× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9
File name: vti-rescan
Detection ratio: 38 / 55
Analysis date: 2015-12-14 09:59:18 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2914580 20151214
AhnLab-V3 Trojan/Win32.Dridex 20151213
ALYac Trojan.GenericKD.2914580 20151214
Arcabit Trojan.Generic.D2C7914 20151214
Avast Win32:Malware-gen 20151214
AVG Crypt5.RLZ 20151214
Avira (no cloud) TR/AD.Injector.M.1194 20151214
AVware Win32.Malware!Drop 20151214
Baidu-International Adware.Win32.iBryte.EHMK 20151213
BitDefender Trojan.GenericKD.2914580 20151214
CAT-QuickHeal Backdoor.Drixed.r5 20151214
Comodo TrojWare.Win32.Dridex.aw 20151213
Cyren W32/Trojan.QJIC-8169 20151213
DrWeb Trojan.Dridex.279 20151214
Emsisoft Trojan.Win32.Dridex (A) 20151214
ESET-NOD32 a variant of Win32/Kryptik.EHMK 20151214
F-Secure Trojan.GenericKD.2914580 20151214
Fortinet W32/DRIDEX.EHMK!tr 20151214
GData Trojan.GenericKD.2914580 20151214
Ikarus Trojan.Win32.Crypt 20151214
K7AntiVirus Trojan ( 004d8ccd1 ) 20151214
K7GW Trojan ( 004d8ccd1 ) 20151214
Kaspersky UDS:DangerousObject.Multi.Generic 20151214
Malwarebytes Trojan.Dridex 20151214
McAfee RDN/Generic BackDoor 20151214
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20151214
Microsoft Backdoor:Win32/Drixed.M 20151214
eScan Trojan.GenericKD.2914580 20151214
NANO-Antivirus Trojan.Win32.Dridex.dzdryt 20151214
nProtect Trojan.GenericKD.2914580 20151211
Panda Trj/dridex.A 20151213
Sophos AV Troj/Dridex-KR 20151214
Symantec Trojan.Ransomlock.AK 20151213
Tencent Win32.Trojan.Ad.Pdwl 20151214
TrendMicro BKDR_DRIDEX.YYSPK 20151214
TrendMicro-HouseCall BKDR_DRIDEX.YYSPK 20151214
VIPRE Win32.Malware!Drop 20151214
ViRobot Trojan.Win32.Dridex.224256[h] 20151214
AegisLab 20151214
Yandex 20151213
Alibaba 20151208
Antiy-AVL 20151214
Bkav 20151212
ByteHero 20151214
ClamAV 20151214
CMC 20151214
F-Prot 20151214
Jiangmin 20151213
Qihoo-360 20151214
Rising 20151212
SUPERAntiSpyware 20151214
TheHacker 20151214
VBA32 20151211
Zillya 20151213
Zoner 20151214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2015

Product ExpendedSetup
Original name ExpendedSetup.exe
Internal name ExpendedSetup
File version 6.3.8.2
Description Worldwide Calculator Amsterdam Field Favoring Perl
Comments Worldwide Calculator Amsterdam Field Favoring Perl
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-07 10:10:48
Entry Point 0x00007F26
Number of sections 5
PE sections
PE imports
ImageList_BeginDrag
ImageList_DragEnter
FindTextA
CertGetNameStringA
ExcludeClipRect
GetCurrentObject
CreateRectRgn
SelectObject
GetStockObject
CreateDIBitmap
TextOutA
CreateSolidBrush
CombineRgn
Rectangle
ImmSetCompositionStringW
ImmSetConversionStatus
ImmDestroyContext
ImmGetContext
ImmCreateContext
ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
GetTcpStatistics
GetLastError
lstrlenA
WaitForSingleObject
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetModuleFileNameA
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateIoCompletionPort
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
MapViewOfFile
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingA
LocalFree
TerminateProcess
HeapCreate
GlobalAlloc
Sleep
HeapAlloc
GetCurrentThreadId
LocalAlloc
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
__p__fmode
malloc
_crt_debugger_hook
memset
__dllonexit
_controlfp_s
printf
_invoke_watson
strlen
_cexit
?terminate@@YAXXZ
_lock
_onexit
_amsg_exit
_encode_pointer
sprintf
exit
__setusermatherr
_initterm_e
__p__commode
_XcptFilter
_acmdln
_ismbblead
_unlock
_adjust_fdiv
_except_handler4_common
atoi
__getmainargs
_exit
_decode_pointer
sin
_configthreadlocale
_initterm
__set_app_type
glBegin
glClear
glColor3f
glClearColor
RpcErrorStartEnumeration
Shell_NotifyIconA
StrToInt64ExA
StrToIntA
lineProxyResponse
SetFocus
GetParent
UpdateWindow
EndDialog
LoadMenuA
OffsetRect
DestroyMenu
DefWindowProcA
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
SetCapture
GetWindowDC
IsWindowEnabled
GetWindow
GetDC
GetCursorPos
ReleaseDC
BeginPaint
CreatePopupMenu
GetWindowLongA
SendMessageA
GetClientRect
GetDlgItem
ScreenToClient
SetRect
DeleteMenu
InvalidateRect
wsprintfA
CreateWindowExA
ClientToScreen
GetDesktopWindow
GetSystemMenu
GetFocus
SetForegroundWindow
GetWindowInfo
DestroyWindow
PtInRect
DrawThemeBackground
InternetOpenUrlA
InternetOpenA
HttpQueryInfoA
CoCreateInstance
Debug information
ExifTool file metadata
LegalTrademarks
Copyright 2015

SubsystemVersion
5.0

Comments
Worldwide Calculator Amsterdam Field Favoring Perl

Languages
English

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.8.2

LanguageCode
Unknown (03EB)

FileFlagsMask
0x003f

FileDescription
Worldwide Calculator Amsterdam Field Favoring Perl

CharacterSet
Unicode

InitializedDataSize
193024

PrivateBuild
6.3.8.2

EntryPoint
0x7f26

OriginalFileName
ExpendedSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015

FileVersion
6.3.8.2

TimeStamp
2015:12:07 11:10:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ExpendedSetup

ProductVersion
6.3.8.2

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
VSO-Software SARL

CodeSize
30208

ProductName
ExpendedSetup

ProductVersionNumber
6.3.8.2

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 44cbd39c6581342252ce1cdd238b2975
SHA1 4600271302e1b16e2b64704c3d5dbaf39e988a37
SHA256 d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9
ssdeep
3072:i/lZQ/83FyF2BmsFZLEg3uOlbGAFSmZ9jQMrkVTrsxf+AaasGz:ebO+zFS45x0Pafdp

authentihash 1a24a459e0d70efe74eed6bba9953a89dda35a76742fc1031030e5f67377eb53
imphash 8d7767890a313d282d374f0720bff814
File size 219.0 KB ( 224256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-07 10:33:22 UTC ( 2 years, 7 months ago )
Last submission 2016-12-17 09:08:04 UTC ( 1 year, 7 months ago )
File names ExpendedSetup.exe
43wedf(1).exe
paaeme1.exe
44cbd39c6581342252ce1cdd238b2975.exe
V2_43wedf.exe
43wedf_exe
ExpendedSetup
paaeme1.exe.vir
d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe
43wedf.bad
43wedf.exe
44CBD39C6581342252CE1CDD238B2975
44CBD39C6581342252CE1CDD238B2975
43wedf[1].exe.3904.dr
43wedf.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections