× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87f639a395dc72d9fa2aa517ec2776ee3c9e9c2fa71ba50d832e0ff012373b22
File name: bin.exe
Detection ratio: 3 / 57
Analysis date: 2015-01-15 09:56:14 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.CVIK 20150115
Kaspersky UDS:DangerousObject.Multi.Generic 20150115
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150114
Ad-Aware 20150115
AegisLab 20150115
Yandex 20150114
AhnLab-V3 20150115
Alibaba 20150115
ALYac 20150115
Antiy-AVL 20150115
Avast 20150115
AVG 20150114
Avira (no cloud) 20150115
AVware 20150115
Baidu-International 20150115
BitDefender 20150115
Bkav 20150114
ByteHero 20150115
CAT-QuickHeal 20150115
ClamAV 20150115
CMC 20150113
Comodo 20150115
Cyren 20150115
DrWeb 20150115
Emsisoft 20150115
F-Prot 20150115
F-Secure 20150115
Fortinet 20150115
GData 20150115
Ikarus 20150115
Jiangmin 20150114
K7AntiVirus 20150115
K7GW 20150114
Kingsoft 20150115
Malwarebytes 20150115
McAfee 20150115
McAfee-GW-Edition 20150115
Microsoft 20150115
eScan 20150115
NANO-Antivirus 20150115
Norman 20150115
nProtect 20150115
Panda 20150115
Qihoo-360 20150115
Sophos 20150115
SUPERAntiSpyware 20150115
Symantec 20150115
Tencent 20150115
TheHacker 20150112
TotalDefense 20150114
TrendMicro 20150115
TrendMicro-HouseCall 20150115
VBA32 20150115
VIPRE 20150115
ViRobot 20150115
Zillya 20150115
Zoner 20150114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name SessMgr.exe
Internal name SessMgr.exe
File version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description ????????? ?????? ??????? ??? ?????????? ???????? ?????, Microsoft®
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-15 07:40:00
Entry Point 0x00001069
Number of sections 5
PE sections
PE imports
JetCompact
JetGrowDatabase
JetMove
JetCreateIndex
JetGetLock
JetEndExternalBackup
JetIdle
JetGetTableInfo
JetBackup
JetPrepareUpdate
JetSeek
JetDeleteIndex
JetStopBackup
JetGetAttachInfo
JetEndSession
ReplaceFileA
GetNamedPipeInfo
GlobalFree
SetEvent
CompareStringW
IsBadWritePtr
GlobalUnlock
RemoveDirectoryA
FatalExit
GetACP
UpdateResourceA
OpenFile
AddAtomA
lstrcatA
WritePrivateProfileSectionW
BuildCommDCBAndTimeoutsW
GetCPInfoExA
EnumTimeFormatsA
FindVolumeMountPointClose
GetCurrentThread
WriteTapemark
SetFilePointer
GetExitCodeThread
InterlockedExchange
IsProcessorFeaturePresent
DuplicateHandle
GetCommConfig
GetBinaryTypeA
GlobalAlloc
GetFullPathNameA
Beep
FindAtomW
OutputDebugStringW
SetLocaleInfoA
GlobalHandle
DeleteTimerQueue
SetLocaleInfoW
SetCurrentDirectoryA
Number of PE resources by type
RT_STRING 2
REGISTRY 2
TYPELIB 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.2180

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
40960

OriginalFilename
SessMgr.exe

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2015:01:15 07:40:00+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
SessMgr.exe

ProductVersion
5.1.2600.2180

FileDescription
, Microsoft

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
69632

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.2180

Warning
Possibly corrupt Version resource

EntryPoint
0x1069

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 38b4b51d00b34a03a1e90585ef5faffa
SHA1 57c9fcc5792757f7468ef301d3f66ecd1bf5b8ee
SHA256 87f639a395dc72d9fa2aa517ec2776ee3c9e9c2fa71ba50d832e0ff012373b22
ssdeep
1536:2RJbsnbNTsUAC/LEM2tgKf+fYDPrzDcmq8:2Rwr7IM9KfUYbBq8

authentihash 1f993f9ba5c09a53f0e04bb5d1657d3b3a385346abc7e3a4cf1fa05e6c1637a8
imphash 731254224faeb1250578791697b77051
File size 112.0 KB ( 114688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-15 07:48:03 UTC ( 2 years, 4 months ago )
Last submission 2015-01-20 07:05:47 UTC ( 2 years, 4 months ago )
File names 0ZFkUi
SessMgr.exe
vti-rescan
87f639a395dc72d9fa2aa517ec2776ee3c9e9c2fa71ba50d832e0ff012373b22.exe
bin_15ene.exe
bin.exe
15e.exe
bin_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections