× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 365e6aec879f8e186ef80aa26519aefd227fb4692140f1c35515d84e903428a5
File name: SessMgr.exe
Detection ratio: 47 / 56
Analysis date: 2015-10-26 15:14:26 UTC ( 7 months, 1 week ago )
Antivirus Result Update
ALYac Gen:Variant.Graftor.54485 20151026
AVG Win32/DH{YQ8?} 20151026
AVware Trojan.Win32.Small.bhm (v) 20151026
Ad-Aware Gen:Variant.Graftor.54485 20151026
Yandex Trojan.Rodecap!5w7YcBnLy20 20151026
AhnLab-V3 Trojan/Win32.Blocker 20151026
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20151026
Arcabit Trojan.Graftor.DD4D5 20151026
Avast Win32:Rodecap-F [Trj] 20151026
Avira (no cloud) TR/Small.bhoumb 20151026
Baidu-International Trojan.Win32.Ransomlock.bvxm 20151026
BitDefender Gen:Variant.Graftor.54485 20151026
Bkav W32.Clod5c1.Trojan.b0e5 20151026
CAT-QuickHeal Trojan.Small.gen 20151026
ClamAV Win.Trojan.Agent-857407 20151026
Comodo TrojWare.Win32.Agent.AWR 20151026
Cyren W32/SmallDl.F.gen!Eldorado 20151026
DrWeb Trojan.DownLoader9.44777 20151026
ESET-NOD32 a variant of Win32/Rodecap.BB 20151026
Emsisoft Gen:Variant.Graftor.54485 (B) 20151026
F-Prot W32/SmallDl.F.gen!Eldorado 20151026
F-Secure Gen:Variant.Graftor.54485 20151026
Fortinet W32/Rodecap.BBC!tr 20151026
GData Gen:Variant.Graftor.54485 20151026
Ikarus Trojan.Win32.Small 20151026
K7AntiVirus Trojan ( 003e826e1 ) 20151026
K7GW Trojan ( 003e826e1 ) 20151026
Kaspersky Trojan-Ransom.Win32.Blocker.bvxm 20151026
Malwarebytes Trojan.RodeCap 20151026
McAfee Downloader-FKE!A1AE35EADF75 20151026
McAfee-GW-Edition BehavesLike.Win32.Downloader.fh 20151026
eScan Gen:Variant.Graftor.54485 20151026
Microsoft Trojan:Win32/Small.BH 20151026
NANO-Antivirus Trojan.Win32.Blocker.chwsks 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 Win32/Trojan.e6d 20151026
Rising PE:Trojan.Win32.Generic.157B4EBA!360402618 [F] 20151026
Sophos Mal/Generic-S 20151026
Symantec Downloader 20151026
Tencent Trojan.Win32.YY.Gen.30 20151026
TheHacker Trojan/Rodecap.bb 20151026
TrendMicro TROJ_RODECAP.SMO 20151026
TrendMicro-HouseCall TROJ_RODECAP.SMO 20151026
VBA32 Hoax.Blocker 20151026
VIPRE Trojan.Win32.Small.bhm (v) 20151026
Zillya Trojan.Rodecap.Win32.1732 20151026
nProtect Trojan/W32.Blocker.375808 20151026
AegisLab 20151026
Alibaba 20151026
ByteHero 20151026
CMC 20151026
Jiangmin 20151026
SUPERAntiSpyware 20151026
TotalDefense 20151026
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
? Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft? Windows? Operating System
Original name SessMgr.exe
Internal name SessMgr.exe
File version 5.1.2600.5512
Description Microsoft? Remote Desktop Help Session Manager
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-05 12:04:04
Entry Point 0x00029CCB
Number of sections 5
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
RegNotifyChangeKeyValue
AdjustTokenPrivileges
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
DnsFree
DnsQuery_A
GetStdHandle
GetConsoleOutputCP
VerifyVersionInfoA
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
IsValidLocale
SetConsoleCursorPosition
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
FormatMessageW
GetLogicalDriveStringsA
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
BeginUpdateResourceA
SetLastError
GetSystemTime
InitializeCriticalSection
CopyFileA
HeapAlloc
GetVersionExA
GetModuleFileNameA
UpdateResourceA
GetPriorityClass
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
SetFilePointer
SetUnhandledExceptionFilter
SetPriorityClass
GlobalMemoryStatus
WriteConsoleA
GlobalAlloc
SetFirmwareEnvironmentVariableA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FillConsoleOutputCharacterA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
EndUpdateResourceA
RtlUnwind
GlobalSize
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetUserDefaultLCID
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
CompareStringW
FindFirstFileA
CompareStringA
TerminateProcess
GetProcAddress
GetCurrencyFormatA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetShortPathNameA
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetConsoleTitleA
GetCommandLineA
OpenMutexA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetConsoleTitleA
CloseHandle
GetVolumeInformationA
GetACP
GetModuleHandleW
EnumSystemLocalesA
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetCursorPos
GetActiveWindow
GetCapture
GetClipboardOwner
wsprintfW
GetCaretPos
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
FtpGetFileSize
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetReadFile
FtpOpenFileA
InternetConnectA
HttpQueryInfoA
InternetCrackUrlA
InternetCreateUrlA
socket
WSAStartup
gethostbyname
sendto
htons
closesocket
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
SpecialBuild
5.1.2600.5512

UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
115712

PrivateBuild
SessMgr.exe

EntryPoint
0x29ccb

OriginalFileName
SessMgr.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

TimeStamp
2013:02:05 13:04:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SessMgr.exe

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
259072

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2600.5512

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 a1ae35eadf7599d2f661a9ca7f0f2150
SHA1 4c3eb3c5cf563d20c02ac4affd783f4b93449657
SHA256 365e6aec879f8e186ef80aa26519aefd227fb4692140f1c35515d84e903428a5
ssdeep
6144:TO/DVuhywMptQmZp2DyPCA02HsQ2KZj93cDDj7LAT+:a/DohTMSePCA04+KZhw/O+

authentihash b38d61a06460a0d83a1c206d46b69548bc737462274db202e80d010e8891d5c0
imphash cdd8c137bdcd6adf83a1b91fa7cb01a4
File size 367.0 KB ( 375808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-18 20:57:54 UTC ( 2 years, 10 months ago )
Last submission 2013-07-25 22:10:25 UTC ( 2 years, 10 months ago )
File names vt-upload-9Hwt4
SessMgr.exe
vt-upload-DZy3X
vt-upload-FYY8q
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications