» dris.exe
Overview
Analysis
File Details
Downloads (1)

dris.exe

Internet Download Manager

The application dris.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. The file has been seen being downloaded from www.exeupp.com.

File name:

dris.exe

Publisher:

Internet Download Manager

Product:

Internet Download Manager

Version:

2.5.5.5

MD5:

146b69d7dfe75ba7bdd4afb5fe5ea288

SHA-1:

d0a70ec9b7edca30e8334c516c0f76766b409c6c

SHA-256:

eac61f7a9d6102385b5198572e7c7664d060fff72dac92c29127ae9af4d13772

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 8:36:24 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2937610

314

Agnitum Outpost

Trojan.Zapchast

7.1.1

Avira AntiVirus

TR/Krypt.78848.24

8.3.2.4

avast!

Win32:Malware-gen

2014.9-160326

AVG

Atros2

2017.0.2792

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.16326

Bitdefender

Trojan.GenericKD.2937610

1.0.20.430

Emsisoft Anti-Malware

Trojan.GenericKD.2937610

8.16.03.26.12

ESET NOD32

MSIL/Kryptik.EKC (variant)

10.12778

Fortinet FortiGate

W32/Zapchast.ADVNU!tr

3/26/2016

F-Secure

Trojan.GenericKD.2937610

11.2016-26-03_7

G Data

Trojan.GenericKD.2937610

16.3.25

IKARUS anti.virus

Trojan.MSIL.Bladabindi

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18232

Kaspersky

Trojan.MSIL.Zapchast

14.0.0.457

McAfee

RDN/Generic BackDoor

5600.6448

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi

1.1.12400.0

MicroWorld eScan

Trojan.GenericKD.2937610

17.0.0.258

NANO AntiVirus

Trojan.Win32.Krypt.dzjipd

1.0.14.5317

nProtect

Trojan.GenericKD.2937610

15.12.24.01

Panda Antivirus

Trj/CI.A

16.03.26.12

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R021C0DLN15

10.465.26

VIPRE Antivirus

Trojan.Win32.Generic

46074

File size:

77 KB (78,848 bytes)

Product version:

2.5.5.5

Trademarks:

Internet Download Manager

Original file name:

dris.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\dris.exe

File PE Metadata

Compilation timestamp:

12/19/2015 9:55:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:8jl4aZyhpJQZS5EWIKtFUlWOk2WTXQZ38xlYFnq3:8jl4acr5VIKtFUlN/WTXK38bYI

Entry address:

0x11B6E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.7297

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

63 KB (64,512 bytes)

The file dris.exe has been seen being distributed by the following URL.

https://www.exeupp.com/.../dris.exe

Remove dris.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.