× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df01a1811b524c257cacc75ec47670f788c6e214ae6507cf6d9ccedc5b2c581d
File name: 15.exe
Detection ratio: 31 / 57
Analysis date: 2015-04-17 02:40:04 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2301585 20150417
AhnLab-V3 Win-Trojan/Malpacked6.Gen 20150417
ALYac Trojan.GenericKD.2301654 20150417
AVG Inject2.BYQK 20150417
Avira (no cloud) TR/Crypt.Xpack.188352 20150417
AVware Win32.Malware!Drop 20150417
Baidu-International Worm.Win32.Cridex.qfl 20150417
BitDefender Trojan.GenericKD.2301585 20150417
Emsisoft Trojan.GenericKD.2301585 (B) 20150417
ESET-NOD32 Win32/Dridex.N 20150417
F-Secure Trojan.GenericKD.2301585 20150417
Fortinet W32/Kryptik.DFAR!tr 20150417
GData Trojan.GenericKD.2301585 20150417
Ikarus Trojan.Win32.Dridex 20150417
K7AntiVirus Trojan ( 004bca891 ) 20150417
K7GW Trojan ( 004bca891 ) 20150417
Kaspersky Worm.Win32.Cridex.qfl 20150417
Malwarebytes Trojan.Agent.EDG 20150417
McAfee RDN/Generic.tfr!el 20150417
Microsoft TrojanDownloader:Win32/Drixed.E 20150417
eScan Trojan.GenericKD.2301585 20150417
nProtect Trojan/W32.Agent.126976.CJY 20150417
Panda Generic Suspicious 20150417
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150417
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150416
Sophos AV Troj/Agent-AMPH 20150417
Symantec Trojan.Gen.SMH 20150417
Tencent Trojan.Win32.YY.Gen.4 20150417
TrendMicro TSPY_DRIDEX.WDW 20150417
TrendMicro-HouseCall TSPY_DRIDEX.WDW 20150417
VIPRE Win32.Malware!Drop 20150417
AegisLab 20150417
Yandex 20150416
Alibaba 20150417
Antiy-AVL 20150417
Avast 20150417
Bkav 20150417
ByteHero 20150417
CAT-QuickHeal 20150417
ClamAV 20150417
CMC 20150416
Comodo 20150417
Cyren 20150417
DrWeb 20150417
F-Prot 20150417
Jiangmin 20150414
Kingsoft 20150417
McAfee-GW-Edition 20150417
NANO-Antivirus 20150417
Norman 20150417
SUPERAntiSpyware 20150417
TheHacker 20150417
TotalDefense 20150417
VBA32 20150416
ViRobot 20150417
Zillya 20150416
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name bitsprx4.dll
Internal name bitsprx4.dll
File version 6.7.2300.5512 (xpsp.080413-2108)
Description Background Intelligent Transfer Service 2.5 Proxy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-16 11:10:32
Entry Point 0x00001078
Number of sections 5
PE sections
PE imports
ClusterNodeEnum
GetClusterFromNetInterface
OfflineClusterResource
JetRestore2
GetVolumePathNameW
FileTimeToSystemTime
WaitForSingleObject
GetPrivateProfileSectionNamesW
WriteConsoleOutputCharacterW
SetConsoleCursorPosition
LocalAlloc
SetTimeZoneInformation
lstrcatA
IsValidLanguageGroup
InitializeSListHead
WaitCommEvent
EnumDateFormatsW
GetCommModemStatus
GetTempPathA
FindNextVolumeMountPointA
FillConsoleOutputCharacterA
SetTimerQueueTimer
InterlockedExchange
GlobalMemoryStatusEx
HeapReAlloc
GetConsoleSelectionInfo
FreeLibrary
LocalFree
MoveFileA
GetLogicalDriveStringsA
OutputDebugStringW
InterlockedDecrement
MoveFileW
GetStringTypeExA
OutputDebugStringA
GetUserDefaultUILanguage
EnumSystemCodePagesW
GetWriteWatch
GlobalFindAtomW
GetNamedPipeInfo
CreateTimerQueue
GlobalFindAtomA
SetConsoleScreenBufferSize
SetThreadPriority
GetProfileSectionW
WritePrivateProfileSectionW
GetVolumeInformationW
MultiByteToWideChar
FatalAppExitA
DeleteTimerQueueTimer
GetCalendarInfoA
GetVolumeNameForVolumeMountPointA
GetSystemDirectoryW
EnumSystemLanguageGroupsA
CreateSemaphoreW
ExitThread
SetHandleInformation
SetEnvironmentVariableA
SetThreadContext
WaitForMultipleObjectsEx
FindCloseChangeNotification
SearchPathW
ConvertThreadToFiber
SetCurrentDirectoryW
SetConsoleCP
RemoveVectoredExceptionHandler
LocalFileTimeToFileTime
InitializeCriticalSectionAndSpinCount
TerminateThread
lstrcmpiA
MoveFileWithProgressW
GetVersionExW
GetExitCodeProcess
ReadConsoleInputA
SetFileApisToANSI
LoadLibraryA
GlobalSize
SetProcessPriorityBoost
ExpandEnvironmentStringsA
GetProcAddress
GetNamedPipeHandleStateW
AssignProcessToJobObject
WaitNamedPipeW
lstrcmpA
GlobalFix
GlobalUnWire
EnumResourceNamesA
FreeConsole
WaitForMultipleObjects
GetBinaryTypeA
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetProcessAffinityMask
GetCurrencyFormatA
CreateFileW
SetFileApisToOEM
GetProcessTimes
LocalUnlock
GetCurrencyFormatW
FindFirstVolumeW
GetLastError
DosDateTimeToFileTime
GlobalGetAtomNameA
GetThreadLocale
BuildCommDCBW
GlobalUnlock
lstrlenW
OpenFile
EnumTimeFormatsW
GetCPInfoExW
GetFileSizeEx
ProcessIdToSessionId
BuildCommDCBAndTimeoutsW
GetAtomNameW
GetCompressedFileSizeA
CopyFileExW
CancelIo
OpenMutexA
RaiseException
TlsFree
CloseHandle
GetGeoInfoW
IsBadStringPtrW
GetDefaultCommConfigA
GetLongPathNameW
GetProcessHandleCount
IsValidCodePage
HeapCreate
FindResourceW
GetLongPathNameA
GetFileAttributesExA
LocalShrink
FindResourceA
DnsHostnameToComputerNameA
MprAdminInterfaceUpdatePhonebookInfo
MprConfigInterfaceSetInfo
MprAdminTransportGetInfo
MprConfigInterfaceCreate
MprAdminMIBEntryGet
VarUI4FromDisp
VarUI2FromI4
VarUI4FromBool
VarBstrCmp
BSTR_UserFree
VarCyFromUI2
SetupGetLineTextW
DragAcceptFiles
SHQueryRecycleBinW
ExtractAssociatedIconExW
ExtractIconW
ShowWindow
MessageBoxW
GetThreadDesktop
OpenInputDesktop
DrawTextA
tmpfile
fputws
setlocale
fwrite
remove
iswascii
fputs
putwc
free
putc
ungetwc
atof
cos
wcstombs
qsort
isprint
iswxdigit
wcscspn
isalpha
bsearch
iswspace
towupper
strcmp
PdhRemoveCounter
PdhExpandWildCardPathW
PdhParseCounterPathW
PdhSetCounterScaleFactor
URLDownloadToFileA
RevokeFormatEnumerator
CoInternetCompareUrl
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
94208

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.7.2300.5512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Background Intelligent Transfer Service 2.5 Proxy

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
bitsprx4.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.7.2300.5512 (xpsp.080413-2108)

TimeStamp
2015:04:16 11:10:32+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
bitsprx4.dll

ProductVersion
6.7.2300.5512

SubsystemVersion
4.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

FileSubtype
0

ProductVersionNumber
6.7.2300.5512

EntryPoint
0x1078

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 0698761be59428967ff587d7783cd0ab
SHA1 58b25522c5392e120197a97b18627ad14eab1b8f
SHA256 df01a1811b524c257cacc75ec47670f788c6e214ae6507cf6d9ccedc5b2c581d
ssdeep
3072:OXUXLhp2grceDYfr6/FwYviPqAfNKVFdz:Gchp227MOqLk

authentihash 28699ce381439f7db8a2c04c67a9525c52c2c9da67f53b3ee8c10993f953c9c1
imphash edaca8b0dfe77f69d337fb4ce6fa32e5
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-16 11:40:23 UTC ( 3 years, 6 months ago )
Last submission 2018-05-13 17:49:38 UTC ( 5 months, 1 week ago )
File names bad1.exe
15.exe
0698761BE59428967FF587D7783CD0AB
bitsprx4.dll
carl3a.exe
15_exe
15 (1).exe
edg52A5.exe
58B25522C5392E120197A97B18627AD14EAB1B8F
bad.exe
df01a1811b524c257cacc75ec47670f788c6e214ae6507cf6d9ccedc5b2c581d.exe
15.exe.3
carl3a.exe
0698761be59428967ff587d7783cd0ab.exe
0698761BE59428967FF587D7783CD0AB.exe
15.exe
VirusShare_0698761be59428967ff587d7783cd0ab
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications