× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 694bd6a04735b30d42ed40af026496ee1b77ce332c6570985a88358c82630d01
File name: 694bd6a04735b30d42ed40af026496ee1b77ce332c6570985a88358c82630d01
Detection ratio: 47 / 69
Analysis date: 2018-10-09 06:45:21 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31254405 20181009
AegisLab W32.W.Joleee.kZ0o 20181009
AhnLab-V3 Spyware/Win32.Emotet.C2742151 20181008
ALYac Trojan.Autoruns.GenericKDS.31254405 20181009
Antiy-AVL Trojan/Win32.Fuerboos 20181009
Arcabit Trojan.Autoruns.GenericS.D1DCE785 20181009
Avast Win32:Malware-gen 20181009
AVG Win32:Malware-gen 20181009
BitDefender Trojan.Autoruns.GenericKDS.31254405 20181009
Bkav HW32.Packed. 20181008
CAT-QuickHeal Trojan.Emotet.X4 20181008
ClamAV Win.Trojan.Emotet-6707392-0 20181009
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cybereason malicious.d33219 20180225
Cylance Unsafe 20181009
Cyren W32/Emotet.HO.gen!Eldorado 20181009
Emsisoft Trojan.Autoruns.GenericKDS.31254405 (B) 20181009
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLJX 20181009
F-Prot W32/Emotet.HO.gen!Eldorado 20181009
F-Secure Trojan.Autoruns.GenericKDS.31254405 20181009
Fortinet W32/Emotet.BR!tr 20181009
GData Trojan.Autoruns.GenericKDS.31254405 20181009
Ikarus Trojan.Win32.Crypt 20181008
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181009
K7GW Riskware ( 0040eff71 ) 20181009
Kaspersky Trojan-Banker.Win32.Emotet.bgjq 20181008
Malwarebytes Trojan.Emotet 20181009
McAfee RDN/Generic.grp 20181009
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181009
Microsoft Trojan:Win32/Occamy.C 20181009
eScan Trojan.Autoruns.GenericKDS.31254405 20181009
NANO-Antivirus Trojan.Win32.Emotet.fispig 20181009
Palo Alto Networks (Known Signatures) generic.ml 20181009
Panda Trj/GdSda.A 20181008
Qihoo-360 Win32/Trojan.c84 20181009
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/EncPk-ANX 20181009
Symantec Trojan.Emotet 20181009
TACHYON Banker/W32.Emotet.145408.F 20181009
Tencent Win32.Trojan-banker.Emotet.Wklo 20181009
TrendMicro TSPY_EMOTET.THJOEAH 20181009
TrendMicro-HouseCall TSPY_EMOTET.THJOEAH 20181009
VBA32 Malware-Cryptor.Limpopo 20181008
Webroot W32.Trojan.Emotet 20181009
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bgjq 20181009
Alibaba 20180921
Avast-Mobile 20181008
Avira (no cloud) 20181009
AVware 20180925
Babable 20180918
Baidu 20181009
CMC 20181009
Comodo 20181009
DrWeb 20181009
eGambit 20181009
Jiangmin 20181009
Kingsoft 20181009
MAX 20181009
Rising 20181009
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TheHacker 20181008
TotalDefense 20181009
Trustlook 20181009
VIPRE 20181009
ViRobot 20181008
Yandex 20181008
Zillya 20181008
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© С Corporation. All rights reserved.

Product С® Windows® Operating System
Original name wmicmiplugin.dll
Internal name wmicmiplugin.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description WMI CMI Plugin
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-28 14:30:48
Entry Point 0x0001801F
Number of sections 4
PE sections
PE imports
CryptStringToBinaryA
CertFindCRLInStore
GetSystemPaletteEntries
FlushFileBuffers
GetModuleHandleA
SetFileBandwidthReservation
GetSystemTimes
BeginDeferWindowPos
GetProcessWindowStation
OpenPrinterW
SCardEstablishContext
localeconv
Number of PE resources by type
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WMI CMI Plugin

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1454080

EntryPoint
0x1801f

OriginalFileName
wmicmiplugin.dll

MIMEType
application/octet-stream

LegalCopyright
Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2004:04:28 07:30:48-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmicmiplugin.dll

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Corporation

CodeSize
98816

ProductName
Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 60248f127e1080d29817cf0e34846d80
SHA1 f87cf22d3321981626e52d914f1a0db1e8742c84
SHA256 694bd6a04735b30d42ed40af026496ee1b77ce332c6570985a88358c82630d01
ssdeep
3072:CKk69D/gWnktRJSDk6Kjpekn6S+oxOKVPdJbWne+xCT2YFE:z9Lg6ERJSDk6Ap6kxFPdJ+

authentihash 500ad5472f044b0671bb9cab2eee1dd267dcfe87774e1bfb714f5cdb471a2ff1
imphash 68811c3d9ee8dc047d02ca5953bd937f
File size 142.0 KB ( 145408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-04 17:23:35 UTC ( 4 months, 2 weeks ago )
Last submission 2018-10-04 17:23:35 UTC ( 4 months, 2 weeks ago )
File names wmicmiplugin.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!