× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 15318f8a7c8c512ef26b221c3634a059e82a400b18650609e088f7e4b9c9865e
File name: F0C06CA9C6EBF88C1FB848C789B2D6B0
Detection ratio: 14 / 62
Analysis date: 2017-03-31 12:20:16 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170330
Bkav HW32.Packed.15F9 20170330
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) pe1 20170330
ESET-NOD32 a variant of Win32/GenKryptik.ZUX 20170331
Fortinet W32/Krytik.ZUX!tr 20170331
Sophos ML trojan.win32.sirefef.p 20170203
Kaspersky UDS:DangerousObject.Multi.Generic 20170331
McAfee W32/PinkSbot-CW!F0C06CA9C6EB 20170331
McAfee-GW-Edition BehavesLike.Win32.Downloader.gc 20170331
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170331
Symantec ML.Attribute.HighConfidence 20170330
Webroot Malicious 20170331
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170331
Ad-Aware 20170330
AegisLab 20170330
AhnLab-V3 20170330
Alibaba 20170331
ALYac 20170330
Antiy-AVL 20170330
Arcabit 20170330
Avast 20170330
AVG 20170330
Avira (no cloud) 20170330
AVware 20170330
BitDefender 20170331
CAT-QuickHeal 20170330
ClamAV 20170331
CMC 20170331
Comodo 20170331
Cyren 20170331
DrWeb 20170331
Emsisoft 20170331
F-Prot 20170331
F-Secure 20170331
GData 20170331
Ikarus 20170331
Jiangmin 20170331
K7AntiVirus 20170331
K7GW 20170331
Kingsoft 20170331
Malwarebytes 20170331
Microsoft 20170331
eScan 20170331
NANO-Antivirus 20170331
nProtect 20170331
Palo Alto Networks (Known Signatures) 20170331
Panda 20170330
Rising 20170330
SentinelOne (Static ML) 20170330
Sophos AV 20170331
SUPERAntiSpyware 20170330
Symantec Mobile Insight 20170329
Tencent 20170331
TheHacker 20170330
TotalDefense 20170330
TrendMicro 20170331
TrendMicro-HouseCall 20170331
Trustlook 20170331
VBA32 20170330
VIPRE 20170331
ViRobot 20170331
WhiteArmor 20170327
Yandex 20170327
Zillya 20170329
Zoner 20170331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Bang ® Windows® Operating System
Original name Windows.Internal.Management.dll
Internal name Windows.Internal.Management.dll
File version 10.0.14393.206 (rs1_release.160915-0644)
Description Windows Managent Service DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-08-03 05:21:22
Entry Point 0x00001320
Number of sections 10
PE sections
PE imports
OpenSCManagerA
GetOpenFileNameW
SelectClipPath
GetClipRgn
GetMiterLimit
CreateFontIndirectW
SetPriorityClass
FreeLibrary
GetLastError
RaiseException
GlobalDeleteAtom
OpenJobObjectW
LocalAlloc
lstrlenA
LocalFree
CreateDirectoryA
lstrlenW
InterlockedExchange
GetTickCount
MulDiv
FreeConsole
CreateFileMappingA
DeleteFileW
GetProcAddress
LoadLibraryA
RasGetEntryPropertiesW
RpcMgmtEpEltInqNextW
TranslateNameW
GetPriorityClipboardFormat
CreateWindowStationA
GetPrintProcessorDirectoryW
Number of PE resources by type
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.14393.206

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
450560

EntryPoint
0x1320

OriginalFileName
Windows.Internal.Management.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.14393.206 (rs1_release.160915-0644)

TimeStamp
1997:08:03 06:21:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Windows.Internal.Management.dll

ProductVersion
10.0.14393.206

FileDescription
Windows Managent Service DLL

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Bang Corporation

CodeSize
16384

ProductName
Bang Windows Operating System

ProductVersionNumber
10.0.14393.206

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 f0c06ca9c6ebf88c1fb848c789b2d6b0
SHA1 ba7e15c2bbab87f8d9fbe107654869b9a85320cd
SHA256 15318f8a7c8c512ef26b221c3634a059e82a400b18650609e088f7e4b9c9865e
ssdeep
6144:xn0pnxfW3DBsF8GioF6j9W71keXrwxjXUKQjSuuJMzaR5QRpufBzGa2qP4DNKtX8:10pxfW3DOF6pFeXklu/Q5QGlZEstLA

authentihash f86d83c87c1d259875ef7a6b7cbe10705ce3ed3d0cec98e8dada7bfe91a64bda
imphash 58403b2f1ffa0f3cb9102f408bb63dcb
File size 444.0 KB ( 454656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-31 12:20:16 UTC ( 1 year, 11 months ago )
Last submission 2017-03-31 12:20:16 UTC ( 1 year, 11 months ago )
File names Windows.Internal.Management.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs