× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ad182f7550b3eb996c9ae1d8640e71060db875f554d9ddd91f1cd2828b3cb9c4
File name: 76ghby6f45.exe
Detection ratio: 29 / 55
Analysis date: 2016-02-26 09:44:47 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3067165 20160226
AegisLab Troj.Dropper.W32.Injector!c 20160226
ALYac Spyware.Banker.Dridex 20160226
Arcabit Trojan.Generic.D2ECD1D 20160226
Avast Win32:Malware-gen 20160226
Avira (no cloud) TR/Dridex.3 20160226
AVware Trojan.Win32.Generic.pak!cobra 20160226
BitDefender Trojan.GenericKD.3067165 20160226
DrWeb Trojan.Dridex.335 20160226
Emsisoft Trojan.Win32.Dridex (A) 20160226
ESET-NOD32 a variant of Win32/Kryptik.EPGR 20160226
F-Secure Trojan.GenericKD.3067165 20160226
GData Trojan.GenericKD.3067165 20160226
K7AntiVirus Trojan ( 004df4b51 ) 20160226
K7GW Trojan ( 004df4b51 ) 20160226
Kaspersky Trojan-Dropper.Win32.Injector.ohvr 20160226
Malwarebytes Trojan.Dridex 20160226
McAfee Drixed-FEB!537B069B16AD 20160226
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20160226
eScan Trojan.GenericKD.3067165 20160226
nProtect Trojan-Dropper/W32.Injector.257536.D 20160226
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160226
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160225
Sophos AV Troj/Dridex-QC 20160226
Symantec Trojan Horse 20160226
TrendMicro TSPY_DRIDEX.YSQU 20160226
TrendMicro-HouseCall TSPY_DRIDEX.YSQU 20160226
VIPRE Trojan.Win32.Generic.pak!cobra 20160226
ViRobot Trojan.Win32.R.Agent.257536.D[h] 20160226
Yandex 20160226
AhnLab-V3 20160225
Alibaba 20160226
Antiy-AVL 20160226
AVG 20160226
Baidu-International 20160225
Bkav 20160225
ByteHero 20160226
CAT-QuickHeal 20160225
ClamAV 20160226
CMC 20160225
Comodo 20160226
Cyren 20160226
F-Prot 20160226
Fortinet 20160226
Ikarus 20160226
Jiangmin 20160226
Microsoft 20160226
NANO-Antivirus 20160226
Panda 20160225
SUPERAntiSpyware 20160226
Tencent 20160226
TheHacker 20160225
VBA32 20160225
Zillya 20160226
Zoner 20160226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-25 10:25:12
Entry Point 0x00012557
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
CloseServiceHandle
RegCloseKey
OpenServiceA
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceStatusEx
SetServiceObjectSecurity
SetEntriesInAclA
BuildExplicitAccessWithNameA
OpenSCManagerA
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetDeviceCaps
ExcludeClipRect
CreateRectRgn
SelectObject
CreateFontA
StretchBlt
CombineRgn
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
CreateToolhelp32Snapshot
GetLastError
FileTimeToSystemTime
lstrlenA
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GlobalUnlock
GetFileAttributesW
Process32Next
GetQueuedCompletionStatus
GetStartupInfoA
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetTimeZoneInformation
CreateDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
GlobalLock
InterlockedCompareExchange
GetProcessHeap
GetTempPathA
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
MulDiv
GetSystemTimeAsFileTime
TerminateProcess
HeapCreate
CreateFileW
Sleep
HeapAlloc
GetCurrentThreadId
CloseHandle
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
__p__fmode
malloc
_crt_debugger_hook
memset
strcat
__dllonexit
_cexit
_controlfp_s
fprintf
wcscpy_s
_invoke_watson
strlen
_amsg_exit
?terminate@@YAXXZ
??2@YAPAXI@Z
_lock
_onexit
_encode_pointer
sprintf
exit
__setusermatherr
_initterm_e
_adjust_fdiv
_XcptFilter
printf
_acmdln
_ismbblead
_unlock
_exit
__p__commode
_except_handler4_common
__getmainargs
_stricmp
memcpy
memmove
_decode_pointer
__iob_func
strcpy
_configthreadlocale
_initterm
__set_app_type
SysAllocStringByteLen
VariantInit
ExtractIconA
Shell_NotifyIconW
Ord(189)
SHAppBarMessage
SHBindToParent
StrRetToBufA
PathFindFileNameA
SHCreateStreamOnFileA
PathFindNextComponentA
RegisterClipboardFormatA
UpdateWindow
EndDialog
BeginPaint
OffsetRect
DrawIcon
EnumWindowStationsW
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
DestroyIcon
GetWindowRect
EndPaint
GetWindowLongA
GetCursorInfo
LoadImageA
GetDlgItemTextA
MessageBoxA
GetWindowDC
SetWindowLongA
IsWindowEnabled
GetSysColor
GetDC
GetCursorPos
DrawTextA
GetIconInfo
GetMenu
LoadStringA
wsprintfA
SendMessageA
SetWindowTextW
CreateMenu
GetDlgItem
EnableMenuItem
RegisterClassA
GetClassLongA
AppendMenuA
InsertMenuA
DrawFocusRect
CreateWindowExA
LoadCursorA
GetClassNameW
ClientToScreen
GetTopWindow
IsDlgButtonChecked
CopyRect
CallWindowProcA
GetSystemMenu
GetFocus
ReleaseDC
GetMenuItemInfoA
GetWindowTextA
DestroyMenu
GetClientRect
OpenThemeData
CloseThemeData
DrawThemeBackground
InternetCloseHandle
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
setsockopt
WSAWaitForMultipleEvents
WSAGetLastError
WSAIoctl
WSACreateEvent
GdiplusStartup
ReleaseStgMedium
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
Number of PE resources by type
RT_ICON 6
RT_DIALOG 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:02:25 10:25:12+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
183808

SubsystemVersion
5.0

EntryPoint
0x12557

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
PCAP parents
File identification
MD5 537b069b16ad1441dd538c38d369c6ca
SHA1 7040beb35e45ca77aea94d544fd512c35903dce3
SHA256 ad182f7550b3eb996c9ae1d8640e71060db875f554d9ddd91f1cd2828b3cb9c4
ssdeep
6144:xGaPGh57gZ5+dX5GhUzPjErM9BoCOnx1nhQ3Pd13oLOy8qQXKFDTxrpBAJWrebSO:saGHgZ6XAhcPI49BoTnx1nhcPdZoyyhq

authentihash e6dd8e1f9e66ce31ad5cd2fc95a77e3c3a6a5ee83f8222794821fffbadcab54e
imphash b8641ef42223f96b180db91e4b5a5e6b
File size 251.5 KB ( 257536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-25 10:36:03 UTC ( 3 years ago )
Last submission 2018-05-08 00:38:47 UTC ( 10 months, 3 weeks ago )
File names samses.exe
537b069b16ad1441dd538c38d369c6ca.exe
carved_0.exe
76ghby6f45[1].exe.4036.dr
76ghby6f45[1].exe
ad182f7550b3eb996c9ae1d8640e71060db875f554d9ddd91f1cd2828b3cb9c4.bin
76ghby6f45[1].exe.2352.dr
samses.ex_
76ghby6f45_1.exe
likelyMalware.exe
76ghby6f45.exe
76ghby6f45_1.exe
ad182f7550b3eb99_samses.exe
76ghby6f45.exe
2f7550b3eb996c9ae1d8640e71060db875f554d9ddd91f1cd2828b3cb9c4.bin
76ghby6f45_1.exe
76ghby6f45_1.exe
76ghby6f45[1].exe.2984.dr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Searched windows
Opened service managers
Runtime DLLs
UDP communications