× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 382d2de27f8279ae4652786fd30ec74d7ea5a6ee8508c266c444934a76802d6e
File name: file.EXE
Detection ratio: 11 / 53
Analysis date: 2016-07-05 05:27:10 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20160704
AhnLab-V3 Trojan/Win32.Agent.N2039423369 20160704
Arcabit Trojan.Generic.D338544 20160705
Avira (no cloud) TR/Crypt.Xpack.yqpp 20160705
AVware Trojan.Win32.Generic!BT 20160705
Baidu Win32.Trojan.WisdomEyes.151026.9950.9957 20160705
BitDefender Trojan.GenericKD.3376452 20160705
CAT-QuickHeal (Suspicious) - DNAScan 20160704
Kaspersky UDS:DangerousObject.Multi.Generic 20160704
McAfee-GW-Edition BehavesLike.Win32.Sality.dm 20160704
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160705
Ad-Aware 20160704
Alibaba 20160704
ALYac 20160704
Antiy-AVL 20160705
Avast 20160705
AVG 20160705
Bkav 20160704
ClamAV 20160704
CMC 20160704
Comodo 20160704
Cyren 20160704
DrWeb 20160704
Emsisoft 20160704
ESET-NOD32 20160704
F-Prot 20160704
F-Secure 20160704
Fortinet 20160704
GData 20160704
Ikarus 20160704
Jiangmin 20160704
K7AntiVirus 20160704
K7GW 20160704
Kingsoft 20160705
Malwarebytes 20160704
McAfee 20160704
Microsoft 20160704
eScan 20160704
NANO-Antivirus 20160704
nProtect 20160704
Panda 20160704
Sophos AV 20160704
SUPERAntiSpyware 20160704
Symantec 20160701
Tencent 20160705
TheHacker 20160702
TrendMicro 20160704
TrendMicro-HouseCall 20160704
VBA32 20160703
VIPRE 20160704
ViRobot 20160704
Zillya 20160704
Zoner 20160704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name cliconfg.exe
Internal name cliconfg.exe
File version 10.0.10240.16387 (th1.150709-1700)
Description SQL Client Configuration Utility EXE
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1990-06-11 19:21:48
Entry Point 0x0000A590
Number of sections 18
PE sections
PE imports
ReadConsoleA
WriteProfileSectionA
SetMessageWaitingIndicator
FindResourceExA
AddVectoredExceptionHandler
ReleaseSemaphore
SetProcessAffinityMask
VirtualLock
GetComputerNameA
ResetWriteWatch
GetTickCount
SetProcessShutdownParameters
FreeConsole
LocalShrink
FindNextFileA
GetCommandLineA
GetSystemDirectoryA
QueryMemoryResourceNotification
GetTapePosition
GetBinaryTypeA
PtInRect
isalnum
fread
fgetwc
iscntrl
wcsncat
remove
asctime
strspn
towupper
iswgraph
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
10.0.10240.16384

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
SQL Client Configuration Utility EXE

CharacterSet
Unicode

LinkerVersion
9.57

FileTypeExtension
exe

OriginalFileName
cliconfg.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
10.0.10240.16387 (th1.150709-1700)

TimeStamp
1990:06:11 20:21:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cliconfg.exe

ProductVersion
10.0.10240.16387

SubsystemVersion
4.0

OSVersion
3.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
40960

FileSubtype
0

ProductVersionNumber
10.0.10240.16384

EntryPoint
0xa590

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 41db8feca4d0d8a85c27190ba4c50365
SHA1 58326a84dd6f4cc90998d2341d0c34c843a516c4
SHA256 382d2de27f8279ae4652786fd30ec74d7ea5a6ee8508c266c444934a76802d6e
ssdeep
1536:qTBIOTw31TqfafY5z0v3jgkYzjC0mep4V5bmTyvqVpn0Aq70PC7QpJbLFC9jLGzg:qSOTwFGfC/2vCAMmTsMu0qOFCIz0ZiLa

authentihash 63afac1e995efd3310905c30fa462c269b07bf65192a11e6e30271e1d15df48e
imphash 9a2a0d8509b399659fa85df000a75a89
File size 200.3 KB ( 205092 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-04 15:53:12 UTC ( 2 years, 7 months ago )
Last submission 2017-08-19 12:06:16 UTC ( 1 year, 6 months ago )
File names VirusShare_41db8feca4d0d8a85c27190ba4c50365
41db8feca4d0d8a85c27190ba4c50365
aa
41db8feca4d0d8a85c27190ba4c50365
file.scr
cliconfg.exe
file.EXE
41db8feca4d0d8a85c27190ba4c50365
nqfnL9GB.msi
41db8feca4d0d8a85c27190ba4c50365
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications