× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c647dae0ba6be145cb46e11a90d34f0764f79f975477dd687505f8a86924aafc
File name: dd11a8abcecc2e95d96f1e84cfcc33bb.exe
Detection ratio: 4 / 56
Analysis date: 2015-07-21 23:39:04 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/AD.DridexDownloader.Y.4 20150721
ESET-NOD32 a variant of MSIL/Injector.KXM 20150721
Kaspersky Trojan.Win32.Agent.ifvd 20150722
Malwarebytes Trojan.MalPack 20150721
Ad-Aware 20150721
AegisLab 20150721
Yandex 20150721
AhnLab-V3 20150721
Alibaba 20150721
ALYac 20150721
Antiy-AVL 20150721
Arcabit 20150721
Avast 20150721
AVG 20150721
AVware 20150721
Baidu-International 20150720
BitDefender 20150721
Bkav 20150721
ByteHero 20150722
CAT-QuickHeal 20150721
ClamAV 20150721
Comodo 20150721
Cyren 20150721
DrWeb 20150721
Emsisoft 20150722
F-Prot 20150722
F-Secure 20150722
Fortinet 20150722
GData 20150722
Ikarus 20150721
Jiangmin 20150720
K7AntiVirus 20150721
K7GW 20150721
Kingsoft 20150722
McAfee 20150721
McAfee-GW-Edition 20150721
Microsoft 20150721
eScan 20150721
NANO-Antivirus 20150721
nProtect 20150721
Panda 20150721
Qihoo-360 20150722
Rising 20150721
Sophos AV 20150721
SUPERAntiSpyware 20150721
Symantec 20150721
Tencent 20150722
TheHacker 20150721
TotalDefense 20150721
TrendMicro 20150721
TrendMicro-HouseCall 20150721
VBA32 20150721
VIPRE 20150721
ViRobot 20150721
Zillya 20150721
Zoner 20150721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name ChargedDividendDressings.exe
Internal name ChargedDividendDressings.exe
File version 6.4.4.4
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 10:44 PM 2/24/2016
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-11-25 17:23:37
Entry Point 0x00033D1E
Number of sections 3
.NET details
Module Version ID 097a99ed-d739-474c-a8cb-dc4c6b5cdaef
PE sections
Overlays
MD5 bc98988300c4a132a3bffdef2476d250
File type data
Offset 231936
Size 6776
Entropy 7.48
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
Number of PE resources by language
ARABIC SAUDI ARABIA 1
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
27136

EntryPoint
0x33d1e

OriginalFileName
ChargedDividendDressings.exe

MIMEType
application/octet-stream

FileVersion
6.4.4.4

TimeStamp
2004:11:25 18:23:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChargedDividendDressings.exe

ProductVersion
6.4.4.4

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
204288

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
6.4.4.4

File identification
MD5 dd11a8abcecc2e95d96f1e84cfcc33bb
SHA1 a88f046d15c9a42e8614bfb34c8d52768548b310
SHA256 c647dae0ba6be145cb46e11a90d34f0764f79f975477dd687505f8a86924aafc
ssdeep
6144:VnPANj+CfsWoSlQjAiip3d/W4xngn2QQrcBDb/5xc:i1kLAigdu4xgn2pABX5q

authentihash 07ad04f429aba2bf590a930bf97aa82b263ebdab36792561cbc9f82f6ec56afa
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 233.1 KB ( 238712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2015-07-21 15:39:31 UTC ( 3 years, 1 month ago )
Last submission 2016-02-24 21:43:56 UTC ( 2 years, 5 months ago )
File names dd11a8abcecc2e95d96f1e84cfcc33bb.exe
ChargedDividendDressings.exe
a88f046d15c9a42e8614bfb34c8d52768548b310_crypted.120.ex
crypted.120.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00JC0RGQ15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections