× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b30513c23c4b7d2ea5d17061c97ed9378cf2939d418d6c6ca5a055eb80b0d048
Detection ratio: 44 / 65
Analysis date: 2018-05-23 15:08:18 UTC ( 6 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Dridex.29 20180523
AegisLab Troj.W32.Generic!c 20180523
AhnLab-V3 Trojan/Win32.Agent.C2403213 20180523
ALYac Gen:Variant.Dridex.29 20180523
Antiy-AVL Trojan/Win32.AGeneric 20180523
Arcabit Trojan.Dridex.29 20180523
Avast Win64:Malware-gen 20180523
AVG Win64:Malware-gen 20180523
Avira (no cloud) TR/Crypt.ZPACK.depbk 20180523
AVware Trojan.Win32.Generic!BT 20180523
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9981 20180523
BitDefender Gen:Variant.Dridex.29 20180523
CAT-QuickHeal Trojan.IGENERIC 20180522
Comodo UnclassifiedMalware 20180523
Cyren W64/Trojan.RGIP-1038 20180523
Emsisoft Gen:Variant.Dridex.29 (B) 20180523
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win64/Kryptik.BIN 20180523
F-Secure Gen:Variant.Dridex.29 20180523
Fortinet W64/Kryptik.BIW!tr 20180523
GData Gen:Variant.Dridex.29 20180523
Ikarus Trojan.Win64.Crypt 20180523
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 005263c91 ) 20180523
K7GW Trojan ( 005263c91 ) 20180523
Kaspersky HEUR:Trojan.Win32.Generic 20180523
Malwarebytes Trojan.Dridex 20180523
MAX malware (ai score=96) 20180523
McAfee Drixed-FHC!011687661ECC 20180523
McAfee-GW-Edition Drixed-FHC!011687661ECC 20180523
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180523
eScan Gen:Variant.Dridex.29 20180523
NANO-Antivirus Trojan.Win64.Kryptik.ezerkl 20180523
Palo Alto Networks (Known Signatures) generic.ml 20180523
Panda Trj/CI.A 20180523
Qihoo-360 Win32/Trojan.f40 20180523
Sophos AV Mal/Generic-S 20180523
Symantec Trojan.Gen.2 20180523
Tencent Win32.Trojan.Generic.Ty 20180523
TrendMicro TSPY64_HPDRIDEX.SM 20180523
TrendMicro-HouseCall TSPY64_HPDRIDEX.SM 20180523
VIPRE Trojan.Win32.Generic!BT 20180523
Webroot W32.Infostealer.Dridex 20180523
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180523
Alibaba 20180523
Avast-Mobile 20180523
Babable 20180406
Bkav 20180523
ClamAV 20180521
CMC 20180523
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cylance 20180523
DrWeb 20180523
eGambit 20180523
F-Prot 20180523
Jiangmin 20180523
Kingsoft 20180523
nProtect 20180523
Rising 20180523
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180523
Symantec Mobile Insight 20180522
TheHacker 20180516
Trustlook 20180523
VBA32 20180523
ViRobot 20180523
Yandex 20180522
Zillya 20180523
Zoner 20180522
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-02-05 09:28:13
Entry Point 0x00001790
Number of sections 10
PE sections
PE imports
Ellipse
FillPath
ColorCorrectPalette
GetBinaryTypeW
GetModuleFileNameW
ProcessIdToSessionId
ExpandEnvironmentStringsA
GetOEMCP
GlobalFindAtomA
ExitProcess
GetLogicalDrives
GetSystemRegistryQuota
GetCurrentThreadId
GetModuleHandleW
GetMessageTime
WaitMessage
VkKeyScanA
OemToCharA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:02:05 10:28:13+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
0

LinkerVersion
12.0

EntryPoint
0x1790

InitializedDataSize
737280

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 011687661ecc9673141e8ffafb7004af
SHA1 958c5b9d0faf1c440750d87668ec19cafeb0fde3
SHA256 b30513c23c4b7d2ea5d17061c97ed9378cf2939d418d6c6ca5a055eb80b0d048
ssdeep
12288:/hEaMkqVM6s0LMjF1G7z0sKnjkuxFdorn1LSQeW:/KaMkos0LAFcz0nnjkIUrn12H

authentihash 8cf5a9e1e0130598003e0ed35a3504411f91027d3fabe22ee086d213adba2f99
imphash e1c93ee48f9a32e63709a4cb21675a2e
File size 736.0 KB ( 753664 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-03-25 19:29:22 UTC ( 8 months, 3 weeks ago )
Last submission 2018-05-23 15:08:18 UTC ( 6 months, 4 weeks ago )
File names 011687661ecc9673141e8ffafb7004af
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!