× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dba5d3b96a6065660250d36d8eb56744a2b88f71bbd6fcced15394cb7efd0ea2
File name: fileman.exe
Detection ratio: 40 / 57
Analysis date: 2016-04-25 12:01:06 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3170278 20160425
AhnLab-V3 Trojan/Win32.Dridex 20160425
ALYac Trojan.GenericKD.3170278 20160425
Antiy-AVL Trojan/Win32.TSGeneric 20160425
Arcabit Trojan.Generic.D305FE6 20160425
Avast Win32:Trojan-gen 20160425
AVG Crypt5.AZNX 20160425
Avira (no cloud) TR/Crypt.Xpack.iqyh 20160425
AVware Win32.Malware!Drop 20160425
BitDefender Trojan.GenericKD.3170278 20160425
CAT-QuickHeal Trojan.Yakes.r11 20160425
Comodo TrojWare.Win32.Kryptik.~EVEF 20160425
Cyren W32/Cridex.SUAO-1562 20160425
DrWeb Trojan.Dridex.393 20160425
Emsisoft Trojan.Win32.Dridex (A) 20160425
ESET-NOD32 a variant of Win32/Kryptik.EVEF 20160425
F-Prot W32/Cridex.CP 20160425
F-Secure Trojan.GenericKD.3170278 20160425
Fortinet W32/Kryptik.EVEF!tr 20160425
GData Trojan.GenericKD.3170278 20160425
Ikarus Trojan.Dridex 20160425
K7AntiVirus Trojan ( 0001140e1 ) 20160425
K7GW Trojan ( 0001140e1 ) 20160425
Kaspersky Trojan.Win32.Yakes.pnul 20160425
Malwarebytes Trojan.Dridex 20160425
McAfee Artemis!8DCE66933CD5 20160425
McAfee-GW-Edition Artemis!Trojan 20160425
Microsoft Backdoor:Win32/Drixed 20160425
eScan Trojan.GenericKD.3170278 20160425
Panda Trj/CI.A 20160424
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160425
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160425
Sophos AV Troj/Dridex-TH 20160425
Symantec Trojan.Cridex 20160425
Tencent Win32.Trojan.Yakes.Efbq 20160425
TrendMicro TSPY_DRIDEX.YYSTF 20160425
TrendMicro-HouseCall TSPY_DRIDEX.YYSTF 20160425
VIPRE Win32.Malware!Drop 20160425
ViRobot Trojan.Win32.Agent.156160.N[h] 20160425
Yandex Trojan.Yakes!HhJP7X2Z1mM 20160424
AegisLab 20160425
Alibaba 20160425
Baidu 20160422
Baidu-International 20160425
Bkav 20160423
ClamAV 20160425
CMC 20160421
Jiangmin 20160425
Kingsoft 20160425
NANO-Antivirus 20160425
nProtect 20160422
SUPERAntiSpyware 20160425
TheHacker 20160424
TotalDefense 20160421
VBA32 20160425
Zillya 20160425
Zoner 20160425
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Rastapi.dll
Internal name Rpstapi.dll
File version 5.3.3703.5512 (xpsp.080413-0852)
Description Remote Access TAPI Compliance Layer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 02:16:34
Entry Point 0x00029500
Number of sections 17
PE sections
PE imports
Heap32ListFirst
GetNamedPipeInfo
FileTimeToSystemTime
GetModuleFileNameW
GetDriveTypeA
HeapAlloc
WriteProcessMemory
SetupComm
UnlockFile
TerminateThread
LCMapStringW
lstrcatA
SetVolumeMountPointA
GetWindowsDirectoryA
LoadModule
FlushInstructionCache
GetCurrentThread
QueryDepthSList
CompareStringW
LocalFlags
LoadLibraryW
IsSystemResumeAutomatic
GetFirmwareEnvironmentVariableA
SetConsoleTitleA
FreeConsole
lstrcmpA
lstrcmpW
GetDiskFreeSpaceA
GetGeoInfoW
GetProcessAffinityMask
SearchPathW
OpenJobObjectW
GetNumberFormatA
FatalExit
SearchPathA
FindAtomA
WriteProfileSectionW
GetFullPathNameW
GetFileAttributesExA
GetSystemWindowsDirectoryW
SetMailslotInfo
ReadFileScatter
VarUI2FromR4
VarUI2FromStr
DragQueryFileW
GetWindowLongA
SetPropW
PtInRect
setvbuf
PdhGetFormattedCounterArrayA
PdhLookupPerfNameByIndexW
ReleaseBindInfo
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
7168

LinkerVersion
2.32

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.3.3703.5512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Remote Access TAPI Compliance Layer

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug

CharacterSet
Unicode

InitializedDataSize
42753

EntryPoint
0x29500

OriginalFileName
Rastapi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.3.3703.5512 (xpsp.080413-0852)

TimeStamp
1970:01:01 03:16:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rpstapi.dll

ProductVersion
5.3.3703.5512

SubsystemVersion
4.0

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
51200

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.3703.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8dce66933cd5abb1821889ba4746a1b7
SHA1 90eac3c2960cf8fc3959a01acef33b2f9d42b45c
SHA256 dba5d3b96a6065660250d36d8eb56744a2b88f71bbd6fcced15394cb7efd0ea2
ssdeep
3072:/+LVm7uEpm94Cu9sClKFUAWWPo1g0Ru/eDT:/+LVmXQi1sClyB7Sz8eD

authentihash 3a6dd63f7b1c3d005c457af4630da761e80db392631a6d050801946e07ed3bd3
imphash 2d70c849209ba5575ab8638f5c4cbb1c
File size 152.5 KB ( 156160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-21 16:54:20 UTC ( 2 years, 6 months ago )
Last submission 2018-10-09 13:28:19 UTC ( 1 week, 5 days ago )
File names 8dce66933cd5abb1821889ba4746a1b7.exe4
Rpstapi.dll
7awgydhiu.ex1
8dce66933cd5abb1821889ba4746a1b7
loader.med.122.cr.exe4
fileman.exe
Rastapi.dll
alarm.exe
8dce66933cd5abb1821889ba4746a1b7
radB3269.tmp.exe
7awgydhiu.fbi
radB0D2F.tmp
8dce66933cd5abb1821889ba4746a1b7.exe
assets.php
dridex-dropper.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications