× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a38e677a38e0fb479bbbeb2ee6f6427dd8171d2aff941ca7424725527f9f9645
File name: 76ghby6f45.exe
Detection ratio: 21 / 56
Analysis date: 2016-02-26 05:42:45 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3067331 20160226
Arcabit Trojan.Generic.D2ECDC3 20160226
Avast Win32:Malware-gen 20160226
BitDefender Trojan.GenericKD.3067331 20160226
DrWeb Trojan.Dridex.335 20160226
Emsisoft Trojan.GenericKD.3067331 (B) 20160226
ESET-NOD32 Win32/Dridex.AA 20160226
F-Secure Trojan.GenericKD.3067331 20160226
GData Trojan.GenericKD.3067331 20160226
Ikarus Trojan.Win32.Dridex 20160226
Kaspersky Backdoor.Win32.Cridex.cs 20160226
McAfee Artemis!7516F32E1DC4 20160226
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.cm 20160226
Microsoft Backdoor:Win32/Drixed.M 20160226
eScan Trojan.GenericKD.3067331 20160226
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160226
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160225
Sophos AV Mal/Generic-S 20160226
Symantec Trojan.Cridex 20160226
TrendMicro TSPY_DRIDEX.YSQU 20160226
TrendMicro-HouseCall TSPY_DRIDEX.YSQU 20160226
AegisLab 20160226
Yandex 20160226
AhnLab-V3 20160225
Alibaba 20160226
ALYac 20160226
Antiy-AVL 20160225
AVG 20160226
Avira (no cloud) 20160226
AVware 20160226
Baidu-International 20160225
Bkav 20160225
ByteHero 20160226
CAT-QuickHeal 20160225
ClamAV 20160226
CMC 20160225
Comodo 20160226
Cyren 20160226
F-Prot 20160226
Fortinet 20160226
Jiangmin 20160226
K7AntiVirus 20160225
K7GW 20160226
Malwarebytes 20160226
NANO-Antivirus 20160226
nProtect 20160225
Panda 20160225
SUPERAntiSpyware 20160226
Tencent 20160226
TheHacker 20160225
TotalDefense 20160226
VBA32 20160225
VIPRE 20160226
ViRobot 20160226
Zillya 20160226
Zoner 20160226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-25 09:47:57
Entry Point 0x00001055
Number of sections 5
PE sections
PE imports
GetPrivateProfileSectionW
FormatMessageW
FindCloseChangeNotification
FlushConsoleInputBuffer
LoadLibraryW
WritePrivateProfileSectionW
VirtualFree
FatalAppExitW
MulDiv
FreeConsole
RemoveDirectoryA
GetLogicalDrives
QueueUserAPC
MprInfoBlockRemove
LPSAFEARRAY_UserSize
wvsprintfW
isdigit
_chkstk
sin
CoCreateInstance
PdhMakeCounterPathW
PdhGetCounterTimeBase
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:02:25 10:47:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
51712

LinkerVersion
8.0

EntryPoint
0x1055

InitializedDataSize
117760

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 7516f32e1dc4f45d32bb46fd31d456e3
SHA1 c32f078d996ba4fbe3644dcb0185a137f48cbdc0
SHA256 a38e677a38e0fb479bbbeb2ee6f6427dd8171d2aff941ca7424725527f9f9645
ssdeep
1536:0ieANPmHjRXRj5Jb0WS+6gB1fqnDW8opon21bRloN8xS7WVmvIpr/1fJfRta9:0inSXRj5JYkIeEX7W7pr9tRta

authentihash 1d936aed7f596383fc0db21c7b5014745bdbde30595378d22303ff46046e12d5
imphash a8e80c1680acdab3a6eeabc567597ce1
File size 161.0 KB ( 164864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-25 09:28:22 UTC ( 3 years ago )
Last submission 2016-12-17 08:19:50 UTC ( 2 years, 3 months ago )
File names 7e033b32cce0.bup_File_0
76ghby6f45.exe
76ghby6f45.exe
76ghby6f45.exe
7e033b2e22650.bup_File_0
76ghby6f45[1].exe.3224.dr
76ghby6f45.exe
76ghby6f45.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications