× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a4738ac0ae00870b91e032fdb4194cdde95a88e3491e2b56aa656d7c03f13160
File name: 20150707_dridex_botnet_120.bin
Detection ratio: 19 / 55
Analysis date: 2015-07-07 21:34:32 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.FKP.17 20150707
AhnLab-V3 Trojan/Win32.Dynamer 20150707
ALYac Gen:Heur.FKP.17 20150707
Arcabit Trojan.FKP.17 20150707
Avast Win32:Evo-gen [Susp] 20150707
Avira (no cloud) TR/Crypt.XPACK.Gen 20150707
BitDefender Gen:Heur.FKP.17 20150707
Emsisoft Gen:Heur.FKP.17 (B) 20150707
ESET-NOD32 a variant of Win32/Dridex.P 20150707
F-Secure Gen:Heur.FKP.17 20150707
Fortinet W32/Dridex.M!tr 20150707
GData Gen:Heur.FKP.17 20150707
Ikarus Backdoor.Win32.NewRest 20150707
eScan Gen:Heur.FKP.17 20150707
NANO-Antivirus Virus.Win32.Gen.ccmw 20150707
Panda Trj/Genetic.gen 20150707
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150707
Sophos AV Mal/EncPk-ABFO 20150707
VBA32 BScope.Trojan.Agent 20150707
AegisLab 20150707
Yandex 20150707
Alibaba 20150630
Antiy-AVL 20150707
AVG 20150707
AVware 20150707
Baidu-International 20150707
Bkav 20150706
ByteHero 20150707
CAT-QuickHeal 20150707
ClamAV 20150707
Comodo 20150707
Cyren 20150707
DrWeb 20150707
F-Prot 20150707
Jiangmin 20150707
K7AntiVirus 20150707
K7GW 20150707
Kaspersky 20150707
Kingsoft 20150707
Malwarebytes 20150707
McAfee 20150707
McAfee-GW-Edition 20150707
Microsoft 20150707
nProtect 20150707
Qihoo-360 20150707
SUPERAntiSpyware 20150707
Symantec 20150707
Tencent 20150707
TheHacker 20150707
TrendMicro 20150707
TrendMicro-HouseCall 20150707
VIPRE 20150707
ViRobot 20150707
Zillya 20150707
Zoner 20150707
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-03 13:49:36
Entry Point 0x00003EE1
Number of sections 5
PE sections
PE imports
CreateProcessAsUserW
GetLastError
GetSystemTimeAsFileTime
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:03 14:49:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
37888

LinkerVersion
10.0

EntryPoint
0x3ee1

InitializedDataSize
34304

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 1dd8075410afea81d142291bd5a03ea9
SHA1 df1a8c0f8fc3fd4df170cb446a43127ac39ca5e7
SHA256 a4738ac0ae00870b91e032fdb4194cdde95a88e3491e2b56aa656d7c03f13160
ssdeep
1536:AfGeGAvThnw8VI66CC+IChE8PWSUy7wHCJMq4B2y6sHa13h:S0QhVV5/IChtPWvy7wHbq4P6nh

authentihash 80ceb264cd4290e018c013276ef9da885fbbacbb371f5c5609b2b1d83276859b
imphash 3a652c34571b8db3cbe3a9bae1cd0ce2
File size 69.5 KB ( 71168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-07 21:34:32 UTC ( 3 years, 10 months ago )
Last submission 2015-07-07 21:34:32 UTC ( 3 years, 10 months ago )
File names 20150707_dridex_botnet_120.bin
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0RG815.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections