× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c1ce282a8511b4d135c10e511d1977c13830e8021e06c34273dd479308801139
File name: adm.exe
Detection ratio: 38 / 56
Analysis date: 2016-05-08 08:03:46 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3209040 20160508
AhnLab-V3 Trojan/Win32.Xema 20160507
ALYac Trojan.GenericKD.3209040 20160507
Antiy-AVL Trojan/Win32.SGeneric 20160508
Arcabit Trojan.Generic.D30F750 20160508
Avast Win32:Malware-gen 20160508
AVG Generic37.BLDP 20160508
Avira (no cloud) TR/Crypt.ZPACK.uljg 20160507
AVware Trojan.Win32.Generic!BT 20160508
BitDefender Trojan.GenericKD.3209040 20160508
Bkav HW32.Packed.E998 20160506
CAT-QuickHeal Trojan.Waldek.r4 20160507
Cyren W32/Trojan.KHHD-4918 20160508
DrWeb Trojan.Dridex.397 20160508
ESET-NOD32 Win32/Dridex.AA 20160507
F-Secure Trojan.GenericKD.3209040 20160508
Fortinet W32/Waldek.AA!tr 20160508
GData Trojan.GenericKD.3209040 20160508
Ikarus Trojan.Dridex 20160508
K7AntiVirus Trojan ( 004d86461 ) 20160508
K7GW Trojan ( 004d86461 ) 20160508
Kaspersky Trojan.Win32.Waldek.lne 20160508
Malwarebytes Trojan.Dridex 20160507
McAfee RDN/Generic BackDoor 20160508
McAfee-GW-Edition BehavesLike.Win32.Downloader.dh 20160508
Microsoft Backdoor:Win32/Drixed 20160508
eScan Trojan.GenericKD.3209040 20160508
Panda Trj/GdSda.A 20160507
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160508
Rising Malware.XPACK-HIE/Heur!1.9C48-mmKu5vMM3jR (Cloud) 20160508
Sophos AV Mal/Generic-S 20160508
Symantec Trojan.Cridex 20160508
Tencent Win32.Trojan.Waldek.Dypl 20160508
TrendMicro TSPY_DRIDEX.YYSUT 20160508
TrendMicro-HouseCall TSPY_DRIDEX.YYSUT 20160508
VIPRE Trojan.Win32.Generic!BT 20160508
ViRobot Backdoor.Win32.U.Dridex.233472[h] 20160508
Zillya Trojan.Dridex.Win32.567 20160507
AegisLab 20160508
Alibaba 20160506
Baidu 20160506
Baidu-International 20160507
ClamAV 20160507
CMC 20160506
Comodo 20160508
Emsisoft 20160503
F-Prot 20160508
Jiangmin 20160508
Kingsoft 20160508
NANO-Antivirus 20160508
nProtect 20160504
SUPERAntiSpyware 20160508
TheHacker 20160508
VBA32 20160505
Yandex 20160508
Zoner 20160508
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-21 17:52:58
Entry Point 0x000281B8
Number of sections 4
PE sections
PE imports
ImageList_GetImageCount
PropertySheetA
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_AddMasked
FlatSB_SetScrollInfo
ImageList_LoadImageA
ImageList_GetImageInfo
CreatePropertySheetPageW
FlatSB_GetScrollPos
ImageList_Remove
Ord(17)
Ord(16)
ImageList_SetIconSize
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
_acmdln
_ismbcgraph
raise
__p__fmode
_adjust_fdiv
__setusermatherr
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__p__commode
__set_app_type
Number of PE resources by type
RT_MENU 8
RT_ACCELERATOR 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 11
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
192512

ImageVersion
0.0

FileVersionNumber
0.219.251.142

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Irishmen.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
177, 28, 217, 83

TimeStamp
2013:01:21 18:52:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Disaffection

ProductVersion
143, 222, 179, 155

FileDescription
Espresso

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2010

MachineType
Intel 386 or later, and compatibles

CompanyName
Intellisync Corporation

CodeSize
163840

FileSubtype
0

ProductVersionNumber
0.66.163.149

EntryPoint
0x281b8

ObjectFileType
Executable application

Compressed bundles
PCAP parents
File identification
MD5 f109f8ceed834708d5547e65f65e73e5
SHA1 83ff97baa1f067d59afe297efe4dbf1fcbe39eae
SHA256 c1ce282a8511b4d135c10e511d1977c13830e8021e06c34273dd479308801139
ssdeep
6144:9TTepkr4xlcnDw/36y+dZP/jly6AM9XLdC6P21MSZ1S:9HF4Ao36Bzl/A6LQ6P21fjS

authentihash a4943b5b8fa4d565bddd5312e509d0cfed79165a3338d25f335f10ea78184d0f
imphash 1699bec58fefe8633026561050e0449d
File size 228.0 KB ( 233472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-05 21:51:46 UTC ( 2 years, 9 months ago )
Last submission 2018-10-09 14:14:52 UTC ( 4 months, 1 week ago )
File names 83ff97baa1f067d59afe297efe4dbf1fcbe39eae.exe
FILE04.BIN
adm2.exe
38787.exe
f109f8ceed834708d5547e65f65e73e5.exe
855.exe
4490.exe
031.exe
FILE02.BIN
Trojan.Dridex.A.exe
xmIV.vcf
adm.exe
adm.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications