× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7fcb04556f146360ecc8c42cb9b533efe34363095abaae81a7099f06090a3295
File name: Cmgr.exe
Detection ratio: 59 / 59
Analysis date: 2017-02-24 17:45:17 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware Win32.Parite.B 20170224
AegisLab Troj.W32.Gen.lo2D 20170224
AhnLab-V3 Win32/Parite 20170224
ALYac Win32.Parite.B 20170224
Antiy-AVL Virus/Win32.Parite.c 20170224
Arcabit Win32.Parite.B 20170224
Avast Win32:Parite 20170224
AVG Win32/Parite 20170224
Avira (no cloud) W32/Parite 20170224
AVware Win32.Parite.b (v) 20170224
Baidu Win32.Virus.Parite.d 20170224
BitDefender Win32.Parite.B 20170224
Bkav W32.Pinfi.B 20170224
CAT-QuickHeal W32.Perite.A 20170224
ClamAV Win.Trojan.Ramnit-7847 20170224
CMC Virus.Win32.Parite.b!O 20170224
Comodo Virus.Win32.Parite.gen 20170224
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Parite.B 20170224
DrWeb Win32.HLLW.Tazebama.235 20170224
Emsisoft Win32.Parite.B (B) 20170224
Endgame malicious (high confidence) 20170222
ESET-NOD32 Win32/Parite.B 20170224
F-Prot W32/Parite.B 20170224
F-Secure Win32.Parite.B 20170224
Fortinet W32/Kryptik.KLV!tr 20170224
GData Win32.Parite.B 20170224
Ikarus Virus.Win32.Sality 20170224
Sophos ML virus.win32.parite.b 20170203
Jiangmin Win32/Parite.b 20170224
K7AntiVirus Virus ( 00001b711 ) 20170224
K7GW Virus ( 00001b711 ) 20170224
Kaspersky Virus.Win32.Parite.b 20170224
Kingsoft Win32.Parite.b.5756 20170224
Malwarebytes Spyware.Zbot 20170224
McAfee PWS-Zbot.gen.cy 20170224
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20170224
Microsoft Trojan:Win32/Ramnit 20170224
eScan Win32.Parite.B 20170224
NANO-Antivirus Virus.Win32.Parite.bgvo 20170224
nProtect Virus/W32.Parite.C 20170224
Panda W32/Parite.B 20170224
Qihoo-360 Virus.Win32.Parite.H 20170224
Rising Virus.Parite!1.9B80 (classic) 20170224
Sophos AV W32/Parite-B 20170224
SUPERAntiSpyware Trojan.Agent/Gen-FakeSecurity 20170224
Symantec W32.Pinfi.B 20170224
Tencent Worm.Win32.AutoRun.aaa 20170224
TheHacker W32/Pate.B 20170223
TotalDefense Win32/Pinfi.A 20170224
TrendMicro PE_PARITE.A 20170224
TrendMicro-HouseCall PE_PARITE.A 20170224
VBA32 Virus.Win32.Parite.b 20170224
VIPRE Win32.Parite.b (v) 20170224
ViRobot Win32.Parite.A[h] 20170224
Webroot Malicious 20170224
Yandex Win32.Parite.B 20170222
Zillya Virus.Parite.Win32.9 20170224
Zoner Win32.Ramnit.A 20170224
Alibaba 20170224
Trustlook 20170224
WhiteArmor 20170222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright © 2007 Avira GmbH. All rights reserved.

Internal name AntiVir/Win32
File version 7.6.0.59
Description AntiVir Command Line Scanner for Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-02 18:55:02
Entry Point 0x0002A000
Number of sections 6
PE sections
Overlays
MD5 e7621e456154332707d9b9c9228a9a8a
File type data
Offset 190464
Size 176082
Entropy 7.97
PE imports
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
IsTextUnicode
CreateBitmap
DeleteDC
EndDoc
SelectObject
CreateFontIndirectW
CreatePen
DeleteObject
RemoveFontResourceW
AddFontResourceW
BitBlt
GetROP2
GetTextMetricsW
GetTextExtentPoint32W
CreateCompatibleBitmap
OffsetWindowOrgEx
GlobalSize
GetACP
GetTimeFormatW
GetLongPathNameW
lstrcpynW
GetConsoleMode
InterlockedCompareExchange
GetModuleFileNameW
OpenEventW
FindNextFileW
FindResourceW
UnhandledExceptionFilter
VirtualAlloc
HeapAlloc
TlsAlloc
MultiByteToWideChar
LoadLibraryA
GetStringTypeW
GetProcAddress
GetLocalTime
ResumeThread
SetFocus
GetScrollPos
CreateCaret
DrawFrameControl
RemoveMenu
GetSystemMetrics
SetScrollRange
GetWindowRect
InflateRect
CharLowerW
GetDlgItemTextW
PostMessageW
CreateCursor
CreateDialogParamW
ShowScrollBar
EnableMenuItem
ScreenToClient
GetKeyboardState
LoadIconW
RealChildWindowFromPoint
InsertMenuW
CloseClipboard
GetSaveFileNameW
PrintDlgW
GetOpenFileNameW
ChooseColorW
OleDuplicateData
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
Execution parents
File identification
MD5 0eedaa0eb4b9cd15154fdb29da8f2d3e
SHA1 2f34001efb4c1a6b98b711145f1db76918d7f82a
SHA256 7fcb04556f146360ecc8c42cb9b533efe34363095abaae81a7099f06090a3295
ssdeep
6144:VOTeHI8HiL7+f5rFM+DUOlZIxXmRMobgNgmSQ7XnM:8eoGiLazPUOrIxm8HSGXM

authentihash b1b7e02581cc1c6b0a3750b94db7aa8272ea40241d2bdb15d48358f60038e239
imphash 461d87467467d5acf23bdb0001a35170
File size 358.0 KB ( 366546 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-24 17:45:17 UTC ( 2 years, 1 month ago )
Last submission 2017-02-24 17:45:17 UTC ( 2 years, 1 month ago )
File names Win32
Cmgr.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
DNS requests
TCP connections
UDP communications