19b0d10a66da8ca25bcb0daf85bc4017

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2015-Mar-31 07:11:42

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: text
Unusual section name found: nn34
The PE only has 1 import(s).
Malicious VirusTotal score: 20/56 (Scanned on 2015-04-23 08:04:31) MicroWorld-eScan: Trojan.Generic.13178935
nProtect: Trojan.Generic.13178935
Malwarebytes: Trojan.Dridex
VIPRE: Trojan.Win32.Generic!BT
SUPERAntiSpyware: Trojan.Agent/Gen-Backdoor
TrendMicro-HouseCall: TROJ_GEN.R047H09DK15
Avast: Win64:Malware-gen
Kaspersky: UDS:DangerousObject.Multi.Generic
BitDefender: Trojan.Generic.13178935
Ad-Aware: Trojan.Generic.13178935
Emsisoft: Trojan.Generic.13178935 (B)
Comodo: UnclassifiedMalware
F-Secure: Trojan:W64/Dridex.D
GData: Trojan.Generic.13178935
ALYac: Trojan.Generic.13178935
AVware: Trojan.Win32.Generic!BT
ESET-NOD32: Win64/Dridex.D
Ikarus: Trojan.Win64.Dridex
Fortinet: W64/Dridex.D!tr
Baidu-International: Trojan.Win64.Dridex.D

Hashes

MD5 19b0d10a66da8ca25bcb0daf85bc4017
SHA1 12701102c78229783992516e538c4392ed4b6cb7
SHA256 2db934f49397a4bb7ce526c0eb6404c3adcd55b3a75d87893535cd06c480a859
SHA3 379cd2032c4453ce8b4ac01e8977f35d7e88319c5cb8f3a451f6aa1f861bbb28
SSDeep 6144:SwlfoJM/UGI6/LaGZyr1UI+lbhIyZbrZC:SYAGcG3LaGaUIWWy1
Imports Hash a66ce7a44fd631da600cd50966a36127

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2015-Mar-31 07:11:42
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 16.0
SizeOfCode 0x6000
SizeOfInitializedData 0x5b000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000006170 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x7c000000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x62000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 61070c5b3fe93f4bc3479e34eb325bff
SHA1 c8f906544fea551f0e2c9b16fbb2ae689464ea20
SHA256 eb0dc15ae05eb4557f49fbaaa751ebdf18819f0ad14f5cf752cc781ffe41009c
SHA3 2f8e2ef8e7aeb7af7b4ba188ecde0972830e52b279f2d01f154b880d31832e43
VirtualSize 0x532f
VirtualAddress 0x1000
SizeOfRawData 0x6000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.22295

.data

MD5 d89971a1e59f8b7e57d017a35845f1b2
SHA1 1e10449b64b91a2763cf8cb59c5b927202ae8231
SHA256 c39d12fe1340b5faef47f04cfea3aac1b407ae73db95d91882652e110d883922
SHA3 27cb925dbf033be20a112e3f5d3da058ca1e9dd82dc0f43c54d5875c6c8cafe5
VirtualSize 0x9bb0
VirtualAddress 0x7000
SizeOfRawData 0x1000
PointerToRawData 0x7000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.4568

.pdata

MD5 95af56981606750f5ba6631031cc407c
SHA1 ddf5c6cfdcc9b6f7b5b508d63aef26e420b4c6c7
SHA256 2a5536e6e754860e2b8683f42dd6fbeeaa19fbab4411dd592a8c9557ec960224
SHA3 56296e6b27b935b7bc9a09308ccad0665365b5c17b87333dbb7a36074616935e
VirtualSize 0xc
VirtualAddress 0x11000
SizeOfRawData 0x1000
PointerToRawData 0x8000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.018529

text

MD5 01ef909e183fc06078040b67f3e53285
SHA1 46259a8759673da3aa3b4262ff84318e06f34c30
SHA256 e4c3de017197039b4a9e36d08b06428e82855af43290c469921179b1439c66e4
SHA3 157b77283c85c3f1b473e3e5a117c9881e4982d922306e789b6961f0a306805f
VirtualSize 0x1f429
VirtualAddress 0x12000
SizeOfRawData 0x20000
PointerToRawData 0x9000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_TYPE_DSECT
Entropy 6.88342

nn34

MD5 40994525b54ceb5eb83b097bfb6f40b9
SHA1 382eb5cbf5cba7ce307ff7f793cad69ff9d94074
SHA256 22c18026079435afd55029c6ea74e5b31590fc602a699ccff6296802485f7264
SHA3 1bfe22841c46abb0de369db5cf30efeb9a968ca608182e008c0ab799116003db
VirtualSize 0x2e9b5
VirtualAddress 0x32000
SizeOfRawData 0x2f000
PointerToRawData 0x29000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.93359

.reloc

MD5 4c52cd682e3638d07a0965cc59a20a48
SHA1 fdf61f5a1a3c3171763b9c580664b772572d643f
SHA256 8d3c8d0062d37bb83dfafa741d87531b26cee28300b0694b22e120ffebd65ec9
SHA3 8d7cad790fe745a2240854af051d8ea9bd4e753dbd9a069e54c9f212de95df4b
VirtualSize 0x4aa
VirtualAddress 0x61000
SizeOfRawData 0x1000
PointerToRawData 0x58000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.578688

Imports

KERNEL32.dll lstrcpynA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x8f10c4bb
Unmarked objects 0
Imports (40310) 3
Total imports 1
ASM objects (VS2012 build 50727 / VS2005 build 50727) 1
Unmarked objects (#2) 1
Exports (VS2012 build 50727 / VS2005 build 50727) 1
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors

<-- -->