× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ef3e11a6e0a354843a6d5b8002d3dec143e97f426e5613f9e2429c37b8eef30a
File name: Frifox_19.exe
Detection ratio: 19 / 57
Analysis date: 2015-04-21 21:14:58 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2313709 20150421
AhnLab-V3 Trojan/Win32.Dyre 20150421
Avast Win32:Malware-gen 20150421
AVG Ransomer.HCZ 20150421
Avira (no cloud) TR/Dropper.Gen 20150421
AVware Win32.Malware!Drop 20150421
Baidu-International Trojan.Win32.Battdil.P 20150421
Comodo TrojWare.Win32.Battdil.AD 20150421
DrWeb Trojan.Dyre.139 20150421
Emsisoft Trojan.Win32.Dyre (A) 20150421
ESET-NOD32 a variant of Win32/Battdil.P 20150421
Fortinet W32/Battdil.P!tr 20150421
Ikarus Trojan.Win32.Battdil 20150421
Kaspersky UDS:DangerousObject.Multi.Generic 20150421
McAfee Artemis!EB9BC0E306B9 20150421
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150421
Sophos AV Mal/Generic-L 20150421
TrendMicro-HouseCall Suspicious_GEN.F47V0421 20150421
VIPRE Win32.Malware!Drop 20150421
AegisLab 20150421
Yandex 20150421
Alibaba 20150421
ALYac 20150421
Antiy-AVL 20150421
BitDefender 20150421
Bkav 20150421
ByteHero 20150421
CAT-QuickHeal 20150421
ClamAV 20150421
CMC 20150421
Cyren 20150421
F-Prot 20150421
F-Secure 20150421
GData 20150421
Jiangmin 20150421
K7AntiVirus 20150421
K7GW 20150421
Kingsoft 20150421
Malwarebytes 20150421
McAfee-GW-Edition 20150421
Microsoft 20150421
eScan 20150421
NANO-Antivirus 20150421
Norman 20150421
nProtect 20150421
Panda 20150421
Rising 20150421
SUPERAntiSpyware 20150421
Symantec 20150421
Tencent 20150421
TheHacker 20150421
TotalDefense 20150421
TrendMicro 20150421
VBA32 20150420
ViRobot 20150421
Zillya 20150421
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-20 16:20:11
Entry Point 0x00003820
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
CryptHashData
CryptCreateHash
CloseServiceHandle
CreateWellKnownSid
OpenProcessToken
CreateServiceW
GetTokenInformation
CryptReleaseContext
SetServiceStatus
RegisterServiceCtrlHandlerW
CryptAcquireContextW
CryptDestroyHash
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
StartServiceCtrlDispatcherW
EqualSid
CreateToolhelp32Snapshot
GetLastError
HeapFree
CreateFileMappingW
LoadResource
GetModuleFileNameW
OpenThread
WaitForSingleObject
FindResourceW
SetEvent
QueryPerformanceCounter
HeapAlloc
lstrcmpiW
GetCommandLineW
lstrlenW
Process32NextW
CreateProcessW
GetCurrentProcess
SizeofResource
GetCurrentDirectoryW
GetFileSize
OpenProcess
LockResource
GetModuleHandleW
DeleteFileW
GetProcAddress
Process32FirstW
GetCurrentThread
GetProcessId
SetFilePointer
lstrcpyW
CreateThread
MapViewOfFile
GetModuleHandleA
ReadFile
lstrcpyA
CloseHandle
OpenMutexW
lstrcatW
IsWow64Process
CreateEventW
GetWindowsDirectoryW
OutputDebugStringW
WriteFile
CreateFileW
VirtualFree
Sleep
WriteConsoleW
ExitProcess
OpenSemaphoreW
VirtualAlloc
SetLastError
SHGetFolderPathW
StrStrIW
GetWindow
GetKeyboardType
wsprintfW
NtQuerySystemInformation
NtMapViewOfSection
Number of PE resources by type
RT_RCDATA 3
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:04:20 17:20:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12800

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
383488

SubsystemVersion
5.1

EntryPoint
0x3820

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 eb9bc0e306b955d04a9334e28d3bdce2
SHA1 eabe9254c763b8cce287e676214dfec0cc8d8a6a
SHA256 ef3e11a6e0a354843a6d5b8002d3dec143e97f426e5613f9e2429c37b8eef30a
ssdeep
6144:s6Yvtn/02CukbKh+VPzFGfaDok/RE2GuugFAKyYmhA9s7uHHCifFgpUxYZRihE:s6Yvtn/0OhoaaN5ouL6VA9iKptgixF

authentihash 06cee16c5e2a42eaa9104e1c9e325ee0193e7216c1b627c53581c987ee825cd3
imphash e87f667e263240de84ac7f3b323ea3b8
File size 388.0 KB ( 397312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-21 10:37:15 UTC ( 4 years ago )
Last submission 2018-03-14 13:43:11 UTC ( 1 year, 2 months ago )
File names cSYTETHpSNWTmJF.exe
ef3e11a6e0a354843a6d5b8002d3dec143e97f426e5613f9e2429c37b8eef30a.exe
cLTqujmCJJWxjDB.exe
eb9bc0e306b955d04a9334e28d3bdce2
eb9bc0e306b955d04a9334e28d3bdce2.exe
Frifox_14.exe
qCJcYrbLXUxYvqF.exe
jxpiinstall.exe
Frifox_19.exe
WindowsDriver_36.exe
ncmjsuIwXUUwkcT.exe
WindowsDriver_16.exe
jxpiinstall[1].exe
VirusShare_eb9bc0e306b955d04a9334e28d3bdce2
cLTqujmCJJWxjDB.exe
YXKxtcpsiGsUQUo.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications