× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c847bbb076d022459c3a5c0e73568c8d8dec5b44f59bb966283691b83b2e0a9
File name: CfgBkEnd
Detection ratio: 38 / 56
Analysis date: 2015-10-26 14:33:45 UTC ( 1 year, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Snifula.Gen.1 20151026
Yandex Trojan.Agent!ldpC/lKile8 20151026
ALYac Trojan.Snifula.Gen.1 20151026
Antiy-AVL Trojan[Backdoor]/Win32.Sinowal 20151026
Arcabit Trojan.Snifula.Gen.1 20151026
Avast Win32:Malware-gen 20151026
AVG Win32/Cryptor 20151026
Avira (no cloud) TR/Agent.bmqs.3 20151026
AVware Trojan.Win32.Waledac.rpg (v) 20151026
Baidu-International Backdoor.Win32.Sinowal.uxu 20151026
BitDefender Trojan.Snifula.Gen.1 20151026
Bkav HW32.Packed.6096 20151026
CAT-QuickHeal Backdoor.Sinowal.r4 20151026
Comodo UnclassifiedMalware 20151026
Emsisoft Trojan.Snifula.Gen.1 (B) 20151026
ESET-NOD32 Win64/TrojanDownloader.Mebload.F 20151026
F-Secure Trojan.Snifula.Gen.1 20151026
GData Trojan.Snifula.Gen.1 20151026
Ikarus Backdoor.Win32.Sinowal 20151026
K7AntiVirus Trojan ( 0048ca481 ) 20151026
K7GW Trojan ( 0048ca481 ) 20151026
Kaspersky Backdoor.Win32.Sinowal.uxu 20151026
McAfee Artemis!38422E9835B9 20151026
McAfee-GW-Edition BehavesLike.Win32.PackedAP.dc 20151026
Microsoft Trojan:Win32/Bulta!rfn 20151026
eScan Trojan.Snifula.Gen.1 20151026
NANO-Antivirus Trojan.Win32.Sinowal.ckelzf 20151026
nProtect Trojan.Snifula.Gen.1 20151026
Panda Trj/Dtcontx.I 20151026
Qihoo-360 HEUR/Malware.QVM20.Gen 20151026
Sophos Mal/Vawtrak-H 20151026
Symantec Trojan.Litagody 20151026
Tencent Trojan.Win32.Qudamah.Gen.1 20151026
TrendMicro TROJ_SPNV.01JM13 20151026
TrendMicro-HouseCall BKDR_VAWTRAK.SMN 20151026
VBA32 Backdoor.Sinowal 20151026
VIPRE Trojan.Win32.Waledac.rpg (v) 20151026
Zillya Downloader.Mebload.Win32.569 20151026
AegisLab 20151026
AhnLab-V3 20151026
Alibaba 20151026
ByteHero 20151026
ClamAV 20151026
CMC 20151026
Cyren 20151026
DrWeb 20151026
F-Prot 20151026
Fortinet 20151026
Jiangmin 20151026
Malwarebytes 20151026
Rising 20151026
SUPERAntiSpyware 20151026
TheHacker 20151026
TotalDefense 20151026
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name CfgBkEnd.dll
Internal name CfgBkEnd
File version 6.0.6000.16386 (vista_rtm.061101-2205)
Description Configuration Backend Interface
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-07-18 16:48:53
Entry Point 0x000024D2
Number of sections 4
PE sections
Overlays
MD5 cb4be4cdd85f6cb7ccab71979e7011bb
File type data
Offset 77824
Size 156224
Entropy 8.00
PE imports
GetLastError
IsValidCodePage
EnterCriticalSection
SetHandleCount
lstrlenA
WaitForSingleObject
SetEvent
QueryPerformanceCounter
GlobalFindAtomA
HeapAlloc
DisableThreadLibraryCalls
TlsAlloc
GetEnvironmentStringsW
lstrcmpiW
RtlUnwind
IsDBCSLeadByte
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
lstrlenW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetComputerNameW
GetCPInfo
TlsFree
InterlockedIncrement
CloseHandle
GetComputerNameExW
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
LocalFree
GetModuleFileNameA
CreateEventW
ResetEvent
InitializeCriticalSection
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
LeaveCriticalSection
VirtualAlloc
SetLastError
IsBadWritePtr
RpcBindingFree
RpcSsDestroyClientContext
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcStringFreeW
malloc
wcspbrk
memmove
wcsncpy
free
wcscpy
wcslen
wcscat
Number of PE resources by type
MUI 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
217088

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.0.6000.16386

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
CfgBkEnd.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.0.6000.16386 (vista_rtm.061101-2205)

TimeStamp
2006:07:18 17:48:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CfgBkEnd

ProductVersion
6.0.6000.16386

FileDescription
Configuration Backend Interface

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

FileSubtype
262148

ProductVersionNumber
6.0.6000.16386

EntryPoint
0x24d2

ObjectFileType
Dynamic link library

File identification
MD5 38422e9835b92ec9f4c19e80642da264
SHA1 f5ea3d43d738f0262afba0513391980be7cb1af4
SHA256 6c847bbb076d022459c3a5c0e73568c8d8dec5b44f59bb966283691b83b2e0a9
ssdeep
3072:UL/aWy4htLs93JM/5maP86uHrz6d8rlICglCYlqCZ6NdaQ29rMMfQgNSJS/Js4N:Ub3y6pB/fP8JHf6dOW5lr+SezZJS/hN

authentihash 4dc355aea70de59448b276a32578d55217474d417aaa485ba5b0e0ffe17307c3
imphash 433c61cd7fa1a838134474da52131c56
File size 228.6 KB ( 234048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-10-15 08:25:27 UTC ( 3 years, 6 months ago )
Last submission 2013-12-03 00:27:12 UTC ( 3 years, 4 months ago )
File names 1352123452.exe
vti-rescan
CfgBkEnd.dll
6c847bbb076d022459c3a5c0e73568c8d8dec5b44f59bb966283691b83b2e0a9
CfgBkEnd
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests