× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0018001d52d4dcde256bac6b2bc8c5fbf73e0957ccf5efb813040d716bba96c1
File name: c0fa40f0b64c96e46c267801ecbf1015.virus
Detection ratio: 46 / 57
Analysis date: 2017-01-11 17:38:32 UTC ( 10 months, 1 week ago )
Antivirus Result Update
Ad-Aware Win32.Virtob.Gen.12 20170111
AegisLab W32.Virut.mD9f 20170111
AhnLab-V3 Win32/Virut.E 20170111
Antiy-AVL Virus/Win32.Virut.ce 20170111
Arcabit Win32.Virtob.Gen.12 20170111
Avast Win32:Vitro 20170111
AVG Win32/Virut 20170111
Avira (no cloud) W32/Virut.Gen 20170111
AVware Virus.Win32.Virut.ce (v) 20170111
Baidu Win32.Virus.Virut.f 20170111
BitDefender Win32.Virtob.Gen.12 20170111
Bkav W32.Vetor.PE 20170111
CAT-QuickHeal W32.Virut.G 20170111
Comodo Virus.Win32.Virut.CE 20170111
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Virut.AI!Generic 20170111
DrWeb Win32.Virut.56 20170111
Emsisoft Win32.Virtob.Gen.12 (B) 20170111
ESET-NOD32 Win32/Virut.NBP 20170111
F-Prot W32/Virut.AI!Generic 20170111
F-Secure Win32.Virtob.Gen.12 20170111
Fortinet W32/Virtob.NC 20170111
GData Win32.Virtob.Gen.12 20170111
Sophos ML virus.win32.virut.br 20170111
K7AntiVirus Virus ( f10002001 ) 20170111
K7GW Virus ( f10002001 ) 20170111
Kaspersky Virus.Win32.Virut.ce 20170111
Kingsoft Win32.Virut.nc.53248 20170111
McAfee W32/Virut.n.gen 20170108
McAfee-GW-Edition BehavesLike.Win32.Virut.qh 20170111
Microsoft Virus:Win32/Virut.BR 20170111
eScan Win32.Virtob.Gen.12 20170111
NANO-Antivirus Virus.Win32.Virut.hpeg 20170111
nProtect Virus/W32.Virut.Gen 20170111
Panda Generic Malware 20170111
Qihoo-360 HEUR/QVM08.0.0000.Virus.Win32.Virut 20170111
Sophos AV W32/Scribble-B 20170111
Symantec W32.Virut.CF 20170111
TheHacker W32/Virtob.Gen(F) 20170108
TotalDefense Win32/Virut.17408 20170111
TrendMicro PE_VIRUX.J-6 20170111
TrendMicro-HouseCall PE_VIRUX.J-6 20170111
VBA32 Virus.Virut.02 20170110
VIPRE Virus.Win32.Virut.ce (v) 20170111
ViRobot Win32.Virut.Gen.C[h] 20170111
Yandex Win32.Virut.AB.Gen 20170111
Alibaba 20170111
ALYac 20170111
ClamAV 20170111
CMC 20170111
Jiangmin 20170111
Malwarebytes 20170111
Rising 20170111
SUPERAntiSpyware 20170111
Tencent 20170111
Trustlook 20170111
WhiteArmor 20170111
Zillya 20170111
Zoner 20170111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name msinfo32.exe
Internal name msinfo32.exe
File version 5.1.2600.0 (XPClient.010817-1148)
Description System Information
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-17 20:51:15
Entry Point 0x0000280A
Number of sections 3
PE sections
PE imports
GetModuleHandleA
GetCurrentDirectoryW
ExpandEnvironmentStringsW
FindClose
GetStartupInfoW
FindFirstFileW
Ord(3820)
Ord(5285)
Ord(4197)
Ord(5296)
Ord(324)
Ord(6919)
Ord(5298)
Ord(2977)
Ord(2980)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(1165)
Ord(4075)
Ord(1594)
Ord(4124)
Ord(535)
Ord(825)
Ord(538)
Ord(540)
Ord(5710)
Ord(2756)
Ord(2606)
Ord(2546)
Ord(3733)
Ord(5727)
Ord(5303)
Ord(940)
Ord(5706)
Ord(2717)
Ord(942)
Ord(3396)
Ord(858)
Ord(4616)
Ord(2504)
Ord(6371)
Ord(561)
Ord(4459)
Ord(4480)
Ord(3825)
Ord(3131)
Ord(4074)
Ord(815)
Ord(2388)
Ord(1089)
Ord(3257)
Ord(922)
Ord(641)
Ord(2755)
Ord(4418)
Ord(6218)
Ord(3254)
Ord(2506)
Ord(3341)
Ord(800)
Ord(6219)
Ord(927)
Ord(1569)
Ord(3076)
Ord(4692)
Ord(3074)
Ord(3142)
Ord(3917)
SysFreeString
ShellExecuteW
__p__fmode
__wgetmainargs
??1type_info@@UAE@XZ
__dllonexit
_cexit
_except_handler3
?terminate@@YAXXZ
_c_exit
_onexit
wcscmp
exit
_XcptFilter
__setusermatherr
_controlfp
_wcmdln
_adjust_fdiv
__CxxFrameHandler
_wcsicmp
__p__commode
_initterm
_exit
__set_app_type
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 8
RT_STRING 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
29184

ImageVersion
5.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.1.2600.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.0

FileTypeExtension
exe

OriginalFileName
msinfo32.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.2600.0 (XPClient.010817-1148)

TimeStamp
2001:08:17 21:51:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
msinfo32.exe

ProductVersion
5.1.2600.0

FileDescription
System Information

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
9728

FileSubtype
0

ProductVersionNumber
5.1.2600.0

EntryPoint
0x280a

ObjectFileType
Dynamic link library

File identification
MD5 c0fa40f0b64c96e46c267801ecbf1015
SHA1 b07b48d0304a152e273b2fdb7f4ae3f2910b224d
SHA256 0018001d52d4dcde256bac6b2bc8c5fbf73e0957ccf5efb813040d716bba96c1
ssdeep
1536:oLfKyI2J8LJ3Jh991P6pX+QCXfUfCwhsbnWnWnWnWcnsQGgtt+nbo+Iot2Wg:B2J8LJ3Jh9ypXDCXfUfCwhHdtti

authentihash d2993e0c56880564c1ebfb2151a3d33efb0f9c0a986d368a2dc7c9bf83c6d51b
imphash 34b13c847810bd6458d17f352a75908b
File size 59.0 KB ( 60416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe hosts-modifier

VirusTotal metadata
First submission 2017-01-11 17:38:32 UTC ( 10 months, 1 week ago )
Last submission 2017-01-11 17:38:32 UTC ( 10 months, 1 week ago )
File names msinfo32.exe
c0fa40f0b64c96e46c267801ecbf1015.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Modified hosts file
Created mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications