home

{trojan.win32.dridex}{trojan.trojan.win32.generic!bt}{trojan.dridex}{trojan.dridex.282}f267a04060

Merchants

Marco D'Amato

The file {trojan.win32.dridex}{trojan.trojan.win32.generic!bt}{trojan.dridex}{trojan.dridex.282}f267a04060, “Extensivley Innw Tags Enterprise Troubleshoot” has been detected as malware by 39 anti-virus scanners. The file has been seen being downloaded from thecapitolgroup.co.uk.
Publisher:
Marco D'Amato

Product:
Merchants

Description:
Extensivley Innw Tags Enterprise Troubleshoot

Version:
7.4.85.491

MD5:
f267a0406025fe6428961a534c96e703

SHA-1:
7e40e4c9e5c3813a41df1afe2d3285cb5900c0c6

SHA-256:
0a69db6e670e78b0b4a08f1e7e5a8e061f39f7808cad969fab4ed00d48e6dc55

Scanner detections:
39 / 68

Status:
Malware

Analysis date:
1/14/2025 9:31:07 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2916599
371

AegisLab AV Signature
Uds.Dangerousobject.Multi!c
2.1.4+

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Dridex
2016.01.30

Avira AntiVirus
TR/Crypt.Xpack.172362
8.3.2.4

Arcabit
Trojan.Generic.D2C80F7
1.0.0.646

avast!
Win32:Malware-gen
2014.9-160130

AVG
Generic37
2017.0.2849

Baidu Antivirus
Trojan.Win32.Dridex
4.0.3.16130

Bitdefender
Trojan.GenericKD.2916599
1.0.20.150

Comodo Security
UnclassifiedMalware
24040

Dr.Web
Trojan.Dridex.282
9.0.1.030

Emsisoft Anti-Malware
Trojan.GenericKD.2916599
8.16.01.30.05

ESET NOD32
Win32/Dridex.AA
10.12950

Fortinet FortiGate
Malicious_Behavior.VEX.89
1/30/2016

F-Secure
Trojan.GenericKD.2916599
11.2016-30-01_7

G Data
Trojan.GenericKD.2916599
16.1.25

IKARUS anti.virus
Trojan.Win32.Dridex
t3scan.2.0.4.0

K7 AntiVirus
Trojan
13.213.18582

Kaspersky
Trojan.Win32.Agent
14.0.0.739

Malwarebytes
Trojan.Dridex
v2016.01.30.05

McAfee
Generic.xo
5600.6505

Microsoft Security Essentials
Backdoor:Win32/Drixed!rfn
1.1.12400.0

MicroWorld eScan
Trojan.GenericKD.2916599
17.0.0.90

NANO AntiVirus
Trojan.Win32.Dridex.dzfjvm
1.0.14.5798

nProtect
Trojan.GenericKD.2916599
16.01.29.01

Panda Antivirus
Trj/GdSda.A
16.01.30.05

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Quick Heal
Trojan.Generic.B4
1.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16128

Sophos
Troj/Dridex-KY
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
9355

Total Defense
Win32/Remex.ZBDB!suspicious
37.1.62.1

Trend Micro House Call
BKDR_DRIDEX.YYSPL
7.2.30

Trend Micro
BKDR_DRIDEX.YYSPL
10.465.30

Vba32 AntiVirus
Trojan.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46848

ViRobot
Trojan.Win32.Z.Dridex.251392[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Dridex.Win32.360
2.0.0.2640

File size:
245.5 KB (251,392 bytes)

Product version:
7.4.85.491

Copyright:
� 2015 Company Marco D'Amato

File PE Metadata
Compilation timestamp:
12/8/2015 7:06:22 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:osFYXZzGvCcq2nuY5W+QS75hm39QSu8tNmZfyld971dfjsVivwtGAA:ZYhPcJZGiSu8tNufW7bbFvotA

Entry address:
0x64B7

Entry point:
E8, 1C, 76, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B...
 
[+]

Entropy:
7.5688

Code size:
75 KB (76,800 bytes)

The file {trojan.win32.dridex}{trojan.trojan.win32.generic!bt}{trojan.dridex}{trojan.dridex.282}f267a04060 has been seen being distributed by the following URL.

http://thecapitolgroup.co.uk/.../98uy76t.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.