× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: efd9fdeb6dd07c6803ebc1579c4c6db33607d303c99dc566f4e4b8e9660936e0
File name: Dyre.exe
Detection ratio: 42 / 56
Analysis date: 2016-08-18 12:13:48 UTC ( 9 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2861860 20160818
AegisLab Troj.Generickd!c 20160818
AhnLab-V3 Trojan/Win32.Agent.N1778941819 20160818
ALYac Trojan.GenericKD.2861860 20160818
Antiy-AVL Trojan/Win32.Crypt 20160818
Arcabit Trojan.Generic.D2BAB24 20160818
Avast Win32:Evo-gen [Susp] 20160818
AVG Crypt5.KSW 20160818
Avira (no cloud) TR/Agent.537600.42 20160818
AVware Trojan.Win32.Generic!BT 20160818
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160818
BitDefender Trojan.GenericKD.2861860 20160818
Bkav W32.XlaphaND.Trojan 20160816
CAT-QuickHeal Trojan.Dynamer.27364 20160818
Comodo UnclassifiedMalware 20160818
Cyren W32/Trojan.LRTW-5724 20160818
DrWeb Trojan.Dyre.686 20160818
Emsisoft Trojan.Win32.Dyre (A) 20160818
ESET-NOD32 Win32/Battdil.AX 20160818
F-Secure Trojan.GenericKD.2861860 20160818
Fortinet W32/Kryptik.EEHC!tr 20160818
GData Trojan.GenericKD.2861860 20160818
Ikarus Trojan.Win32.Crypt 20160818
Jiangmin Trojan.Dyre.a 20160818
K7AntiVirus Trojan ( 004d65cb1 ) 20160818
K7GW Trojan ( 004d65cb1 ) 20160818
Kaspersky UDS:DangerousObject.Multi.Generic 20160818
Malwarebytes Spyware.Dyre 20160818
McAfee GenericR-FAI!2AB61D0F4339 20160818
McAfee-GW-Edition BehavesLike.Win32.Ramnit.hc 20160818
Microsoft PWS:Win32/Dyzap 20160818
eScan Trojan.GenericKD.2861860 20160818
NANO-Antivirus Trojan.Win32.Dyre.dzbpch 20160818
Panda Trj/Genetic.gen 20160818
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160818
Rising Trojan.Generic-ouUvZ9AaslC (Cloud) 20160818
Sophos Troj/Upatre-SQ 20160818
SUPERAntiSpyware Trojan.Agent/Gen-Upatre 20160818
Symantec Trojan.Dropper 20160818
VIPRE Trojan.Win32.Generic!BT 20160818
Yandex Trojan.Battdil! 20160817
Zillya Trojan.Kryptik.Win32.817296 20160817
Alibaba 20160818
ClamAV 20160818
CMC 20160818
F-Prot 20160818
Kingsoft 20160818
nProtect 20160817
Tencent 20160818
TheHacker 20160817
TotalDefense 20160818
TrendMicro 20160818
TrendMicro-HouseCall 20160818
VBA32 20160817
ViRobot 20160818
Zoner 20160818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Intermediate Fox Launcher Software©. All rights reserved.

Product Intermediate Fox Launcher Software
File version 1.2
Description Intermediate Fox Launcher Software
Comments Intermediate Fox Launcher Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-18 10:05:43
Entry Point 0x0007EA89
Number of sections 5
PE sections
PE imports
RegQueryValueExA
OpenServiceW
QueryServiceConfigW
ControlService
InitializeAcl
ControlTraceW
CloseTrace
SetSecurityDescriptorDacl
CloseServiceHandle
RegFlushKey
ChangeServiceConfig2W
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegConnectRegistryW
AddAccessAllowedAce
RegQueryValueExW
EqualSid
GetTokenInformation
StartTraceW
UnregisterTraceGuids
RegQueryInfoKeyW
GetLengthSid
TraceEvent
RegQueryInfoKeyA
ProcessTrace
RevertToSelf
LogonUserW
RegSetValueExW
FreeSid
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
ChangeServiceConfigW
ReportEventA
OpenTraceW
GetOpenFileNameW
CryptUnprotectData
CryptProtectData
GetTextExtentPoint32W
GetUserDefaultUILanguage
GetLastError
HeapFree
SystemTimeToFileTime
ReadFile
UnmapViewOfFile
FileTimeToSystemTime
lstrlenA
lstrcmpiA
WaitForSingleObject
SetEvent
HeapDestroy
DebugBreak
DisableThreadLibraryCalls
FlushFileBuffers
lstrcmpiW
FlushViewOfFile
lstrlenW
GetLocalTime
GetCurrentProcess
UnlockFile
FileTimeToLocalFileTime
GetCurrentProcessId
lstrcatA
SearchPathW
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
HeapSize
WaitForMultipleObjects
InterlockedCompareExchange
TerminateThread
GetProcessHeap
lstrcpynW
CreateMutexA
SetFilePointer
lstrcpyW
SetEndOfFile
WideCharToMultiByte
ExpandEnvironmentStringsW
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
lstrcpyA
CreateMutexW
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
lstrcmpW
HeapReAlloc
LockFile
lstrcatW
LocalFree
TerminateProcess
CreateEventW
GetTimeZoneInformation
HeapCreate
CreateEventA
InterlockedDecrement
ReleaseMutex
HeapAlloc
GetCurrentThreadId
SetLastError
InterlockedIncrement
CoInitializeEx
CoCreateInstance
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoInitializeSecurity
CoUninitialize
CoGetInterfaceAndReleaseStream
CoSetProxyBlanket
SafeArrayGetLBound
SafeArrayGetElement
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayGetUBound
SysFreeString
VariantInit
SetupLogFileA
SetupGetTargetPathA
SetupGetFileQueueCount
SetFocus
GetParent
EndDialog
CheckRadioButton
ShowWindow
MessageBeep
SetWindowPos
SetWindowLongW
MessageBoxW
GetWindowRect
EnableWindow
DialogBoxParamW
SendDlgItemMessageW
IsWindowEnabled
GetDlgItemTextW
PostMessageW
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SetWindowTextA
SendMessageW
wsprintfW
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
WinHelpA
LoadCursorA
IsDlgButtonChecked
GetWindowTextW
GetDesktopWindow
GetFocus
GetWindowLongW
SetCursor
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 6
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
SWEDISH FINLAND 14
PE resources
ExifTool file metadata
LegalTrademarks
Intermediate Fox Launcher Software . 2014

UninitializedDataSize
24576

Comments
Intermediate Fox Launcher Software

LinkerVersion
6.0

ImageVersion
4.0

FileSubtype
0

FileVersionNumber
1.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
19456

EntryPoint
0x7ea89

MIMEType
application/octet-stream

LegalCopyright
Intermediate Fox Launcher Software . All rights reserved.

FileVersion
1.2

TimeStamp
2015:06:18 11:05:43+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.2.0.0

FileDescription
Intermediate Fox Launcher Software

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Shell Design Inc.

CodeSize
517120

ProductName
Intermediate Fox Launcher Software

ProductVersionNumber
1.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2ab61d0f4339829ac1e4bf77b7fac104
SHA1 39228d329907e64e7afddc5e3918d3084db85028
SHA256 efd9fdeb6dd07c6803ebc1579c4c6db33607d303c99dc566f4e4b8e9660936e0
ssdeep
6144:aD3JA2SgecRc+CvLv6cdVHd50mA+O+cZ3isUuEpB8FWkYyL0LhVoqesP3A:wDe8cbjjHF68sUqDhL08s4

authentihash d90f51149ce9c0ba16bd5cd4978f749e76428df933377041d9b52e9b8b11d16b
imphash 260e5172cc1de94c21487d2acbc8d170
File size 525.0 KB ( 537600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-09 11:52:31 UTC ( 1 year, 6 months ago )
Last submission 2015-12-31 19:42:05 UTC ( 1 year, 4 months ago )
File names Dyre.exe
efd9fdeb6dd07c6803ebc1579c4c6db33607d303c99dc566f4e4b8e9660936e0.bin
wJvwDGUgbepLTtq.exe
UGeJIyKpjauGPnm.exe
out.bin
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R000C0EKC15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs