× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: edfa4219e26ee78f69170a9d90bbe12fc5dc86e1f2671102735e06d89cdef9ba
File name: 0976gg.exe
Detection ratio: 1 / 54
Analysis date: 2016-01-22 09:28:58 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Qihoo-360 QVM19.1.Malware.Gen 20160122
Ad-Aware 20160122
AegisLab 20160122
Yandex 20160121
AhnLab-V3 20160121
Alibaba 20160122
ALYac 20160122
Antiy-AVL 20160122
Arcabit 20160122
Avast 20160122
AVG 20160121
Avira (no cloud) 20160122
Baidu-International 20160122
BitDefender 20160122
Bkav 20160121
ByteHero 20160122
CAT-QuickHeal 20160122
ClamAV 20160122
CMC 20160111
Comodo 20160122
Cyren 20160122
DrWeb 20160122
Emsisoft 20160122
ESET-NOD32 20160122
F-Prot 20160122
F-Secure 20160122
Fortinet 20160122
GData 20160122
Ikarus 20160122
Jiangmin 20160122
K7AntiVirus 20160122
K7GW 20160122
Kaspersky 20160122
Malwarebytes 20160122
McAfee 20160122
McAfee-GW-Edition 20160122
Microsoft 20160122
eScan 20160122
NANO-Antivirus 20160122
nProtect 20160121
Panda 20160121
Rising 20160122
Sophos AV 20160122
SUPERAntiSpyware 20160122
Symantec 20160121
Tencent 20160122
TheHacker 20160119
TrendMicro 20160122
TrendMicro-HouseCall 20160122
VBA32 20160121
VIPRE 20160122
ViRobot 20160122
Zillya 20160121
Zoner 20160122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name MSAATEXT.DLL
Internal name MSAAText
File version 2.4.010413 (win7_rtm.090713-1255)
Description Active Accessibility text support
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 18:12:16
Entry Point 0x0002F820
Number of sections 14
PE sections
PE imports
EnumResourceTypesA
WriteProfileSectionA
GetTimeFormatW
LoadLibraryExA
GetFirmwareEnvironmentVariableW
GlobalFlags
SetEvent
SetFileApisToOEM
HeapQueryInformation
BuildCommDCBAndTimeoutsW
VirtualFree
FreeConsole
IsValidLocale
GetProcAddress
GetProfileSectionA
SetThreadIdealProcessor
MprAdminInterfaceGetInfo
SHLoadNonloadedIconOverlayIdentifiers
IsWindowEnabled
wsprintfA
GetClassLongA
wsprintfW
strncmp
fputs
wcstombs
memcpy
puts
CoCreateInstance
PdhParseCounterPathA
HlinkGoBack
Number of PE resources by type
REGISTRY 5
TYPELIB 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
3.17

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
2.4.10413.0

UninitializedDataSize
6656

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
42752

EntryPoint
0x2f820

OriginalFileName
MSAATEXT.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
2.4.010413 (win7_rtm.090713-1255)

TimeStamp
1970:01:01 19:12:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSAAText

ProductVersion
6.3.7600.16385

FileDescription
Active Accessibility text support

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
48128

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 9cc3529fe792abe1ec9e3b5d55716e50
SHA1 d6f43b26e5332d258b5a9aed01c55d52253b154c
SHA256 edfa4219e26ee78f69170a9d90bbe12fc5dc86e1f2671102735e06d89cdef9ba
ssdeep
3072:dDgdu++wI0RcuxDnFgyiS9l5muA/EigbhkPPkKl0tR0:1v++r0RfxDnFPyugcbhkPhlg

authentihash 4dc4aa12ac9eb564f0e8569951c59b3575deb7e1312d40fa55324ee1fe660179
imphash 1c5d06c173048e4a5d005c57216d16c1
File size 184.5 KB ( 188928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-22 09:04:29 UTC ( 1 year, 10 months ago )
Last submission 2017-08-21 06:18:13 UTC ( 3 months ago )
File names dridex_2
0976gg.exe
MSAATEXT.DLL
d6f43b26e5332d258b5a9aed01c55d52253b154c.exe
d6f43b26e5332d258b5a9aed01c55d52253b154c.exe
6767d7e9-a9ef-8583-fe5c-eea8bcee45f7
doggyna.exe
doggyna.exe
MSAAText
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications