× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: faad1c3dc5b263f9c367646cfd9ae4b08dfb4b4c6cb5c2dfdf06d7d5510db007
File name: faad1c3dc5b263f9c367646cfd9ae4b08dfb4b4c6cb5c2dfdf06d7d5510db007
Detection ratio: 32 / 62
Analysis date: 2017-03-23 11:08:46 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CFCS 20170323
AegisLab Ml.Attribute.Gen!c 20170323
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170323
Avast Win32:Malware-gen 20170323
AVG Atros5.YNS 20170323
Avira (no cloud) TR/Crypt.Xpack.wksvv 20170323
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170323
CAT-QuickHeal (Suspicious) - DNAScan 20170322
Comodo Heur.Packed.Unknown 20170323
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb Trojan.PWS.Siggen1.63078 20170323
Endgame malicious (high confidence) 20170317
ESET-NOD32 a variant of Win32/GenKryptik.YVO 20170323
Fortinet W32/GenKryptik.YVO!tr 20170323
Ikarus Trojan.Win32.Krypt 20170323
Sophos ML backdoor.win32.drixed.m 20170203
K7AntiVirus Trojan ( 0050954d1 ) 20170323
K7GW Trojan ( 0050954d1 ) 20170323
Kaspersky Backdoor.Win32.Dridex.dj 20170323
Malwarebytes Trojan.Dridex 20170323
McAfee Artemis!F6C7ADEF0804 20170323
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20170323
nProtect Backdoor/W32.Dridex.171520 20170323
Palo Alto Networks (Known Signatures) generic.ml 20170323
Rising Malware.Generic.2!tfe (thunder:2:UVGCd5hVtAJ) 20170323
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Mal/Generic-S 20170323
Symantec Trojan.Cridex 20170322
TrendMicro TSPY_DRIDEX.YSVJ 20170323
TrendMicro-HouseCall TSPY_DRIDEX.YSVJ 20170323
Webroot W32.Trojan.Gen 20170323
ZoneAlarm by Check Point Backdoor.Win32.Dridex.dj 20170323
AhnLab-V3 20170323
Alibaba 20170323
ALYac 20170323
Arcabit 20170323
AVware 20170323
BitDefender 20170323
Bkav 20170322
ClamAV 20170323
CMC 20170317
Cyren 20170323
Emsisoft 20170323
F-Prot 20170323
F-Secure 20170323
GData 20170323
Jiangmin 20170323
Kingsoft 20170323
Microsoft 20170323
eScan 20170323
NANO-Antivirus 20170323
Panda 20170322
Qihoo-360 20170323
SUPERAntiSpyware 20170323
Symantec Mobile Insight 20170322
Tencent 20170323
TheHacker 20170321
TotalDefense 20170323
Trustlook 20170323
VBA32 20170323
VIPRE 20170323
ViRobot 20170323
WhiteArmor 20170315
Yandex 20170321
Zillya 20170322
Zoner 20170323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-22 15:51:01
Entry Point 0x0000CE80
Number of sections 19
PE sections
PE imports
GetComputerNameW
CommConfigDialogW
GetModuleHandleW
GetTickCount
FreeConsole
SetThreadPriorityBoost
GetCommandLineA
GetProcAddress
GlobalUnfix
GetSaveFileNameA
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:03:22 16:51:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
52736

LinkerVersion
4.0

EntryPoint
0xce80

InitializedDataSize
134144

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 f6c7adef0804ba566f7899ab9619138c
SHA1 f30495195876e9342e74b131470b71596429491f
SHA256 faad1c3dc5b263f9c367646cfd9ae4b08dfb4b4c6cb5c2dfdf06d7d5510db007
ssdeep
3072:ZD/2bY3+Py+iocs2tCub7W/lOdAc/IpEMB8q1mgq2pe:5aY3+aloc8BRVBsgu

authentihash 4228c9d2bdefc13594124f08ece5eaaca50e1910dbd83c5e836e9e8ecf62757a
imphash e9d1f69a5d1dc0b915ffeddde94816e5
File size 167.5 KB ( 171520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-22 12:11:42 UTC ( 2 years ago )
Last submission 2017-03-24 00:41:02 UTC ( 2 years ago )
File names dridex
polivan2.exe
polivan2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!