× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e3a5d8ce3f3f692ba715fe26afa2d67acce2c827a77e1a6399e47a1fc3a1bd9b
File name: 7.dll
Detection ratio: 23 / 56
Analysis date: 2015-10-28 11:58:13 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2828443 20151028
Arcabit Trojan.Generic.D2B289B 20151028
Avast Win32:Malware-gen 20151028
Avira (no cloud) TR/Crypt.Xpack.308006 20151028
Baidu-International Trojan.Win32.Dridex.P 20151028
BitDefender Trojan.GenericKD.2828443 20151028
DrWeb Trojan.Dridex.234 20151028
Emsisoft Trojan.GenericKD.2828443 (B) 20151028
ESET-NOD32 Win32/Dridex.P 20151028
F-Secure Trojan.GenericKD.2828443 20151028
Fortinet W32/Dridex.HV!tr 20151028
GData Trojan.GenericKD.2828443 20151028
K7AntiVirus Trojan ( 004c394d1 ) 20151028
K7GW Trojan ( 004c394d1 ) 20151028
Kaspersky UDS:DangerousObject.Multi.Generic 20151028
Malwarebytes Trojan.Dridex 20151028
McAfee Artemis!8B27C369DC69 20151028
McAfee-GW-Edition Artemis 20151028
eScan Trojan.GenericKD.2828443 20151028
nProtect Trojan.GenericKD.2828443 20151028
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151028
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151027
Sophos AV Troj/Dridex-HV 20151028
AegisLab 20151028
Yandex 20151027
AhnLab-V3 20151027
Alibaba 20151028
ALYac 20151028
Antiy-AVL 20151028
AVG 20151028
AVware 20151028
Bkav 20151028
ByteHero 20151028
CAT-QuickHeal 20151028
ClamAV 20151028
CMC 20151026
Comodo 20151028
Cyren 20151028
F-Prot 20151028
Ikarus 20151028
Jiangmin 20151027
Microsoft 20151028
NANO-Antivirus 20151028
Panda 20151028
SUPERAntiSpyware 20151028
Symantec 20151028
Tencent 20151028
TheHacker 20151026
TotalDefense 20151028
TrendMicro 20151028
TrendMicro-HouseCall 20151028
VBA32 20151028
VIPRE 20151028
ViRobot 20151028
Zillya 20151027
Zoner 20151028
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-10-31 18:17:01
Entry Point 0x00042E9C
Number of sections 4
PE sections
Overlays
MD5 7eaf02007e8c15ca0ee31cc67ea428ca
File type data
Offset 344064
Size 6712
Entropy 7.49
PE imports
RegRestoreKeyA
LsaQueryInformationPolicy
EncryptFileA
PrivilegeCheck
RegDeleteKeyA
GetUserNameA
ControlService
LogonUserA
RegNotifyChangeKeyValue
LsaEnumerateTrustedDomains
RegCreateKeyA
RegisterServiceCtrlHandlerA
SetDIBits
PlayEnhMetaFileRecord
GetCharABCWidthsW
SetMapMode
CreateMetaFileA
SetICMMode
CombineRgn
GetViewportOrgEx
GetSystemPaletteEntries
CreateMetaFileW
GetMetaFileW
SetPixel
EndDoc
GetMetaFileA
DeleteObject
IntersectClipRect
AngleArc
GetFontLanguageInfo
GetTextFaceA
OffsetWindowOrgEx
CreateEllipticRgn
CreatePalette
EqualRgn
CreateDIBitmap
ChoosePixelFormat
ExtCreateRegion
SetPixelFormat
SetTextAlign
StretchDIBits
ArcTo
GetTextMetricsA
CloseMetaFile
SetBitmapDimensionEx
WidenPath
ExtCreatePen
ResetDCW
GetBkColor
GetTextCharsetInfo
GetDIBColorTable
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
CreateFontIndirectA
GetEnhMetaFileW
UpdateColors
GetBitmapBits
PolyDraw
OffsetViewportOrgEx
CreateColorSpaceW
EnumFontFamiliesW
RectInRegion
GetRegionData
BitBlt
GetKerningPairsA
GetCharacterPlacementA
GetObjectA
CreateFontA
GetOutlineTextMetricsA
SetAbortProc
FrameRgn
SelectPalette
CreateEnhMetaFileA
StartDocW
SetROP2
GetNearestPaletteIndex
GetCharWidth32W
SetDIBColorTable
CreateScalableFontResourceA
CancelDC
SetPixelV
PolyPolygon
SetViewportExtEx
CreatePenIndirect
SetGraphicsMode
AddFontResourceA
CreatePen
Chord
GetClipBox
GetDeviceCaps
CreateDCA
DeleteDC
GetMapMode
GetPixelFormat
GetCharWidthW
CreateDCW
CreateBitmapIndirect
RealizePalette
CreatePatternBrush
CreateBitmap
GetStockObject
PlayEnhMetaFile
UnrealizeObject
FlattenPath
SelectClipRgn
RoundRect
GetTextExtentPoint32A
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
SetWindowOrgEx
SetTextCharacterExtra
GetTextExtentPointW
LineDDA
MaskBlt
CreatePolygonRgn
GetCharABCWidthsFloatW
Polygon
