× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffb6cf0788bc9fef9314085cf23fbdf87bfde9c3b78f014d5fd3e76d769cc82c
File name: 3a85cbd54b6c1afadaf06fbc6f1ef9b4
Detection ratio: 53 / 64
Analysis date: 2017-07-13 04:13:14 UTC ( 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5243093 20170713
AegisLab Ml.Attribute.Gen!c 20170713
AhnLab-V3 Trojan/Win32.Dridex.R201762 20170712
ALYac Trojan.Dridex.A 20170713
Antiy-AVL Trojan[Backdoor]/Win32.Dridex 20170713
Arcabit Trojan.Generic.D5000D5 20170713
Avast Win32:Malware-gen 20170713
AVG Win32:Malware-gen 20170713
Avira (no cloud) TR/Crypt.ZPACK.rbpif 20170713
AVware Trojan.Win32.Generic!BT 20170713
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170712
BitDefender Trojan.GenericKD.5243093 20170713
CAT-QuickHeal Backdoor.Drixed 20170712
ClamAV Win.Trojan.Agent-6329513-0 20170713
Comodo UnclassifiedMalware 20170713
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cylance Unsafe 20170713
Cyren W32/Trojan.YOQG-2034 20170713
DrWeb Trojan.DownLoader24.63412 20170713
Emsisoft Trojan.GenericKD.5243093 (B) 20170713
ESET-NOD32 Win32/Dridex.BC 20170713
F-Prot W32/Dridex.KN 20170713
F-Secure Trojan.GenericKD.5243093 20170713
Fortinet W32/Dridex.BC!tr 20170629
GData Trojan.GenericKD.5243093 20170713
Ikarus Trojan.Win32.Dridex 20170712
Sophos ML heuristic 20170607
K7AntiVirus Trojan ( 0050b6cb1 ) 20170713
K7GW Trojan ( 0050b6cb1 ) 20170712
Kaspersky Backdoor.Win32.Dridex.lb 20170712
Malwarebytes Trojan.Dridex 20170713
MAX malware (ai score=83) 20170713
McAfee Generic.acf 20170713
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20170712
Microsoft Backdoor:Win32/Drixed 20170712
eScan Trojan.GenericKD.5243093 20170713
NANO-Antivirus Trojan.Win32.Dridex.epsunz 20170713
nProtect Backdoor/W32.Dridex.135168.B 20170713
Panda Trj/WLT.C 20170712
Rising Backdoor.Dridex!8.3226 (ktse) 20170713
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Troj/Dridex-YD 20170713
Symantec Trojan.Cridex 20170713
Tencent Win32.Backdoor.Dridex.Llrh 20170713
TrendMicro TSPY_DRIDEX.THFOB 20170713
TrendMicro-HouseCall TSPY_DRIDEX.THFOB 20170713
VBA32 Backdoor.Dridex 20170712
VIPRE Trojan.Win32.Generic!BT 20170713
ViRobot Trojan.Win32.U.Agent.135168.Q 20170713
Webroot W32.Malware.Gen 20170713
Yandex Backdoor.Dridex! 20170712
Zillya Trojan.Dridex.Win32.795 20170712
ZoneAlarm by Check Point Backdoor.Win32.Dridex.lb 20170713
Alibaba 20170713
Bkav 20170713
CMC 20170712
Endgame 20170706
Jiangmin 20170713
Kingsoft 20170713
Palo Alto Networks (Known Signatures) 20170713
Qihoo-360 20170713
SUPERAntiSpyware 20170713
Symantec Mobile Insight 20170713
TheHacker 20170712
TotalDefense 20170712
Trustlook 20170713
WhiteArmor 20170713
Zoner 20170713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdfa.dll
Internal name kbdfa (3.13)
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Persian Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-02 02:48:54
Entry Point 0x00003C40
Number of sections 7
PE sections
PE imports
LogonUserW
GetQueuedCompletionStatus
GetModuleHandleA
GetCommandLineW
GetTickCount
FreeResource
FreeEnvironmentStringsW
GetProcAddress
GetLocalTime
StrRStrIW
GetTitleBarInfo
InsertMenuW
LookupIconIdFromDirectoryEx
DeletePrinter
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
104039836

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x3c40

OriginalFileName
kbdfa.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:06:02 03:48:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdfa (3.13)

ProductVersion
6.1.7600.16385

FileDescription
Persian Keyboard Layout

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 3a85cbd54b6c1afadaf06fbc6f1ef9b4
SHA1 9c4a8786144bc43b06e37e2cbd9ecb4cb0332627
SHA256 ffb6cf0788bc9fef9314085cf23fbdf87bfde9c3b78f014d5fd3e76d769cc82c
ssdeep
3072:/VxodRgQoYG+B0Fiu8UIdx+b/BMbiwKO:/VxocQoD+M78m2uwK

authentihash a2b727716795f05411b33b8bf8c8ce1a2cd163b7686d03a537582a33fdbe7dd0
imphash 0cc5ccbe0a29e00a40abec19cb958825
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-02 09:37:01 UTC ( 1 month, 2 weeks ago )
Last submission 2017-07-13 04:13:14 UTC ( 1 week ago )
File names 3a85cbd54b6c1afadaf06fbc6f1ef9b4.exe
3a85cbd54b6c1afadaf06fbc6f1ef9b4
hH60bd.exe
miniramon8.exe
kbdfa.dll
miniramon8.exe.2559846690.DROPPED
kbdfa (3.13)
miniramon8.exe
B.exe
A.exe
3a85cbd54b6c1afadaf06fbc6f1ef9b4
miniramon8.exe.3208.dr
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications