× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9bcc1ab30a900906e4dbccc341f3722383f7666a03ab5d898a153aa58f4c9428
File name: WinMgmt.exe.ViR
Detection ratio: 17 / 42
Analysis date: 2012-07-11 19:50:09 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AntiVir SPR/Tool.Agent.BL 20120711
AVG BackDoor.Generic11.BNZ 20120711
BitDefender Trojan.Generic.1602066 20120711
Comodo UnclassifiedMalware 20120711
F-Secure Trojan.Generic.1602066 20120711
Fortinet Riskware/HackArmy.IK 20120711
GData Trojan.Generic.1602066 20120711
Jiangmin Backdoor/Agent.cbwj 20120711
K7AntiVirus Trojan 20120711
McAfee BackDoor-DSZ 20120711
McAfee-GW-Edition BackDoor-DSZ 20120711
NOD32 probably a variant of Win32/Agent.JWYRSFM 20120711
Norman Suspicious_Gen2.ABVXK 20120711
nProtect Trojan/W32.Agent.66048.AL 20120711
PCTools Hacktool.Generic 20120711
Sophos AV Mal/Servus-A 20120711
Symantec Hacktool 20120711
AhnLab-V3 20120711
Antiy-AVL 20120711
Avast 20120711
ByteHero 20120704
CAT-QuickHeal 20120711
ClamAV 20120711
Commtouch 20120711
DrWeb 20120711
Emsisoft 20120711
eSafe 20120710
F-Prot 20120711
Ikarus 20120711
Kaspersky 20120711
Microsoft 20120711
Panda 20120711
Rising 20120711
SUPERAntiSpyware 20120711
TheHacker 20120711
TotalDefense 20120710
TrendMicro 20120711
TrendMicro-HouseCall 20120711
VBA32 20120711
VIPRE 20120711
ViRobot 20120711
VirusBuster 20120711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-07 07:28:43
Entry Point 0x00001000
Number of sections 8
PE sections
PE imports
CloseServiceHandle
RegCloseKey
RegisterEventSourceA
OpenServiceA
RegSetValueExA
CreateServiceA
QueryServiceStatus
SetServiceStatus
DeregisterEventSource
ControlService
LookupAccountSidA
ChangeServiceConfig2A
DeleteService
RegCreateKeyA
OpenSCManagerA
ReportEventA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
GetLastError
HeapFree
GetStdHandle
SetHandleCount
TerminateThread
lstrlenA
GetFileAttributesA
SetEvent
GetExitCodeProcess
LCMapStringA
ExitProcess
TlsAlloc
GetVersionExA
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
CreatePipe
GetStartupInfoA
GetEnvironmentStrings
SetConsoleCtrlHandler
WaitForSingleObject
GetCurrentDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
GetShortPathNameA
GetLogicalDrives
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
CreateThread
TlsFree
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
TerminateProcess
GetACP
GetStringTypeW
GetVersion
GetFullPathNameA
GetDriveTypeA
LocalFree
GlobalMemoryStatus
CreateProcessA
GetTimeZoneInformation
WideCharToMultiByte
VirtualFree
CreateEventA
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
GetOEMCP
DefWindowProcA
wsprintfA
MessageBoxA
EnumThreadWindows
PostQuitMessage
htons
htonl
socket
recv
accept
WSACleanup
WSAStartup
send
bind
WSAAsyncSelect
closesocket
WSAGetLastError
listen
PE exports
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2008:05:07 08:28:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
5.0

EntryPoint
0x1000

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3e19ef9c9a217d242787a896cc4a5b03
SHA1 fa64e1e1894274f080431523b19297ab99be4fca
SHA256 9bcc1ab30a900906e4dbccc341f3722383f7666a03ab5d898a153aa58f4c9428
ssdeep
1536:fRA79gbjq9haIDoD+BVxeUZok5mVtpCq8G8GcpHnqH:fRQAq9MDS5o6ieHqH

authentihash ed27099840ce8891c52699ef278f24fb7d509a466e9d9ae43a8092e0ed66048b
imphash 600f99405959dd68ce0c558a06bc9fac
File size 64.5 KB ( 66048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library - Borland C/C++ (84.6%)
DOS Executable Borland C++ (4.9%)
DOS Borland compiled Executable (generic) (3.8%)
Win32 Dynamic Link Library (generic) (2.5%)
Win32 Executable (generic) (1.7%)
Tags
peexe

VirusTotal metadata
First submission 2008-09-03 23:52:58 UTC ( 10 years, 6 months ago )
Last submission 2017-05-23 21:32:36 UTC ( 1 year, 10 months ago )
File names WinMgmt[3].exe
WinMgmt.exe.ViR
1342124577.WinMgmt.exe.ViR
WinMgmt.exe
3e19ef9c9a217d242787a896cc4a5b03.exe
vti-rescan
fa64e1e1894274f080431523b19297ab99be4fca_WinMgmt.ex
WinMgmt.ex
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!