SaveDC
SetDeviceGammaRamp
GetTextCharset
GetTextExtentExPointA
RestoreDC
SetMapperFlags
GetStretchBltMode
SetDIBitsToDevice
SetTextColor
GetCurrentObject
SetMiterLimit
MoveToEx
SetViewportOrgEx
AbortPath
GetGraphicsMode
CreateCompatibleDC
StrokeAndFillPath
PolyBezier
GetCharWidth32A
SetBrushOrgEx
CreateRectRgn
RemoveFontResourceA
SelectObject
StartDocA
CopyMetaFileW
Ellipse
RemoveFontResourceW
CreateSolidBrush
CopyMetaFileA
AbortDoc
CreateCompatibleBitmap
SetSystemPaletteUse
CreateFileMappingW
GetConsoleScreenBufferInfo
CreateFileA
GetModuleHandleA
LoadLibraryW
BackupSeek
BuildCommDCBAndTimeoutsW
FreeEnvironmentStringsW
GetProcessVersion
GetCommConfig
__p__fmode
_acmdln
_adjust_fdiv
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_exit
_close
_controlfp
__set_app_type
CreateErrorInfo
GetErrorInfo
GetCursorPos
GetSystemMetrics
GetDoubleClickTime
DdeUninitialize
GetKBCodePage
FlashWindow
SetClipboardData
OemKeyScan
DdeKeepStringHandle
DdePostAdvise
GetFocus
GetForegroundWindow
GetProcessWindowStation
GetThreadDesktop
ToAsciiEx
GetKeyState
GetFileVersionInfoSizeW
VerQueryValueA
HttpSendRequestExW
FtpRenameFileA
InternetOpenW
InternetConfirmZoneCrossing
FtpOpenFileA
CoFileTimeNow
CoGetInterfaceAndReleaseStream
CoUnmarshalHresult
StgOpenStorageEx
SNB_UserFree
IIDFromString
CreateStreamOnHGlobal
StgGetIFillLockBytesOnFile
CoCreateGuid
HMENU_UserFree
CoLockObjectExternal
HPALETTE_UserSize
RevokeDragDrop
CoLoadLibrary
CoRegisterMessageFilter
OleDuplicateData
HWND_UserMarshal
CLIPFORMAT_UserFree
StgOpenStorage
HWND_UserFree
STGMEDIUM_UserUnmarshal
CoRevokeClassObject
HMENU_UserSize
CreateOleAdviseHolder
GetRunningObjectTable
OleSetClipboard
CoBuildVersion
HGLOBAL_UserFree
STGMEDIUM_UserSize
MonikerCommonPrefixWith
CLIPFORMAT_UserUnmarshal
OleRegGetUserType
StringFromGUID2
ReadClassStg
CoRegisterSurrogate
CreateBindCtx
CoTreatAsClass
OleCreateLinkFromData
HGLOBAL_UserMarshal
HACCEL_UserSize
OleNoteObjectVisible
StringFromIID
OleLoadFromStream
OleConvertIStorageToOLESTREAMEx
HBITMAP_UserUnmarshal
CreateDataCache
OleQueryLinkFromData
OleGetIconOfClass
CreateDataAdviseHolder
HACCEL_UserUnmarshal
StgCreatePropStg
ReleaseStgMedium
CoGetObject
OleIsCurrentClipboard
HPALETTE_UserMarshal
RegisterDragDrop
CoMarshalInterface
OleUninitialize
CoUninitialize
OleCreateFromData
HPALETTE_UserFree
OleDestroyMenuDescriptor
MonikerRelativePathTo
OleCreateLinkToFile
CoAddRefServerProcess
IsAccelerator
SetConvertStg
OleCreateStaticFromData
OleCreateFromFile
GetConvertStg
CoResumeClassObjects
HWND_UserUnmarshal
CreateILockBytesOnHGlobal
OleSetAutoConvert
SNB_UserMarshal
OleGetIconOfFile
CoTaskMemRealloc
CoCreateInstance
HMENU_UserUnmarshal
OleMetafilePictFromIconAndLabel
CreateStdProgressIndicator
OleQueryCreateFromData
CLIPFORMAT_UserMarshal
CoTaskMemAlloc
CoUnmarshalInterface
BindMoniker
HMENU_UserMarshal
OleFlushClipboard
OleSaveToStream
OleConvertIStorageToOLESTREAM
CoFreeUnusedLibraries
GetHGlobalFromStream
HWND_UserSize
OleSetMenuDescriptor
OleCreateFromFileEx
CoReleaseServerProcess
CoTaskMemFree
WriteFmtUserTypeStg
OleLockRunning
OleGetAutoConvert
CoGetTreatAsClass
CreatePointerMoniker
SNB_UserSize
OleCreateLink
OleSetContainedObject
GetHGlobalFromILockBytes
CoGetPSClsid
CreateAntiMoniker
OleGetClipboard
OleLoad
OleCreate
GetClassFile
CoGetClassObject
CoInitialize
OleInitialize
HACCEL_UserMarshal
STGMEDIUM_UserMarshal
CoGetStandardMarshal
PropVariantCopy
CoCreateFreeThreadedMarshaler
StgIsStorageFile
StgCreateDocfileOnILockBytes
OleCreateDefaultHandler
CLSIDFromProgID
CoReleaseMarshalData
MkParseDisplayName
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 3
RT_ACCELERATOR 2
RT_BITMAP 1
UT471Vb4A 1
RT_VERSION 1
Number of PE resources by language
FINNISH DEFAULT 6
ENGLISH EIRE 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.38.79.211

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
180224

EntryPoint
0x42e9c

OriginalFileName
Smoother.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
196, 82, 251, 195

TimeStamp
2006:10:31 19:17:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Skinless

FileDescription
Spaces

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Crofts Software

CodeSize
274432

FileSubtype
0

ProductVersionNumber
0.136.64.197

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8b27c369dc690b4cb31b3c6ff114c7bf
SHA1 e70d7594fed9fdd8791a9287255559e797b3e550
SHA256 e3a5d8ce3f3f692ba715fe26afa2d67acce2c827a77e1a6399e47a1fc3a1bd9b
ssdeep
6144:0IEBH5WzjlI/IJtLQ53Scx+dCIUpfW3srFzsVRlxqxMIFwJM0vs:0IEBH5OlOkLIiO+dCIUpfWcr9sBUMIYU

authentihash 042fec317d6646005570345706adf17a33d1f6ce7fb9095b9ca7bf2585f7e84c
imphash c35dd8ef5a6f5189169655ce2832be3d
File size 342.6 KB ( 350776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-27 07:57:31 UTC ( 3 years, 4 months ago )
Last submission 2016-01-11 04:52:59 UTC ( 3 years, 2 months ago )
File names 7.dll
svchost(3).exe
apapa.exe
e3a5d8ce3f3f692ba715fe26afa2d67acce2c827a77e1a6399e47a1fc3a1bd9b.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections