× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f56d394bd62fb2d6cd087f969b7097bf1bf6c72cfc893e0d3f7196ff1639007
File name: 1a4543034cc6669184ecd4682b624198.exe
Detection ratio: 31 / 57
Analysis date: 2016-10-03 04:15:37 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3557237 20161003
AhnLab-V3 Malware/Win32.Generic.N2116128218 20161002
Arcabit Trojan.Generic.D364775 20161003
Avast Win32:Malware-gen 20161003
AVG Atros4.VRB 20161003
Avira (no cloud) TR/Crypt.Xpack.ulaub 20161002
AVware Trojan.Win32.Generic!BT 20161003
BitDefender Trojan.GenericKD.3557237 20161003
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Emsisoft Trojan.GenericKD.3557237 (B) 20161003
ESET-NOD32 a variant of Win32/GenKryptik.FDR 20161002
F-Secure Trojan.GenericKD.3557237 20161003
Fortinet W32/GenKryptik.FDR!tr 20161003
GData Trojan.GenericKD.3557237 20161003
Ikarus Trojan.Win32.Krypt 20161002
Sophos ML trojandropper.win32.gepys.a 20160928
K7AntiVirus Trojan ( 004f964e1 ) 20161002
K7GW Trojan ( 004f964e1 ) 20161003
Malwarebytes Trojan.FakeMS 20161003
McAfee Trojan-FJUN!1A4543034CC6 20161003
McAfee-GW-Edition Trojan-FJUN!1A4543034CC6 20161003
Microsoft Trojan:Win32/Dynamer!ac 20161003
eScan Trojan.GenericKD.3557237 20161003
Panda Trj/GdSda.A 20161002
Rising Malware.Heuristic!ET (rdm+) 20161003
Sophos AV Mal/Generic-S 20161003
Symantec Trojan.Cridex 20161003
TrendMicro TROJ_GEN.R01BC0EIT16 20161003
TrendMicro-HouseCall TROJ_GEN.R01BC0EIT16 20161003
VIPRE Trojan.Win32.Generic!BT 20161003
Yandex Trojan.GenKryptik! 20161002
AegisLab 20161003
Alibaba 20160930
ALYac 20160930
Antiy-AVL 20161003
Baidu 20161001
Bkav 20161002
CAT-QuickHeal 20161001
ClamAV 20161003
CMC 20160930
Comodo 20161003
Cyren 20161003
DrWeb 20161003
F-Prot 20160926
Jiangmin 20161003
Kaspersky 20161003
Kingsoft 20161003
NANO-Antivirus 20161003
nProtect 20161003
Qihoo-360 20161003
SUPERAntiSpyware 20161002
Tencent 20161003
TheHacker 20161001
VBA32 20161001
ViRobot 20161003
Zillya 20161001
Zoner 20161003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name resmon.exe
Internal name resmon.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Resource Monitor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-27 13:16:08
Entry Point 0x0000C5D0
Number of sections 14
PE sections
PE imports
AddClusterResourceNode
SetDefaultCommConfigW
HeapSetInformation
GetDriveTypeW
WritePrivateProfileStructA
VirtualQuery
GetLongPathNameA
CopyFileA
GetComputerNameA
VirtualProtect
LoadLibraryA
GetProcAddress
FindFirstVolumeW
wnsprintfA
fclose
isprint
wcsncat
isleadbyte
CompareSecurityIds
Number of PE resources by type
RT_ICON 13
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.56

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0xc5d0

OriginalFileName
resmon.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2016:09:27 14:16:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
resmon.exe

ProductVersion
6.1.7600.16385

FileDescription
Resource Monitor

OSVersion
3.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1a4543034cc6669184ecd4682b624198
SHA1 561ccca59845a9729bda9e281463a13fdba23c90
SHA256 4f56d394bd62fb2d6cd087f969b7097bf1bf6c72cfc893e0d3f7196ff1639007
ssdeep
3072:qDqA+XNDc4WucOfH6eWXiSuPck+4+I3ShZCFuyXtz2ahSoLewfmay1h4u1gKB1R:qDqZcXOrlHl+hI3Sh0FuCoaQoKORny1

authentihash f544a7375f526641ecffadb802980c19269678d4a780a35c0b9788996b41bc90
imphash c3f384600d3c8f137c40c5bab13700d8
File size 256.3 KB ( 262448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-27 12:23:10 UTC ( 2 years, 4 months ago )
Last submission 2016-12-17 06:50:42 UTC ( 2 years, 2 months ago )
File names 1a4543034cc6669184ecd4682b624198.exe
resmon.exe
Manual_DE.pdf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs