417
Ikarus 20150417
Jiangmin 20150414
K7AntiVirus 20150417
K7GW 20150417
Kaspersky 20150417
Kingsoft 20150417
Malwarebytes 20150417
McAfee-GW-Edition 20150417
Microsoft 20150417
eScan 20150417
NANO-Antivirus 20150417
nProtect 20150417
Panda 20150417
Rising 20150417
SUPERAntiSpyware 20150417
TheHacker 20150417
TotalDefense 20150417
VBA32 20150417
VIPRE 20150417
ViRobot 20150417
Zillya 20150417
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name twext.dll
Internal name twext
File version 6.00.5620.5512 (xpsp.080413-2105)
Description Свойства: Предыдущие версии
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-10 23:13:00
Entry Point 0x000086B0
Number of sections 7
PE sections
PE imports
LocalCompact
GetLastError
BuildCommDCBAndTimeoutsA
UpdateResourceW
GetModuleHandleW
Sleep
ExitThread
GlobalAlloc
GetProcAddress
VarR4CmpR8
ShowOwnedPopups
isgraph
memcpy
isalnum
Number of PE resources by type
REGINST 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
7.3

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.0.5620.5512

UninitializedDataSize
4608

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x86b0

OriginalFileName
twext.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
6.00.5620.5512 (xpsp.080413-2105)

TimeStamp
2018:06:11 00:13:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
twext

ProductVersion
6.00.5620.5512

FileDescription
:

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
79360

ProductName
Microsoft Windows

ProductVersionNumber
6.0.5620.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 6c784bec892ce3ef849b1f34667dccac
SHA1 24755696db77bb1bc00c7e48177f24aa16171e4e
SHA256 98a89dd299599b9b42d6dd43e6618f0b197596d7ea20d9d335812d178490605a
ssdeep
1536:M1dM9qT0WVGSqthed+R3IGHBiuIkBOlO:M1WqGxhe8R4GHBhSl

authentihash b7e4341f0ffb887d5249a25ba24a5af87702c8e34bb623a419a78c62e10bfdb8
imphash 2b4a78ed848da0538945fc1b41c7dcc3
File size 85.0 KB ( 87040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-17 09:24:51 UTC ( 2 years, 6 months ago )
Last submission 2017-04-07 08:45:11 UTC ( 6 months, 2 weeks ago )
File names 6C784BEC892CE3EF849B1F34667DCCAC
98a89dd299599b9b42d6dd43e6618f0b197596d7ea20d9d335812d178490605a.bin
grant8i.exe
edg15.exe
twext.dll
1.exe
twext
smwWHa.lnk
733.exe
733_exe
6C784BEC892CE3EF849B1F34667DCCAC.exe.ubqu
6c784bec892ce3ef849b1f34667dccac.vir
6c784bec892ce3ef849b1f34667dccac.exe
derekthedp.com_733.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications