× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 616a25378f70474bcb3ad0fad2f1383009c5b7b3cea937be2a5234a110d64b78
File name: mm1.exe
Detection ratio: 0 / 45
Analysis date: 2012-12-07 08:42:42 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
Yandex 20121206
AntiVir 20121207
Antiy-AVL 20121204
Avast 20121207
AVG 20121207
BitDefender 20121206
ByteHero 20121130
CAT-QuickHeal 20121207
ClamAV 20121207
Commtouch 20121206
Comodo 20121207
DrWeb 20121207
Emsisoft 20121207
eSafe 20121205
ESET-NOD32 20121206
F-Prot 20121206
F-Secure 20121207
Fortinet 20121207
GData 20121207
Ikarus 20121207
Jiangmin 20121207
K7AntiVirus 20121206
Kaspersky 20121207
Kingsoft 20121206
Malwarebytes 20121207
McAfee 20121207
McAfee-GW-Edition 20121207
Microsoft 20121207
eScan 20121207
NANO-Antivirus 20121207
Norman 20121207
nProtect 20121207
Panda 20121206
PCTools 20121207
Rising 20121207
Sophos AV 20121207
SUPERAntiSpyware 20121207
Symantec 20121207
TheHacker 20121207
TotalDefense 20121206
TrendMicro 20121207
TrendMicro-HouseCall 20121207
VBA32 20121205
VIPRE 20121207
ViRobot 20121207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-07 17:18:06
Entry Point 0x00001DD9
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
Process32NextW
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
OpenProcess
WriteConsoleW
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
SetStdHandle
ReadProcessMemory
GetProcAddress
Process32FirstW
GetProcessHeap
ExitProcess
SetFilePointer
GetCPInfo
LoadLibraryW
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
VirtualQueryEx
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:10:07 18:18:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
34304

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
21504

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1dd9

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9e00a52caec6385e0ab1e21e9794a5b0
SHA1 601004bccf4f4fadbb1822cd3ff62a07a1de4d96
SHA256 616a25378f70474bcb3ad0fad2f1383009c5b7b3cea937be2a5234a110d64b78
ssdeep
1536:2+Rmg5W/8qiqZ4XvX1/cnBaE8akRnS9ga:2+RW/nZ4fFlVH9a

authentihash 62e3163b9e464b5bd81f97e6fd8208cc67143fc41f596a0f9bee988f44e5ce02
imphash 6f01226cbe30c015d52a8d4ce2b8160e
File size 55.5 KB ( 56832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-12-04 10:18:46 UTC ( 6 years, 3 months ago )
Last submission 2018-04-27 23:21:39 UTC ( 10 months, 4 weeks ago )
File names 601004bccf4f4fadbb1822cd3ff62a07a1de4d96_mm1.ex
defender.exe
9e00a52caec6385e0ab1e21e9794a5b0
120141106125033411.exe
9e00a52caec6385e0ab1e21e9794a5b0_mm1.exe
616a25378f70474bcb3ad0fad2f1383009c5b7b3cea937be2a5234a110d64b78
nn.exe
6.exe
vti-rescan
sniff.exe
file-6098313_exe
mm1.exe
9e00a52caec6385e0ab1e21e9794a5b0
616a25378f70474bcb3ad0fad2f1383009c5b7b3cea937be2a5234a110d64b78.exe
mm1.ex
616a25378f70474bcb3ad0fad2f1383009c5b7b3cea937be2a5234a110d64b78
mm.exe
9e00a52caec6385e0ab1e21e9794a5b0.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications