× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 990818900fec7a3f537a057223a3fe2fabe25fc9a337c60bbdc012f3e25de850
File name: 91a7b9dedccb3e70691a88c5b5e974f5.exe
Detection ratio: 50 / 62
Analysis date: 2017-05-06 09:57:05 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.156330 20170506
AegisLab Troj.Dropper.W32.FrauDrop.ajvpg!c 20170506
AhnLab-V3 Trojan/Win32.Gen.C979479 20170505
ALYac Gen:Variant.Zusy.156330 20170506
Antiy-AVL Trojan[Dropper]/Win32.FrauDrop 20170506
Arcabit Trojan.Zusy.D262AA 20170506
Avast Win32:Malware-gen 20170506
AVG Pakes2_c.BDSA 20170506
Avira (no cloud) TR/Dropper.MSIL.Gen 20170506
AVware Trojan.Win32.Generic!BT 20170506
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9958 20170503
BitDefender Gen:Variant.Zusy.156330 20170506
Bkav W32.Clodcdb.Trojan.649f 20170506
CAT-QuickHeal Backdoor.BLA 20170505
Comodo UnclassifiedMalware 20170506
CrowdStrike Falcon (ML) malicious_confidence_99% (W) 20170130
DrWeb BackDoor.Bladabindi.1056 20170506
Emsisoft Gen:Variant.Zusy.156330 (B) 20170506
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of MSIL/Kryptik.DVC 20170506
F-Secure Gen:Variant.Zusy.156330 20170506
Fortinet W32/FrauDrop.AJVPG!tr 20170506
GData Gen:Variant.Zusy.156330 20170506
Ikarus Trojan.SuspectCRC 20170506
Sophos ML trojandownloader.msil.banload.as 20170413
Jiangmin TrojanDropper.FrauDrop.ailc 20170506
K7AntiVirus Trojan ( 700000121 ) 20170506
K7GW Trojan ( 700000121 ) 20170506
Kaspersky Trojan-Dropper.Win32.FrauDrop.ajvpg 20170506
McAfee Artemis!760FDD359ADF 20170506
McAfee-GW-Edition Artemis!Trojan 20170505
Microsoft Backdoor:MSIL/Bladabindi 20170506
eScan Gen:Variant.Zusy.156330 20170506
NANO-Antivirus Trojan.Win32.Drop.dvdipb 20170505
Palo Alto Networks (Known Signatures) generic.ml 20170506
Panda Trj/CI.A 20170506
Qihoo-360 Win32/Trojan.8d8 20170506
Rising Trojan.Generic (cloud:n7tVitTmQPE) 20170506
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Generic-S 20170506
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20170506
Symantec Trojan.Gen.2 20170505
Tencent Win32.Trojan-dropper.Fraudrop.Aexz 20170506
TrendMicro TROJ_GEN.R047C0DBM17 20170506
TrendMicro-HouseCall TROJ_GEN.R047C0DBM17 20170506
VIPRE Trojan.Win32.Generic!BT 20170506
Webroot W32.Yakes.Crzn 20170506
Yandex Trojan.DR.FrauDrop!9zBv6DKwWUs 20170504
Zillya Dropper.FrauDrop.Win32.32880 20170505
ZoneAlarm by Check Point Trojan-Dropper.Win32.FrauDrop.ajvpg 20170506
Alibaba 20170505
ClamAV 20170506
CMC 20170505
Cyren 20170506
F-Prot 20170506
Kingsoft 20170506
Malwarebytes 20170506
nProtect 20170506
Symantec Mobile Insight 20170504
TheHacker 20170505
TotalDefense 20170506
VBA32 20170505
ViRobot 20170506
WhiteArmor 20170502
Zoner 20170506
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © System info 2015

Product System info
Original name FUDali.exe
Internal name FUDali.exe
File version 1.0.0.0
Description System info
Comments System info
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-03 06:29:40
Entry Point 0x0001C17E
Number of sections 4
.NET details
Module Version ID 41fd9492-449b-4119-865b-e178adf91196
TypeLib ID 946db9bd-7885-445e-a5c3-1689331db6c3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
System info

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
System info

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x1c17e

OriginalFileName
FUDali.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright System info 2015

FileVersion
1.0.0.0

TimeStamp
2015:08:03 07:29:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FUDali.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
System info

CodeSize
107008

ProductName
System info

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 760fdd359adfcdc1c97bcec2e67e3ad6
SHA1 8df8bd509e74a0605a7210a9377d635ccdfdefa8
SHA256 990818900fec7a3f537a057223a3fe2fabe25fc9a337c60bbdc012f3e25de850
ssdeep
3072:TDJSHUCUsih/7CFD97m5TpUcPe3BR5XcDj:TVDCtiAFDcL2RR

authentihash 9a13adfb12554ff69923a0eb20acd4c42a618dd94eead8545570d9118122f882
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-08-12 22:59:11 UTC ( 3 years, 4 months ago )
Last submission 2018-04-27 06:45:53 UTC ( 7 months, 2 weeks ago )
File names 91a7b9dedccb3e70691a88c5b5e974f5.exe
FUDali.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests