× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 18abd86baf6c155d7dc4f67c43f47536d5ad0c17f2cee9fb90ac180fb2fda717
File name: DrvInstmgr.exe
Detection ratio: 54 / 56
Analysis date: 2016-12-29 03:40:25 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Agent.ABHW 20161229
AegisLab Troj.W32.Pakes.tyi!c 20161229
AhnLab-V3 Win-Trojan/Bamital.Gen 20161228
ALYac Backdoor.Agent.ABHW 20161229
Antiy-AVL Trojan/Win32.Pakes.tyi 20161229
Arcabit Backdoor.Agent.ABHW 20161229
Avast Win32:Ramnit-AN 20161229
AVG Generic22.BPCM 20161228
Avira (no cloud) W32/Sality.AB.2 20161229
AVware Trojan.Win32.Encpk.aak (v) 20161229
Baidu Win32.Trojan.Pakes.a 20161207
BitDefender Backdoor.Agent.ABHW 20161229
Bkav W32.InjectAdwaredDwnMainA.Trojan 20161228
CAT-QuickHeal Trojan.Ramnit.A3 20161228
ClamAV Win.Virus.Lockscreen-56 20161229
CMC Trojan.Win32.Pakes!O 20161228
Comodo TrojWare.Win32.Agent.kwsr 20161229
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Bamital.ULKQ-0499 20161229
DrWeb Trojan.MulDrop3.45645 20161229
Emsisoft Backdoor.Agent.ABHW (B) 20161229
ESET-NOD32 Win32/Ramnit.A 20161229
F-Prot W32/Bamital.P 20161229
F-Secure Backdoor.Agent.ABHW 20161229
Fortinet W32/Drooptroop.SMY!tr 20161229
GData Backdoor.Agent.ABHW 20161229
Ikarus Trojan-Ransom.Win32.PornoBlocker 20161228
Sophos ML trojan.win32.ramnit.a 20161216
Jiangmin Trojan/PornoBlocker.bmn 20161229
K7AntiVirus Trojan ( 001e20591 ) 20161228
K7GW Trojan ( 001e20591 ) 20161229
Kaspersky Trojan.Win32.Pakes.tyi 20161228
Malwarebytes Backdoor.IRCBot 20161228
McAfee Generic BackDoor.ya 20161229
McAfee-GW-Edition BehavesLike.Win32.Ramnit.ch 20161229
Microsoft Trojan:Win32/Ramnit.A 20161229
eScan Backdoor.Agent.ABHW 20161229
NANO-Antivirus Trojan.Win32.MulDrop3.dxpbhf 20161229
Panda Trj/Bamital.E 20161228
Qihoo-360 Worm.Win32.FakeFolder.BU 20161229
Rising Trojan.Generic-txcNfg20WbR (cloud) 20161229
Sophos AV W32/Ramnit-A 20161229
SUPERAntiSpyware Trojan.Agent/Gen-Ransom 20161229
Symantec Trojan.Bamital!gen2 20161229
Tencent Trojan.Win32.Pakes.aac 20161229
TheHacker Trojan/PornoBlocker.kew 20161226
TrendMicro TROJ_DYER.BMC 20161229
TrendMicro-HouseCall TROJ_FAKEAV.SMUP 20161229
VBA32 Trojan.Pakes 20161228
VIPRE Trojan.Win32.Encpk.aak (v) 20161229
ViRobot Trojan.Win32.A.PornoBlocker.206336.A[h] 20161228
Yandex Backdoor.IRCNite!fhZH3FsxomY 20161228
Zillya Trojan.PornoBlocker.Win32.2280 20161227
Zoner Win32.Ramnit.AY 20161229
Alibaba 20161223
Kingsoft 20161229
nProtect 20161229
Trustlook 20161229
WhiteArmor 20161221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-08-23 05:00:50
Entry Point 0x0004D240
Number of sections 3
PE sections
Overlays
MD5 4d1c25843f8293ea3ed5f808fb72f6c1
File type data
Offset 108032
Size 22512
Entropy 0.32
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetWindowTextA
Number of PE resources by type
RT_ICON 12
RT_DIALOG 2
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:08:23 06:00:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
7.4

FileTypeExtension
exe

InitializedDataSize
32768

SubsystemVersion
4.0

EntryPoint
0x4d240

OSVersion
5.0

ImageVersion
7.2

UninitializedDataSize
237568

Execution parents
File identification
MD5 6218236afa38bd1ab2b123b7b96cc0bb
SHA1 cfdae1a50e7880df274ecb106ad3be2bf78e6128
SHA256 18abd86baf6c155d7dc4f67c43f47536d5ad0c17f2cee9fb90ac180fb2fda717
ssdeep
1536:IOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:IwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

authentihash 8c6ebcfdb771d6d788154892a2e82e60ad2310ab4bc91a73fd330395d6bf02b2
imphash 7197d8f25970cc6df2d2b302df40eb11
File size 127.5 KB ( 130544 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Clipper DOS Executable (33.5%)
Generic Win/DOS Executable (33.2%)
DOS Executable Generic (33.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-09-25 12:37:05 UTC ( 6 years, 6 months ago )
Last submission 2018-05-20 04:04:33 UTC ( 11 months, 1 week ago )
File names Cmgr.exe
tollouvu.exe
DrvInstmgr.exe
AiDoJaym.exe
6218236afa38bd1ab2b123b7b96cc0bb
qwfyefev.exe
b6c88ec576de849a0dbccc4891197559987987ec50c7024a8ea5a6a559fc8c6emgr.exe
6218236afa38bd1ab2b123b7b96cc0bb.vir
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs