× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 346fda05d7a59fc4bd3eef27ba26df8eba96422c29523007d1560413f3fda00b
File name: 346fda05d7a59fc4bd3eef27ba26df8eba96422c29523007d1560413f3fda00b
Detection ratio: 20 / 57
Analysis date: 2016-09-16 07:01:14 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3529907 20160916
AegisLab Troj.W32.Gen.lNNz 20160916
AhnLab-V3 Trojan/Win32.Razy.N2105627619 20160915
Arcabit Trojan.Generic.D35DCB3 20160916
Baidu Win32.Trojan.WisdomEyes.151026.9950.9960 20160914
BitDefender Trojan.GenericKD.3529907 20160916
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
DrWeb Trojan.Inject2.28837 20160916
Emsisoft Trojan.GenericKD.3529907 (B) 20160916
ESET-NOD32 Win32/Dridex.AR 20160916
F-Secure Trojan.GenericKD.3529907 20160916
GData Trojan.GenericKD.3529907 20160916
Sophos ML trojandropper.win32.gepys.a 20160912
K7GW Trojan ( 004f31ae1 ) 20160916
McAfee Artemis!58EDDCE798E2 20160916
McAfee-GW-Edition BehavesLike.Win32.Downloader.dh 20160916
eScan Trojan.GenericKD.3529907 20160916
Rising Malware.Heuristic!ET (rdm+) 20160916
Sophos AV Troj/Dridex-WC 20160916
Symantec Trojan.Cridex 20160916
Alibaba 20160914
ALYac 20160916
Antiy-AVL 20160916
Avast 20160916
AVG 20160916
Avira (no cloud) 20160916
AVware 20160916
Bkav 20160915
CAT-QuickHeal 20160916
ClamAV 20160915
CMC 20160916
Comodo 20160915
Cyren 20160916
F-Prot 20160916
Fortinet 20160916
Ikarus 20160915
Jiangmin 20160916
K7AntiVirus 20160915
Kaspersky 20160916
Kingsoft 20160916
Malwarebytes 20160916
Microsoft 20160916
NANO-Antivirus 20160916
nProtect 20160916
Panda 20160915
Qihoo-360 20160916
SUPERAntiSpyware 20160916
Tencent 20160916
TheHacker 20160916
TrendMicro 20160916
TrendMicro-HouseCall 20160916
VBA32 20160915
VIPRE 20160916
ViRobot 20160916
Yandex 20160915
Zillya 20160915
Zoner 20160916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name resmon.exe
Internal name resmon.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Resource Monitor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-11 21:29:51
Entry Point 0x0000CD00
Number of sections 14
PE sections
PE imports
GetClusterResourceKey
AddClusterResourceNode
GetLastError
GetDriveTypeW
FreeLibrary
CopyFileA
VirtualProtect
LoadLibraryA
LockFile
GetProcessId
SetDefaultCommConfigW
HeapSetInformation
EnumSystemLocalesA
GetEnvironmentStrings
FindFirstVolumeW
LocalAlloc
lstrcatA
SetVolumeMountPointA
GetProcAddress
GetProfileStringW
RegisterWaitForSingleObject
RaiseException
GetCPInfo
MapViewOfFile
WritePrivateProfileStructA
InterlockedExchange
WaitNamedPipeA
ConvertDefaultLocale
CreateTimerQueueTimer
GetComputerNameA
PeekConsoleInputA
SetFileAttributesA
SizeofResource
DnsHostnameToComputerNameW
CreateFileW
VirtualQuery
FindClose
GetLongPathNameA
IsBadReadPtr
IsBadStringPtrA
BackupSeek
LocalShrink
SetWaitableTimer
WriteConsoleW
wnsprintfA
isleadbyte
fwscanf
vwprintf
fclose
wcsxfrm
isprint
wcstok
wcsncat
fputwc
fopen
PdhEnumObjectsA
CompareSecurityIds
Number of PE resources by type
RT_ICON 13
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.56

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0xcd00

OriginalFileName
resmon.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2016:09:11 22:29:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
resmon.exe

ProductVersion
6.1.7600.16385

FileDescription
Resource Monitor

OSVersion
3.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
53248

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 58eddce798e21ac8e28b517f9d3a07bd
SHA1 ed145b0676036e6703ac976ad4af69760b87fb75
SHA256 346fda05d7a59fc4bd3eef27ba26df8eba96422c29523007d1560413f3fda00b
ssdeep
3072:gOOOQiujvIA3dT/xYNN2jim2RRS7kT/Y1bsbNnEaW2ujYRl7ahSoLewfmay1h4uD:gTziujrTw2jVy/Y170l7aQoKORnSV

authentihash d19842b0130b847ded972427e8b08d91664e922bc4bcfdf9a5278bc2bd3ad781
imphash 1f67e74eb13029c00b6fd881c164db4d
File size 276.4 KB ( 283068 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-15 06:31:43 UTC ( 2 years, 5 months ago )
Last submission 2016-12-15 20:08:18 UTC ( 2 years, 2 months ago )
File names ebook.pdf.exe
resmon.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0915.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications