× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2f29e4fcd9eb45b1466ad2769fd66f1c7a50552b25cbbc5c04552d3b76efeab
File name: OneDrive[1].pdf.exe
Detection ratio: 7 / 57
Analysis date: 2016-09-06 08:08:40 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lNNz 20160906
Baidu Win32.Trojan.WisdomEyes.151026.9950.9995 20160906
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Sophos ML trojandropper.win32.gepys.a 20160830
Panda Trj/Genetic.gen 20160905
Symantec Heur.AdvML.B 20160906
Tencent Win32.Trojan.Bp-generic.Wpav 20160906
Ad-Aware 20160906
AhnLab-V3 20160905
Alibaba 20160905
ALYac 20160906
Antiy-AVL 20160906
Arcabit 20160906
Avast 20160906
AVG 20160906
Avira (no cloud) 20160906
AVware 20160906
BitDefender 20160906
Bkav 20160905
CAT-QuickHeal 20160906
ClamAV 20160906
CMC 20160905
Comodo 20160906
Cyren 20160906
DrWeb 20160906
Emsisoft 20160906
ESET-NOD32 20160906
F-Prot 20160906
F-Secure 20160906
Fortinet 20160906
GData 20160906
Ikarus 20160906
Jiangmin 20160906
K7AntiVirus 20160906
K7GW 20160906
Kaspersky 20160906
Kingsoft 20160906
Malwarebytes 20160906
McAfee 20160906
McAfee-GW-Edition 20160906
Microsoft 20160906
eScan 20160906
NANO-Antivirus 20160906
nProtect 20160906
Qihoo-360 20160906
Rising 20160906
Sophos AV 20160906
SUPERAntiSpyware 20160906
TheHacker 20160905
TrendMicro 20160906
TrendMicro-HouseCall 20160906
VBA32 20160905
VIPRE 20160831
ViRobot 20160906
Yandex 20160905
Zillya 20160905
Zoner 20160906
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name cliconfg.exe
Internal name cliconfg.exe
File version 10.0.10257.16389 (th1.150709-1700)
Description SQL Client Configuration Utility EXE
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-06 03:26:54
Entry Point 0x0000CB60
Number of sections 14
PE sections
PE imports
GetClusterResourceKey
AddClusterResourceNode
GetLastError
CreateTimerQueueTimer
GetDriveTypeW
FreeLibrary
CopyFileA
VirtualProtect
LoadLibraryA
LockFile
RaiseException
GetProcessId
SetDefaultCommConfigW
HeapSetInformation
EnumSystemLocalesA
SizeofResource
LocalAlloc
lstrcatA
SetVolumeMountPointA
GetProcAddress
GetProfileStringW
RegisterWaitForSingleObject
FindFirstVolumeW
GetCPInfo
MapViewOfFile
WritePrivateProfileStructA
InterlockedExchange
WaitNamedPipeA
ConvertDefaultLocale
FreeConsole
GetComputerNameA
PeekConsoleInputA
SetFileAttributesA
GetEnvironmentStrings
DnsHostnameToComputerNameW
CreateFileW
VirtualQuery
FindClose
GetLongPathNameA
IsBadReadPtr
IsBadStringPtrA
BackupSeek
LocalShrink
SetWaitableTimer
WriteConsoleW
wnsprintfW
isalnum
isleadbyte
fwscanf
vwprintf
fclose
wcsxfrm
wcstok
wcsncat
fputwc
fopen
PdhEnumObjectsA
CompareSecurityIds
Number of PE resources by type
RT_ICON 6
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.56

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.10240.16384

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0xcb60

OriginalFileName
cliconfg.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.10257.16389 (th1.150709-1700)

TimeStamp
2016:09:06 04:26:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cliconfg.exe

ProductVersion
10.0.10257.16389

FileDescription
SQL Client Configuration Utility EXE

OSVersion
3.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.10240.16384

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8437795613b383c8000af8356ab9285a
SHA1 6800a27227a3bfb2f81cbc2d3a81bb94dcf37a4c
SHA256 a2f29e4fcd9eb45b1466ad2769fd66f1c7a50552b25cbbc5c04552d3b76efeab
ssdeep
3072:Ozpdf7oq+tmd4ew82DQHT2+6/OZfg/9xXD1CgKuh3FyLR:bJtO+D22+6/2fUXD1CgpDe

authentihash 8d944b56f35fefb10fa21c96ce39b179c12e31cc56def496cf159dfde641f1cb
imphash 7a05a69dfd2ee98d963e0df54626b4b7
File size 200.4 KB ( 205236 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-06 07:57:24 UTC ( 2 years, 7 months ago )
Last submission 2016-12-17 01:46:08 UTC ( 2 years, 4 months ago )
File names OneDrive[1].pdf.exe
cliconfg.exe
DROPPED.exe
OneDrive.pdf
WYA3V_hV.exe
OneDrive[1].pdf.660.dr
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications