× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc2224653e128c56d62f75b1a95dc80469217c090dff797f6a1f02b98a1df76d
File name: 55.exe
Detection ratio: 32 / 56
Analysis date: 2015-04-21 21:46:30 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2310569 20150421
AhnLab-V3 Trojan/Win32.Dyre 20150421
Avast Win32:Malware-gen 20150421
AVG Inject2.BZCY 20150421
Avira (no cloud) TR/Crypt.Xpack.190223 20150421
AVware Win32.Malware!Drop 20150421
Baidu-International Worm.Win32.Cridex.qhm 20150421
BitDefender Trojan.GenericKD.2310569 20150421
DrWeb Trojan.Dridex.85 20150421
Emsisoft Trojan.Win32.Dridex (A) 20150421
ESET-NOD32 Win32/Dridex.N 20150421
F-Secure Trojan.GenericKD.2310569 20150421
Fortinet W32/Kryptik.DFAR!tr 20150421
GData Trojan.GenericKD.2310569 20150421
Ikarus Trojan.Dridex 20150421
K7AntiVirus Trojan ( 004bca891 ) 20150421
K7GW Trojan ( 004bca891 ) 20150421
Kaspersky Worm.Win32.Cridex.qhm 20150421
Malwarebytes Trojan.Agent.EDG 20150421
McAfee Generic BackDoor.u 20150421
McAfee-GW-Edition BehavesLike.Win32.Expiro.cm 20150421
eScan Trojan.GenericKD.2310569 20150421
Panda Generic Suspicious 20150421
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150421
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150421
Sophos AV Troj/Agent-AMRP 20150421
Symantec Trojan.Gen.SMH 20150421
Tencent Trojan.Win32.Qudamah.Gen.2 20150421
TrendMicro TSPY_DRIDEX.QEC 20150421
TrendMicro-HouseCall TSPY_DRIDEX.QEC 20150421
VIPRE Win32.Malware!Drop 20150421
ViRobot Trojan.Win32.Agent.118784.DD[h] 20150421
AegisLab 20150421
Yandex 20150421
Alibaba 20150421
Antiy-AVL 20150421
Bkav 20150421
ByteHero 20150421
CAT-QuickHeal 20150421
ClamAV 20150421
CMC 20150421
Comodo 20150421
Cyren 20150421
F-Prot 20150421
Jiangmin 20150421
Kingsoft 20150421
Microsoft 20150421
NANO-Antivirus 20150421
Norman 20150421
nProtect 20150421
SUPERAntiSpyware 20150421
TheHacker 20150421
TotalDefense 20150421
VBA32 20150420
Zillya 20150421
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name bitsprx4.dll
Internal name bitsprx4.dll
File version 6.7.2300.5512 (xpsp.080413-2108)
Description Background Intelligent Transfer Service 2.5 Proxy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-20 08:11:54
Entry Point 0x00001078
Number of sections 6
PE sections
PE imports
EnumUILanguagesA
VirtualFreeEx
GetConsoleCP
DeleteAtom
GetEnvironmentStringsW
ExitThread
EnumDateFormatsExW
VarBstrCmp
SetupGetLineTextW
Ord(179)
RemovePropW
iswxdigit
cos
isalpha
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.7.2300.5512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Background Intelligent Transfer Service 2.5 Proxy

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
90112

EntryPoint
0x1078

OriginalFileName
bitsprx4.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.7.2300.5512 (xpsp.080413-2108)

TimeStamp
2015:04:20 09:11:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bitsprx4.dll

ProductVersion
6.7.2300.5512

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
45056

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.7.2300.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
PCAP parents
File identification
MD5 673626be5ea81360f526a378355e3431
SHA1 83216d6b2d2ff4f1f36685618591185c844d1133
SHA256 fc2224653e128c56d62f75b1a95dc80469217c090dff797f6a1f02b98a1df76d
ssdeep
1536:VxAX3gD9AMjcJ3r50FL8zG1rJneB3+6/pBlql+cIzbbzNq7Tz:V0rPsyT/pClIfPNgTz

authentihash 3db6e41534dffedc39ddc32bc167e9251d3f8837895bc270d0eeaecc3517a234
imphash 3c095d44a12def4923ab055d84838c47
File size 116.0 KB ( 118784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-20 08:45:19 UTC ( 4 years, 1 month ago )
Last submission 2016-03-15 01:33:00 UTC ( 3 years, 2 months ago )
File names bitsprx4.dll
baypipo.com_55.exe
159619772
FC2224653E128C56D62F75B1A95DC80469217C090DFF797F6A1F02B98A1DF76D.exe
2016-05-25_fc2224653e128c56d62f75b1a95dc80469217c090dff797f6a1f02b98a1df76d
55.bin
1_GOzWZ.mht
55.exe.1
673626be5ea81360f526a378355e3431.exe
55.exe
VirusShare_673626be5ea81360f526a378355e3431
55 (1).exe
91.exe
55.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications