× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa486a8027acb87ab189162adcb98b115253c9180f9fa1324cd851665b2f5f7e
File name: ad4d242ba82aa1077fd149a89d900eff
Detection ratio: 38 / 56
Analysis date: 2016-04-06 19:20:26 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3106005 20160406
AhnLab-V3 Trojan/Win32.Waldek 20160406
Antiy-AVL Trojan/Win32.Waldek 20160406
Arcabit Trojan.Generic.D2F64D5 20160406
Avast Win32:Trojan-gen 20160406
AVG FileCryptor.IRW 20160406
AVware Win32.Malware!Drop 20160406
BitDefender Trojan.GenericKD.3106005 20160406
Bkav HW32.Packed.621E 20160406
Comodo TrojWare.Win32.Dridex.~AA 20160406
Cyren W32/Dridex.QRPZ-1702 20160406
DrWeb Trojan.Dridex.358 20160406
Emsisoft Trojan.GenericKD.3106005 (B) 20160406
ESET-NOD32 Win32/Dridex.AA 20160406
F-Prot W32/Dridex.F 20160406
F-Secure Trojan.GenericKD.3106005 20160406
Fortinet W32/Kryptik.ESPA!tr 20160404
GData Trojan.GenericKD.3106005 20160406
Ikarus Trojan.Win32.Dridex 20160406
Jiangmin Trojan.Waldek.bmp 20160406
K7AntiVirus Trojan ( 004d86461 ) 20160406
K7GW Trojan ( 004d86461 ) 20160404
Kaspersky HEUR:Trojan.Win32.Generic 20160406
Malwarebytes Trojan.Dridex 20160406
McAfee Drixed-FEQ!AD4D242BA82A 20160406
McAfee-GW-Edition Drixed-FEQ!AD4D242BA82A 20160406
Microsoft Backdoor:Win32/Drixed.M 20160406
eScan Trojan.GenericKD.3106005 20160406
NANO-Antivirus Trojan.Win32.Dridex.ebbqem 20160406
nProtect Trojan.GenericKD.3106005 20160406
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160406
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160406
Sophos AV Mal/Ransom-EG 20160406
Symantec Trojan.Cridex 20160331
Tencent Win32.Packed.Tpyn.Lnyb 20160406
VIPRE Win32.Malware!Drop 20160406
Yandex Trojan.Waldek! 20160406
Zillya Trojan.CryptGen.Win32.1 20160405
AegisLab 20160406
Alibaba 20160406
ALYac 20160406
Baidu 20160405
Baidu-International 20160406
CAT-QuickHeal 20160406
ClamAV 20160405
CMC 20160404
Kingsoft 20160406
Panda 20160406
SUPERAntiSpyware 20160406
TheHacker 20160405
TotalDefense 20160406
TrendMicro 20160406
TrendMicro-HouseCall 20160406
VBA32 20160406
ViRobot 20160406
Zoner 20160406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-10-29 06:31:19
Entry Point 0x00023D5C
Number of sections 4
PE sections
Overlays
MD5 d3d9446802a44259755d38e6d163e820
File type ASCII text
Offset 249856
Size 2
Entropy 1.00
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
LsaFreeMemory
RevertToSelf
RegCreateKeyA
RegisterEventSourceA
LsaQueryInformationPolicy
RegQueryValueA
GetSidIdentifierAuthority
DeleteService
RegConnectRegistryA
StartServiceA
RegRestoreKeyW
LookupAccountNameW
RegOpenKeyExA
CloseServiceHandle
GetKernelObjectSecurity
RegisterServiceCtrlHandlerA
RegCreateKeyExA
Ord(3)
PropertySheetA
ImageList_SetBkColor
ImageList_GetIcon
PropertySheetW
Ord(17)
ImageList_DragLeave
ImageList_Remove
ImageList_Merge
ImageList_DrawEx
FlatSB_ShowScrollBar
ImageList_AddMasked
ImageList_GetIconSize
Ord(6)
ImageList_GetBkColor
Ord(4)
InitializeFlatSB
FlatSB_EnableScrollBar
CreatePropertySheetPageW
ImageList_SetImageCount
ImageList_Create
Ord(16)
Ord(14)
Ord(8)
ImageList_EndDrag
CreateICA
GetWindowOrgEx
RectVisible
GetRgnBox
GetTextColor
SetPixelV
GetObjectType
GetLastError
GetModuleHandleA
SleepEx
GetUserDefaultLangID
VarUdateFromDate
OleLoadPictureFileEx
VarCyAbs
VarDecFromStr
VarI2FromR8
VarR4FromI2
LPSAFEARRAY_UserUnmarshal
SafeArrayCreate
VarUI1FromCy
VarCyFromI4
DispInvoke
VarI1FromCy
VarUI1FromStr
VarEqv
VarDateFromBool
VarBoolFromR8
VarI1FromDec
VarDecCmp
BSTR_UserMarshal
VarDateFromI1
VarCyRound
SafeArrayPtrOfIndex
VarR8Round
VarI2FromUI1
VarDateFromR8
LHashValOfNameSysA
VarUI4FromI1
VarUI4FromI2
VarCyFromUI2
VarI1FromUI1
VarDecSub
VarDateFromI2
VarDecFromCy
VarDateFromI4
VarNeg
VarR8FromUI1
GetRecordInfoFromTypeInfo
LHashValOfNameSys
VarMonthName
SafeArrayLock
OleLoadPicturePath
VARIANT_UserFree
VarR4CmpR8
VarR8FromDate
VarUI4FromDisp
VarUI2FromDec
SafeArrayDestroyDescriptor
VarUI4FromDate
DosDateTimeToVariantTime
SafeArraySetRecordInfo
VarPow
VarAnd
VarBstrFromBool
VarCyFromStr
SafeArrayGetElemsize
VarR4FromUI2
VarI4FromUI2
BSTR_UserSize
DispGetIDsOfNames
VarUI4FromCy
VarAdd
VarDecDiv
VarCyCmpR8
VarUI4FromUI2
LPSAFEARRAY_UserSize
VarParseNumFromStr
VarFormatPercent
VarDecInt
SysReAllocStringLen
VarDecFromR4
VARIANT_UserUnmarshal
VarI1FromStr
VarI4FromDec
VarUI4FromR4
VarCyInt
VarFormatFromTokens
SafeArraySetIID
VarUI2FromCy
VarBstrFromR8
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 8
RT_DIALOG 7
RT_MENU 5
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
TATAR DEFAULT 31
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
212992

ImageVersion
0.0

FileVersionNumber
0.95.94.84

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Factories

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Miscellanies.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
192, 117, 116, 18

TimeStamp
2004:10:29 07:31:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Extrema

ProductVersion
238, 192, 89, 71

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Berkeley Data Systems

CodeSize
143360

FileSubtype
0

ProductVersionNumber
0.171.71.16

EntryPoint
0x23d5c

ObjectFileType
Executable application

File identification
MD5 ad4d242ba82aa1077fd149a89d900eff
SHA1 9bcfe1456e3db9e6fd947abbd0bef54ac9642f49
SHA256 aa486a8027acb87ab189162adcb98b115253c9180f9fa1324cd851665b2f5f7e
ssdeep
6144:KqKyLkXv1CHx36kJ7OtuRy35pHPi2mrfLqDHyop:xkXv1CHkkJ7OtGE5NPi2mqzyop

authentihash f865a9b883b58763657bf57a4180a9685bf14d13bfe404636ea5bb13585ef810
imphash 062537e60cd867075fb149ff81e496fa
File size 244.0 KB ( 249858 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-04-06 19:20:26 UTC ( 3 years ago )
Last submission 2016-04-06 19:20:26 UTC ( 3 years ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications