× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 822ea695faf6ad6e3d8b338cb637c325aadeb42aec4b94ad232531c955ac528b
File name: 822ea695faf6ad6e3d8b338cb637c325aadeb42aec4b94ad232531c955ac528b
Detection ratio: 34 / 57
Analysis date: 2016-12-20 13:07:18 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3878437 20161220
AegisLab Troj.W32.Razy.tneh 20161220
AhnLab-V3 Trojan/Win32.Razy.C1710025 20161220
ALYac Trojan.GenericKD.3878437 20161220
Arcabit Trojan.Generic.D3B2E25 20161220
Avast Win32:Malware-gen 20161220
AVG Generic38.ADCC 20161220
Avira (no cloud) TR/Crypt.ZPACK.zstmb 20161220
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Trojan.GenericKD.3878437 20161220
Bkav HW32.Packed.FFC5 20161220
CAT-QuickHeal Trojan.Razy 20161220
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Dridex.E.gen!Eldorado 20161220
DrWeb Trojan.Inject2.38071 20161220
Emsisoft Trojan.GenericKD.3878437 (B) 20161220
ESET-NOD32 a variant of Win32/Kryptik.FLLX 20161220
F-Prot W32/Dridex.E.gen!Eldorado 20161220
F-Secure Trojan.GenericKD.3878437 20161220
GData Trojan.GenericKD.3878437 20161220
Sophos ML trojandownloader.win32.renos.pt 20161216
K7AntiVirus Trojan ( 005005131 ) 20161220
K7GW Trojan ( 005005131 ) 20161220
Malwarebytes Trojan.Dridex 20161220
McAfee Suspect-AN!A1658D3C7068 20161220
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ch 20161220
Microsoft PWS:Win32/Dyzap.X 20161220
eScan Trojan.GenericKD.3878437 20161220
Panda Trj/GdSda.A 20161219
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161220
Sophos AV Mal/Generic-S 20161220
Symantec Trojan.Cridex 20161220
Tencent Win32.Trojan.Kryptik.Lkdh 20161220
ViRobot Trojan.Win32.Agent.133980[h] 20161220
Alibaba 20161220
Antiy-AVL 20161220
AVware 20161220
ClamAV 20161220
CMC 20161220
Comodo 20161220
Fortinet 20161220
Ikarus 20161220
Jiangmin 20161220
Kaspersky 20161220
Kingsoft 20161220
NANO-Antivirus 20161220
nProtect 20161220
Rising 20161220
SUPERAntiSpyware 20161220
TheHacker 20161219
TotalDefense 20161220
TrendMicro 20161220
TrendMicro-HouseCall 20161220
Trustlook 20161220
VBA32 20161220
VIPRE 20161220
WhiteArmor 20161212
Yandex 20161220
Zillya 20161220
Zoner 20161220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name cmifw.dll
Internal name cmifw.dll
File version 6.1.7601.16385 (win7_rtm.090713-1255)
Description Windows Firewall rule configuration plug-in
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-13 20:35:58
Entry Point 0x0000C7F0
Number of sections 12
PE sections
Overlays
MD5 e0ab120822fc0eca242925dba960e9c8
File type ASCII text
Offset 133980
Size 1188
Entropy 0.00
PE imports
ClusterRegQueryInfoKey
ClusterRegOpenKey
GetClusterInformation
CallNamedPipeW
ReplaceFileA
lstrlenA
GlobalFindAtomA
GetHandleInformation
LoadLibraryA
Process32Next
GetCPInfoExW
GetCommandLineW
OpenWaitableTimerW
WriteProfileStringW
GetTempFileNameW
GetComputerNameW
WideCharToMultiByte
WriteFileEx
InterlockedExchange
SetUnhandledExceptionFilter
SetFirmwareEnvironmentVariableA
GetComputerNameExW
SetComputerNameA
GetStringTypeW
GetModuleHandleW
WriteProfileSectionA
ConnectNamedPipe
BeginUpdateResourceW
FindAtomA
TransactNamedPipe
GetStringTypeExA
GetCurrentThreadId
VarBstrFromR8
_vswprintf_c_l
isprint
iswspace
PdhAddCounterA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Firewall rule configuration plug-in

CharacterSet
Unicode

LinkerVersion
18.2

FileTypeExtension
exe

OriginalFileName
cmifw.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7601.16385 (win7_rtm.090713-1255)

TimeStamp
2016:12:13 21:35:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cmifw.dll

ProductVersion
6.1.7601.16385

SubsystemVersion
5.0

OSVersion
2.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
47616

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0xc7f0

ObjectFileType
Dynamic link library

File identification
MD5 a1658d3c7068ecb54e6129ba2b69f5df
SHA1 15ab9381fbcb5b2539d5005da063e20ab8d35af4
SHA256 822ea695faf6ad6e3d8b338cb637c325aadeb42aec4b94ad232531c955ac528b
ssdeep
3072:XmjtRir7Hza30iijKkNZg9fMZCzUd2XFp9IOr:2jty+8kYerXFp9

authentihash 907055089528764867e39b013f544e265b94bb87038f4e5d668f35e902ed3268
imphash 7a654e8e985611a4df4ffdc6d2fe5fd2
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-12-20 10:43:45 UTC ( 2 years, 3 months ago )
Last submission 2016-12-20 13:07:18 UTC ( 2 years, 3 months ago )
File names some.exe
cmifw.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!