× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 592eeb6f40442e0e8a3174389f0f3a7059bb8ab9529dc5d6449334f8eaa4fa52
File name: 592eeb6f40442e0e8a3174389f0f3a7059bb8ab9529dc5d6449334f8eaa4fa52
Detection ratio: 25 / 69
Analysis date: 2018-10-05 05:48:39 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab W32.W.Joleee.kZ0o 20181005
ALYac Trojan.Agent.Emotet 20181005
AVG FileRepMalware 20181005
Bkav HW32.Packed. 20181003
CAT-QuickHeal Trojan.Emotet.X4 20181004
Comodo Heur.Packed.Unknown 20181005
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cybereason malicious.eafb1e 20180225
Cylance Unsafe 20181005
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLJX 20181005
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20181005
Malwarebytes Trojan.Emotet 20181005
McAfee RDN/Generic.grp 20181005
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181005
Microsoft Trojan:Win32/Azden.B!cl 20181005
Palo Alto Networks (Known Signatures) generic.ml 20181005
Qihoo-360 HEUR/QVM20.1.4F4B.Malware.Gen 20181005
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181005
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Generic-S 20181005
Symantec ML.Attribute.HighConfidence 20181005
Webroot W32.Trojan.Emotet 20181005
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181005
Ad-Aware 20181005
AhnLab-V3 20181004
Alibaba 20180921
Antiy-AVL 20181005
Arcabit 20181005
Avast 20181005
Avast-Mobile 20181004
Avira (no cloud) 20181004
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181005
ClamAV 20181004
CMC 20181005
Cyren 20181005
DrWeb 20181005
eGambit 20181005
Emsisoft 20181005
F-Prot 20181005
F-Secure 20181005
Fortinet 20181005
GData 20181005
Ikarus 20181004
Jiangmin 20181005
K7AntiVirus 20181004
K7GW 20181003
Kingsoft 20181005
MAX 20181005
eScan 20181005
NANO-Antivirus 20181005
Panda 20181004
SUPERAntiSpyware 20181005
Symantec Mobile Insight 20181001
TACHYON 20181005
Tencent 20181005
TheHacker 20181001
TotalDefense 20181005
TrendMicro 20181005
TrendMicro-HouseCall 20181005
Trustlook 20181005
VBA32 20181004
VIPRE 20181005
ViRobot 20181005
Yandex 20181004
Zillya 20181003
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© С Corporation. All rights reserved.

Product С® Windows® Operating System
Original name wmicmiplugin.dll
Internal name wmicmiplugin.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description WMI CMI Plugin
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-28 14:30:48
Entry Point 0x000180FF
Number of sections 4
PE sections
PE imports
CryptStringToBinaryA
CertFindCRLInStore
FlushFileBuffers
GetModuleHandleA
SetFileBandwidthReservation
GetProcessWindowStation
OpenPrinterW
SCardEstablishContext
localeconv
Number of PE resources by type
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WMI CMI Plugin

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1454080

EntryPoint
0x180ff

OriginalFileName
wmicmiplugin.dll

MIMEType
application/octet-stream

LegalCopyright
Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2004:04:28 16:30:48+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmicmiplugin.dll

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Corporation

CodeSize
99328

ProductName
Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 117e3b2b50b96d5adfa6cf72dca5c3ff
SHA1 c4d35feeafb1eb9b42bf90945759b6411d77d0ba
SHA256 592eeb6f40442e0e8a3174389f0f3a7059bb8ab9529dc5d6449334f8eaa4fa52
ssdeep
3072:IZTwmaewF7EOZhuqjfeebRPhkRehJ1y1Wne+xCT2YFE:4TzaLd5naebIRehjy0

authentihash 3f5219d4efba7b20595180731a8337ec42f0f7e509d2ef64f86bf40b65787441
imphash 318ec0e915f1e0249c176c3352289a3e
File size 142.5 KB ( 145920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-04 23:42:45 UTC ( 4 months, 2 weeks ago )
Last submission 2018-10-05 13:48:05 UTC ( 4 months, 2 weeks ago )
File names 875.exe
6301193.exe
wmicmiplugin.dll
69.exe
023.exe
62088175.exe
976604.exe
047413.exe
35738.exe
9795.exe
6435069.exe
2237703.exe
065050.exe
33288.exe
35.exe
2.exe
8465.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!