× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3060365560a121aa5a24dafe9129d3cb848efda224456b474093a88edd382a39
File name: Microsoft(R) Windows(R) Operating System
Detection ratio: 45 / 57
Analysis date: 2016-05-27 11:23:05 UTC ( 4 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.7831 20160527
AVG BackDoor.MRat.A 20160527
AVware Trojan.Win32.Generic!BT 20160527
Ad-Aware Gen:Variant.Symmi.7831 20160527
AegisLab Backdoor.W32.MmBot.a!c 20160527
AhnLab-V3 Trojan/Win32.Dynamer 20160527
Antiy-AVL Trojan[Backdoor]/Win32.MmBot 20160527
Arcabit Trojan.Symmi.D1E97 20160527
Avast Win32:Trojan-gen 20160527
Avira (no cloud) TR/ATRAPS.Gen 20160527
Baidu Win32.Trojan.WisdomEyes.151026.9950.9988 20160527
BitDefender Gen:Variant.Symmi.7831 20160527
CAT-QuickHeal BackdoorAPT.Mdmbot.F4 20160527
ClamAV Win.Trojan.Hydraq-256 20160527
Comodo UnclassifiedMalware 20160527
Cyren W32/Mdmbot.A!Eldorado 20160527
DrWeb Trojan.DownLoader6.26965 20160527
ESET-NOD32 a variant of Win32/McRat.A 20160527
Emsisoft Gen:Variant.Symmi.7831 (B) 20160527
F-Prot W32/Mdmbot.A!Eldorado 20160527
F-Secure Gen:Variant.Symmi.7831 20160527
Fortinet W32/MmBot.A!tr.bdr 20160527
GData Gen:Variant.Symmi.7831 20160527
Ikarus Trojan-Dropper.Win32.Agent 20160527
Jiangmin TrojanDropper.Agent.bkjo 20160527
K7AntiVirus Trojan ( 0049f0ff1 ) 20160527
K7GW Trojan ( 0049f0ff1 ) 20160527
Kaspersky Backdoor.Win32.MmBot.a 20160527
McAfee RDN/Generic BackDoor 20160527
McAfee-GW-Edition RDN/Generic BackDoor 20160527
eScan Gen:Variant.Symmi.7831 20160527
Microsoft Backdoor:Win32/Mdmbot.F 20160527
NANO-Antivirus Trojan.Win32.MmBot.cxxpaq 20160527
Panda Generic Suspicious 20160526
Qihoo-360 HEUR/Malware.QVM20.Gen 20160527
Rising Malware.Generic!V6PkIG5neRH@3 (Thunder) 20160527
Sophos Mal/PcClient-I 20160527
Symantec Trojan.Naid 20160527
Tencent Win32.Backdoor.Mmbot.Hryt 20160527
TrendMicro BKDR_MMBOT.A 20160527
TrendMicro-HouseCall BKDR_MMBOT.A 20160527
VBA32 Backdoor.MmBot.2613 20160527
VIPRE Trojan.Win32.Generic!BT 20160527
Yandex Trojan.McRat!dLvJ672zBIs 20160526
Zillya Backdoor.MmBot.Win32.1 20160526
Alibaba 20160527
Baidu-International 20160527
Bkav 20160527
CMC 20160523
Kingsoft 20160527
Malwarebytes 20160527
SUPERAntiSpyware 20160527
TheHacker 20160526
TotalDefense 20160527
ViRobot 20160527
Zoner 20160527
nProtect 20160527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2010

Product Microsoft(R) Windows(R) Operating System
Original name Media.exe
Internal name Microsoft(R) Windows(R) Operating System
File version 6, 1, 0, 0
Description Microsoft Windows Media Center Plugin
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 12:23 PM 5/27/2016
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-13 09:08:44
Entry Point 0x000020B2
Number of sections 4
PE sections
Overlays
MD5 2ce85901e6685e29c38d4b1042209337
File type data
Offset 98304
Size 5496
Entropy 7.21
PE imports
RegCreateKeyExW
CloseServiceHandle
ChangeServiceConfig2W
RegCloseKey
StartServiceW
RegSetValueExW
OpenSCManagerW
RegOpenKeyExW
OpenServiceW
QueryServiceConfigW
EnumServicesStatusW
RegOpenKeyW
ChangeServiceConfigW
RegQueryValueExW
CreateServiceW
GetLastError
HeapFree
GetShortPathNameW
GetModuleFileNameW
HeapAlloc
lstrcmpiW
RtlUnwind
lstrlenW
GetCurrentProcess
SizeofResource
SetThreadPriority
SetFileTime
SetProcessPriorityBoost
DeleteFileW
lstrcatW
GetProcessHeap
GetFileTime
lstrcpyW
ExpandEnvironmentStringsW
WriteFile
CloseHandle
GetModuleHandleW
FreeResource
SetPriorityClass
LoadResource
FindResourceW
CreateFileW
CreateProcessW
Sleep
GetCurrentThread
GetTickCount
ExitProcess
GetProcAddress
GetEnvironmentVariableW
SHChangeNotify
Ord(680)
ShellExecuteExW
StrStrW
wsprintfW
Number of PE resources by type
BIN 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.0.0

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin2 (Eastern European)

InitializedDataSize
86016

EntryPoint
0x20b2

OriginalFileName
Media.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2010

FileVersion
6, 1, 0, 0

TimeStamp
2012:07:13 10:08:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Microsoft(R) Windows(R) Operating System

ProductVersion
6, 1, 0, 0

FileDescription
Microsoft Windows Media Center Plugin

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
8192

ProductName
Microsoft(R) Windows(R) Operating System

ProductVersionNumber
6.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 918f76b341b40af346ae7a1358548799
SHA1 dca298d1ca95903b774c160363c2a717da66fb70
SHA256 3060365560a121aa5a24dafe9129d3cb848efda224456b474093a88edd382a39
ssdeep
1536:LbWjee33DRUk8oMxaLwJ8xDvo5sCIliRtl4mHM/CgNi/Cgu:Ol3Sk84LJvpliRtldINuu

authentihash 25a19f5eeaef821edab16327f598b6a1164d946cae555f1cdb688cd75d7c23ac
imphash 3f44de3c2f90c9d188e3d9b88888ae2a
File size 101.4 KB ( 103800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-02-18 04:30:28 UTC ( 3 years, 4 months ago )
Last submission 2015-01-13 10:06:42 UTC ( 1 year, 5 months ago )
File names Microsoft(R) Windows(R) Operating System
vti-rescan
918f76b341b40af346ae7a1358548799
3060365560a121aa5a24dafe9129d3cb848efda224456b474093a88edd382a39
Media.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
TCP connections