× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c669e4b9da815fce109355c0052514513f9a27f8919eb1c61f080b421f0d6918
File name: rGhjsdf.exe
Detection ratio: 32 / 57
Analysis date: 2016-05-25 10:26:25 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3259695 20160525
AegisLab Troj.W32.Gen.lNNz 20160525
ALYac Trojan.Dridex.A 20160525
Arcabit Trojan.Generic.D31BD2F 20160525
Avast Win32:Malware-gen 20160525
AVG Generic37.BTVJ 20160525
Avira (no cloud) TR/Crypt.ZPACK.ivgt 20160525
AVware Trojan.Win32.Generic!BT 20160525
BitDefender Trojan.GenericKD.3259695 20160525
Bkav HW32.Packed.4A14 20160524
Emsisoft Trojan.Win32.Yakes (A) 20160525
ESET-NOD32 Win32/Dridex.AM 20160525
F-Secure Trojan.GenericKD.3259695 20160525
GData Trojan.GenericKD.3259695 20160525
Ikarus Trojan.Win32.Dridex 20160525
K7AntiVirus Trojan ( 004ef78e1 ) 20160525
K7GW Trojan ( 004ef78e1 ) 20160525
Kaspersky Trojan.Win32.Yakes.psqq 20160525
Malwarebytes Trojan.Dridex 20160525
McAfee RDN/Generic PWS.y 20160525
McAfee-GW-Edition BehavesLike.Win32.Expiro.ch 20160524
Microsoft Trojan:Win32/Dynamer!ac 20160525
eScan Trojan.GenericKD.3259695 20160525
nProtect Trojan.GenericKD.3259695 20160525
Panda Trj/Dridex.C 20160524
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160525
Rising Trojan.Dridex!8.33B-hsUQS6F0IHU (Cloud) 20160525
Sophos AV Troj/Dridex-VB 20160525
Symantec Trojan.Cridex 20160525
TrendMicro TSPY_DRIDEX.FE 20160525
TrendMicro-HouseCall TSPY_DRIDEX.FE 20160525
VIPRE Trojan.Win32.Generic!BT 20160525
AhnLab-V3 20160525
Alibaba 20160525
Antiy-AVL 20160525
Baidu 20160525
Baidu-International 20160525
CAT-QuickHeal 20160525
ClamAV 20160525
CMC 20160523
Comodo 20160525
Cyren 20160525
DrWeb 20160525
F-Prot 20160525
Fortinet 20160525
Jiangmin 20160525
Kingsoft 20160525
NANO-Antivirus 20160525
SUPERAntiSpyware 20160525
Tencent 20160525
TheHacker 20160523
TotalDefense 20160525
VBA32 20160524
ViRobot 20160525
Yandex 20160524
Zillya 20160525
Zoner 20160525
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name cliconfg.exe
Internal name cliconfg.exe
File version 10.0.10240.16384 (th1.150709-1700)
Description SQL Client Configuration Utility EXE
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1990-06-11 01:48:50
Entry Point 0x0000A420
Number of sections 7
PE sections
PE imports
RemoveClusterResourceNode
GetLastError
FreeLibrary
GetTickCount
LoadLibraryA
GetDateFormatA
SetThreadPriority
LocalAlloc
ExitProcess
GetCommandLineA
GetProcAddress
AddAtomW
GetTempFileNameW
GetVolumeNameForVolumeMountPointA
RaiseException
InterlockedExchange
ResetEvent
FreeConsole
GetThreadTimes
GetCurrencyFormatA
VirtualQueryEx
ReadFileEx
GetPrivateProfileSectionNamesW
SetMailslotInfo
MprAdminMIBEntryGet
SHInvokePrinterCommandW
DragQueryFileA
InSendMessageEx
putwc
sprintf
freopen
CoInternetCombineUrl
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.10240.16384

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
SQL Client Configuration Utility EXE

ImageFileCharacteristics
No relocs, Executable, No line numbers, Aggressive working-set trim, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0xa420

OriginalFileName
cliconfg.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.10240.16384 (th1.150709-1700)

TimeStamp
1990:06:11 02:48:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cliconfg.exe

ProductVersion
10.0.10240.16384

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
40960

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.10240.16384

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fc5e52f876c7970e81e9426544461b41
SHA1 fd9096ccab3deaa00e36faa9d61ef4713ecec54a
SHA256 c669e4b9da815fce109355c0052514513f9a27f8919eb1c61f080b421f0d6918
ssdeep
3072:U3JPZCUsCkAxu4JSDz674DaRGbZlb4/b6WC:U5PLsCVu40y7XRGP06

authentihash b50917fef0abeacde1b5cad7aa524680a91a09185ef549bffbee928d5863d898
imphash e871c7fa7df2670cbe12598ab200522d
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-23 13:02:32 UTC ( 2 years, 9 months ago )
Last submission 2018-10-08 05:19:15 UTC ( 4 months, 2 weeks ago )
File names rGhjsdf.bin
rGhjsdf.exe
rGhjsdf.bin1
cliconfg.exe
cridex.exe
rghjsdf.exe
rGhjsdf.exe
RGHJSDF.EXE.QUARANTINE
fc5e52f876c7970e81e9426544461b41
rGhjsdf.exe.1228.dr
cridex.exe
rGhjsdf.exe.1856.dr
scan_file
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications