× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dac1990e6f3c84747e16f713d4e0abae1894e4e431fb6de96e00f6bcf9abdfdc
File name: ccb9fdf39a6d2741f4e5737c22f6a9fc
Detection ratio: 37 / 57
Analysis date: 2015-06-19 20:59:13 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Downloader.Cridex.M 20150619
AhnLab-V3 Trojan/Win32.Agent 20150619
ALYac Trojan.Downloader.Cridex.M 20150619
Antiy-AVL Worm/Win32.Cridex 20150619
Arcabit Trojan.Downloader.Cridex.M 20150619
Avast Win64:Evo-gen [Susp] 20150619
AVG Crypt4.ALVI 20150619
Avira (no cloud) BDS/Siggen.76800.1 20150619
AVware Trojan.Win32.Dridex.d (v) 20150619
Baidu-International Trojan.Win32.Dridex.P 20150619
BitDefender Trojan.Downloader.Cridex.M 20150619
Cyren W32/DridLd.CJZG-5266 20150619
DrWeb Trojan.Dyre.43 20150619
Emsisoft Trojan.Downloader.Cridex.M (B) 20150619
ESET-NOD32 Win32/Dridex.P 20150619
F-Prot W32/DridLd.BM 20150619
F-Secure Trojan.Downloader.Cridex.M 20150619
Fortinet W32/Dridex.M!tr 20150619
GData Trojan.Downloader.Cridex.M 20150619
Ikarus Backdoor.Win32.NewRest 20150619
K7AntiVirus Trojan ( 004beebb1 ) 20150619
K7GW Trojan ( 004beebb1 ) 20150619
Kaspersky HEUR:Trojan.Win32.Generic 20150619
Malwarebytes Trojan.Dridex 20150619
McAfee GenericATG-FBUU!7B9C487425BD 20150619
Microsoft Backdoor:Win32/Drixed.E 20150619
eScan Trojan.Downloader.Cridex.M 20150619
NANO-Antivirus Trojan.Win32.Dyre.dsimpk 20150619
nProtect Trojan.Downloader.Cridex.M 20150619
Panda Trj/Genetic.gen 20150619
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150618
Sophos AV Mal/EncPk-ABFO 20150619
TrendMicro TSPY_DRIDEX.SMDG 20150619
TrendMicro-HouseCall Suspicious_GEN.F47V0619 20150619
VBA32 Worm.Cridex 20150619
VIPRE Trojan.Win32.Dridex.d (v) 20150619
Zillya Worm.Cridex.Win32.659 20150619
AegisLab 20150619
Yandex 20150619
Alibaba 20150619
Bkav 20150619
ByteHero 20150619
CAT-QuickHeal 20150619
ClamAV 20150619
CMC 20150618
Comodo 20150619
Jiangmin 20150618
Kingsoft 20150619
McAfee-GW-Edition 20150619
Qihoo-360 20150619
SUPERAntiSpyware 20150619
Symantec 20150619
Tencent 20150619
TheHacker 20150619
TotalDefense 20150619
ViRobot 20150619
Zoner 20150619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-05 13:34:02
Entry Point 0x0000322A
Number of sections 5
PE sections
PE imports
CreateProcessAsUserW
GetSystemTimeAsFileTime
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:05:05 14:34:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28160

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
51200

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x322a

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 7b9c487425bd9959bc083f22de9a0101
SHA1 8e9a73b6cfc1ba8c93faf46cd32d2702dafc166b
SHA256 dac1990e6f3c84747e16f713d4e0abae1894e4e431fb6de96e00f6bcf9abdfdc
ssdeep
1536:y2Emrt6iKHyJAmCzOkLI/XBLNhk6lYxmKxM08QRzDwvttEr:ym4iKSJAmCzJI/6XuNttE

authentihash 0bb7cf07a197492ec9f8499468fe05d752621576392e5185778eef15007bdb64
imphash 5db198cd6de936655a161ee50b2be19d
File size 75.0 KB ( 76800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-19 08:59:27 UTC ( 3 years, 11 months ago )
Last submission 2018-10-04 19:04:49 UTC ( 7 months, 2 weeks ago )
File names VHzUMAe9.exe
SBOX_60B7C01C.EXE
ccb9fdf39a6d2741f4e5737c22f6a9fc
7b9c487425bd9959bc083f22de9a0101.vir
7B9C487425BD9959BC083F22DE9A0101
7B9C487425BD9959BC083F22DE9A0101.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.