× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d04ef8708cf030b9688bf3e8287c1790023a76374e43bd332178e212420f9fb
File name: wbemcomn.ini
Detection ratio: 49 / 71
Analysis date: 2019-05-09 04:37:43 UTC ( 1 week, 4 days ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20464740 20190509
AegisLab Trojan.Win64.Agent.4!c 20190509
AhnLab-V3 Trojan/Win64.Agent.R195075 20190508
Alibaba Trojan:Win64/Agent.2f26fb83 20190426
ALYac Backdoor.Agent.winnti 20190509
Antiy-AVL Trojan/Win32.BTSGeneric 20190509
Arcabit Trojan.Generic.D1384464 20190509
Avast Win64:Malware-gen 20190509
AVG Win64:Malware-gen 20190509
Avira (no cloud) HEUR/AGEN.1031467 20190509
BitDefender Trojan.Generic.20464740 20190509
CrowdStrike Falcon (ML) win/malicious_confidence_80% (D) 20190212
Cylance Unsafe 20190509
Emsisoft Trojan.Generic.20464740 (B) 20190509
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win64/Winnti.BE 20190509
F-Secure Heuristic.HEUR/AGEN.1031467 20190509
FireEye Generic.mg.5b1852311cc9f5cc 20190509
Fortinet W64/Agent.GL!tr 20190509
GData Win64.Backdoor.Winnti.C 20190509
Ikarus Trojan.Win64.Agent 20190508
Sophos ML heuristic 20190313
Jiangmin Trojan.Agent.asam 20190509
K7AntiVirus Riskware ( 0040eff71 ) 20190508
K7GW Riskware ( 0040eff71 ) 20190509
Kaspersky Trojan.Win64.Agent.ijw 20190509
MAX malware (ai score=100) 20190509
MaxSecure Trojan.Malware.10328056.susgen 20190508
McAfee Artemis!5B1852311CC9 20190503
McAfee-GW-Edition BehavesLike.Win64.Trojan.bc 20190509
Microsoft Trojan:Win32/Casdet!rfn 20190509
eScan Trojan.Generic.20464740 20190509
NANO-Antivirus Trojan.Win64.Agent.ekltyx 20190509
Palo Alto Networks (Known Signatures) generic.ml 20190509
Panda Trj/CI.A 20190508
Qihoo-360 Win32/Trojan.ae7 20190509
Rising Trojan.Agent!8.B1E (CLOUD) 20190509
SentinelOne (Static ML) DFI - Suspicious PE 20190508
Sophos AV Troj/Spy-AJA 20190509
Symantec Trojan.Gen 20190509
Tencent Win64.Trojan.Agent.Svho 20190509
Trapmine malicious.high.ml.score 20190325
TrendMicro BKDR64_WINNTI.ONM 20190509
TrendMicro-HouseCall BKDR64_WINNTI.ONM 20190509
VIPRE Trojan.Win32.Generic!BT 20190509
ViRobot Trojan.Win64.S.Agent.727552.A 20190508
Yandex Trojan.Agent!fOURChNC680 20190501
Zillya Trojan.Agent.Win64.1563 20190508
ZoneAlarm by Check Point Trojan.Win64.Agent.ijw 20190509
Acronis 20190504
Avast-Mobile 20190508
Baidu 20190318
Bkav 20190508
CAT-QuickHeal 20190507
ClamAV 20190508
CMC 20190321
Comodo 20190509
Cybereason 20190417
Cyren 20190509
DrWeb 20190509
eGambit 20190509
F-Prot 20190509
Kingsoft 20190509
Malwarebytes 20190509
SUPERAntiSpyware 20190507
Symantec Mobile Insight 20190506
TACHYON 20190509
TheHacker 20190506
TotalDefense 20190508
Trustlook 20190509
VBA32 20190504
Webroot 20190509
Zoner 20190508
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2016-07-22 06:56:40
Entry Point 0x00002DD8
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
FreeLibrary
GetEnvironmentStringsW
IsDebuggerPresent
HeapAlloc
FlsGetValue
GetStringTypeW
FlushFileBuffers
VirtualProtect
FlsSetValue
LoadLibraryA
GetModuleFileNameA
HeapSetInformation
GetCurrentProcess
GetFileType
GetConsoleMode
HeapSize
GetCurrentProcessId
WriteConsoleW
RtlUnwindEx
RtlVirtualUnwind
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
FlsAlloc
GetCommandLineA
GetProcAddress
FlsFree
EncodePointer
GetProcessHeap
SetStdHandle
WideCharToMultiByte
LoadLibraryW
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
QueryPerformanceCounter
GetVersion
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
VirtualFree
HeapDestroy
Sleep
IsBadReadPtr
GetTickCount
ExitProcess
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2016:07:22 08:56:40+02:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
43008

LinkerVersion
10.0

ImageFileCharacteristics
Executable, Large address aware, DLL

EntryPoint
0x2dd8

InitializedDataSize
683520

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

Compressed bundles
File identification
MD5 5b1852311cc9f5ccdddf35a9c473ab27
SHA1 51891247e3caa4e4f8f71b2eaf8ba47602dc0be1
SHA256 9d04ef8708cf030b9688bf3e8287c1790023a76374e43bd332178e212420f9fb
ssdeep
12288:SD3+mNnzs4VBSEzwKUF0r50emcped0R8wgtJUAiu:S5NY4VBSEUO0Qed0KJJq

authentihash 8274db1287581c7eb0749bd792905a6a81668e135e46dbcfcc07938d9d442dce
imphash 64bd37b14a659d44794b29193bddfeea
File size 710.5 KB ( 727552 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2016-11-24 10:44:29 UTC ( 2 years, 5 months ago )
Last submission 2016-11-24 10:44:29 UTC ( 2 years, 5 months ago )
File names wbemcomn.ini
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!