× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8e773c3194dc2827a053c2eba868ebc66cbdec3af600298bdc04d8266bbe4df
File name: 39.exe
Detection ratio: 23 / 55
Analysis date: 2016-01-17 05:10:00 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2988541 20160117
ALYac Trojan.GenericKD.2988541 20160117
Arcabit Trojan.Generic.D2D99FD 20160117
Avast Win32:Malware-gen 20160116
AVG Crypt5.ABJX 20160117
Avira (no cloud) TR/Crypt.Xpack.398844 20160116
BitDefender Trojan.GenericKD.2988541 20160117
Cyren W32/Trojan.QFZL-8249 20160117
DrWeb Trojan.Dridex.288 20160117
Emsisoft Trojan.GenericKD.2988541 (B) 20160117
ESET-NOD32 Win32/Dridex.AA 20160117
F-Secure Trojan.GenericKD.2988541 20160116
GData Trojan.GenericKD.2988541 20160117
K7GW Trojan ( 004d85141 ) 20160117
Kaspersky UDS:DangerousObject.Multi.Generic 20160117
Malwarebytes Trojan.Dridex 20160117
Microsoft Backdoor:Win32/Drixed.M 20160117
eScan Trojan.GenericKD.2988541 20160117
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160117
Rising PE:Malware.XPACK/RDM!5.1 [F] 20160116
Symantec Trojan.Cridex 20160116
VIPRE Trojan.Win32.Generic!BT 20160117
ViRobot Trojan.Win32.Agent.151552.CY[h] 20160116
AegisLab 20160116
Yandex 20160116
AhnLab-V3 20160116
Alibaba 20160115
Antiy-AVL 20160117
AVware 20160111
Baidu-International 20160116
Bkav 20160116
ByteHero 20160117
CAT-QuickHeal 20160116
ClamAV 20160116
CMC 20160111
Comodo 20160117
F-Prot 20160117
Fortinet 20160117
Ikarus 20160116
Jiangmin 20160117
K7AntiVirus 20160117
McAfee 20160117
McAfee-GW-Edition 20160117
NANO-Antivirus 20160117
nProtect 20160115
Panda 20160116
Sophos AV 20160116
SUPERAntiSpyware 20160116
Tencent 20160117
TheHacker 20160116
TrendMicro 20160117
TrendMicro-HouseCall 20160117
VBA32 20160115
Zillya 20160116
Zoner 20160117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-14 10:23:14
Entry Point 0x0000105A
Number of sections 3
PE sections
Overlays
MD5 f1d3ff8443297732862df21dc4e57262
File type ASCII text
Offset 151552
Size 4
Entropy 0.00
PE imports
SetThreadContext
GetLastError
ReplaceFileA
GetProfileStringW
FreeConsole
MessageBoxA
isdigit
sin
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:14 11:23:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
8.0

EntryPoint
0x105a

InitializedDataSize
90112

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3a301c5250124b14291443e3b01c1e01
SHA1 0f8962a696fcf335ae30e0566ab28c3e53f3d3c8
SHA256 e8e773c3194dc2827a053c2eba868ebc66cbdec3af600298bdc04d8266bbe4df
ssdeep
1536:++G28BHPubcbFdjvzEoVeAyOhAvFrdc9Rv1gQw/ky3iZbRXUuLZ3/VG9:/IBHmchtNeAxK9W38/kyyn399G9

authentihash d63063e469cb119e0163f1333a9ccdac074e33bf3ed44d71ae47827c1fb3755e
imphash 1a46060b8fae7d12f130cc4fcefb3a38
File size 148.0 KB ( 151556 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-01-17 05:10:00 UTC ( 2 years, 7 months ago )
Last submission 2016-08-31 20:06:12 UTC ( 1 year, 11 months ago )
File names 39.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications