× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41f6705063fef5c61de059dbbb2aaeeda7a82ad9ca4e28c4f19675b6cf64295f
File name: 41f6705063fef5c61de059dbbb2aaeeda7a82ad9ca4e28c4f19675b6cf64295f
Detection ratio: 24 / 57
Analysis date: 2016-12-12 17:22:24 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Crypt.Xpack!c 20161212
AhnLab-V3 Backdoor/Win32.Androm.C1702012 20161212
Avast Win32:Malware-gen 20161212
AVG Generic38.ACLW 20161212
Avira (no cloud) TR/Crypt.XPACK.Gen 20161212
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
CrowdStrike Falcon (ML) malicious_confidence_87% (D) 20161024
DrWeb Trojan.Dridex.464 20161212
ESET-NOD32 a variant of Win32/Kryptik.FLHI 20161212
Fortinet W32/Kryptik.FLHI!tr 20161212
GData Win32.Trojan.Agent.77MSC0 20161212
Ikarus Trojan.Win32.Crypt 20161212
Sophos ML backdoor.win32.vawtrak.f 20161202
K7AntiVirus Trojan ( 005001341 ) 20161212
K7GW Trojan ( 005001341 ) 20161212
Malwarebytes Trojan.Dridex 20161212
McAfee Artemis!0428D337A941 20161212
McAfee-GW-Edition Artemis!Trojan 20161212
Qihoo-360 Win32/Trojan.03f 20161212
Sophos AV Mal/Generic-S 20161212
Symantec Trojan.Cridex 20161212
TrendMicro TROJ_GEN.R01BC0ELB16 20161212
TrendMicro-HouseCall TROJ_GEN.R01BC0ELB16 20161212
VBA32 BScope.Trojan.Nebuler.BZ 20161212
Ad-Aware 20161212
Alibaba 20161212
ALYac 20161212
Antiy-AVL 20161212
Arcabit 20161212
AVware 20161212
BitDefender 20161212
Bkav 20161212
CAT-QuickHeal 20161212
ClamAV 20161212
CMC 20161212
Comodo 20161212
Cyren 20161212
Emsisoft 20161212
F-Prot 20161212
F-Secure 20161212
Jiangmin 20161212
Kaspersky 20161212
Kingsoft 20161212
Microsoft 20161212
eScan 20161212
NANO-Antivirus 20161212
nProtect 20161212
Panda 20161212
Rising 20161212
SUPERAntiSpyware 20161212
Tencent 20161212
TheHacker 20161130
TotalDefense 20161212
Trustlook 20161212
VIPRE 20161212
ViRobot 20161212
WhiteArmor 20161212
Yandex 20161212
Zillya 20161210
Zoner 20161212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name cmifw.dll
Internal name cmifw.dll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Firewall rule configuration plug-in
Signature verification Signed file, verified signature
Signing date 12:37 AM 12/9/2016
Signers
[+] Soft-Pro, LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Valid from 4:56 PM 12/5/2016
Valid to 4:56 PM 12/6/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 682373569EB7F4C6B08B4A012F10E0E07CC101D1
Serial number 45 4A 5A 0F 8B AA 11 4E CA 3B 98 40
[+] GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 1:00 AM 6/15/2016
Valid to 1:00 AM 6/15/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 87A63D9ADB627D777836153C680A3DFCF27DE90C
Serial number 48 1B 6A 07 A9 42 4C 1E AA FE F3 CD F1 0F
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] GlobalSign TSA for Advanced - G2
Status Valid
Issuer GlobalSign Timestamping CA - SHA256 - G2
Valid from 1:00 AM 5/24/2016
Valid to 1:00 AM 6/24/2027
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 7D55D8E75A56A2FC738243F7B854875C5CB52A0D
Serial number 11 21 06 F1 0F CE 68 F0 9B FA E5 5B 18 CD 8F 20 01 77
[+] GlobalSign Timestamping CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 3/29/2029
Valid usage All
Algorithm sha256RSA
Thumbrint 91843BBD936D86EAFA42A3AFBF33E92831068F99
Serial number 04 00 00 00 00 01 31 89 C6 50 04
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbrint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-08 22:54:18
Entry Point 0x0000C350
Number of sections 13
PE sections
Overlays
MD5 40c99a8baea9ddd26ab02d1687e8fb72
File type data
Offset 133460
Size 6604
Entropy 7.38
PE imports
ClusterRegQueryInfoKey
ClusterRegOpenKey
GetClusterInformation
CallNamedPipeW
ReplaceFileA
lstrlenA
GlobalFindAtomA
GetHandleInformation
LoadLibraryA
Process32Next
GetCPInfoExW
OpenWaitableTimerW
GetProcAddress
WriteProfileStringW
GetTempFileNameW
GetComputerNameW
WideCharToMultiByte
WriteFileEx
InterlockedExchange
SetUnhandledExceptionFilter
SetFirmwareEnvironmentVariableA
GetComputerNameExW
SetComputerNameA
GetStringTypeW
WriteProfileSectionA
ConnectNamedPipe
BeginUpdateResourceW
LocalFileTimeToFileTime
FindAtomA
TransactNamedPipe
GetStringTypeExA
VarBstrFromR8
DragQueryFileW
strncmp
toupper
iswspace
PdhAddCounterA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
97792

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Firewall rule configuration plug-in

CharacterSet
Unicode

LinkerVersion
18.2

FileTypeExtension
exe

OriginalFileName
cmifw.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2016:12:08 23:54:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cmifw.dll

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
2.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
46592

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0xc350

ObjectFileType
Dynamic link library

File identification
MD5 0428d337a941afa3927db4c2d8156640
SHA1 8563e6691be542f6ed0efd41ee5d9aec7a74dfa2
SHA256 41f6705063fef5c61de059dbbb2aaeeda7a82ad9ca4e28c4f19675b6cf64295f
ssdeep
3072:7aGHHkCcFYj1Jw0zbwzGS6oZnY5GbdWddvvreJVRe29:2GH780zwlY5GbmaRf9

authentihash 602a1f76c566f674ddb8b514f2227422a84f33c0287ac9b38e5adc4f93c3e28d
imphash 4158e0e9119751e30bd714f303f21d79
File size 136.8 KB ( 140064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-12-09 09:52:19 UTC ( 2 years, 3 months ago )
Last submission 2016-12-15 22:22:24 UTC ( 2 years, 3 months ago )
File names 51.exe
cmifw.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications