× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab8fc800b3974b0b41bf6a5d74bb6932239c27a1a95cd4c128af2057b6909a5f
File name: RunLegacyCPLElevated
Detection ratio: 36 / 49
Analysis date: 2016-12-15 22:58:07 UTC ( 11 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.6732 20161215
AegisLab Troj.W32.Yakes!c 20161215
AhnLab-V3 Trojan/Win32.Drixed.R174838 20161215
ALYac Gen:Variant.Razy.6732 20161215
Arcabit Trojan.Razy.D1A4C 20161215
Avast Win32:Evo-gen [Susp] 20161215
Avira (no cloud) TR/Crypt.Xpack.439194 20161215
AVware Trojan.Win32.Generic!BT 20161215
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Gen:Variant.Razy.6732 20161215
Bkav W32.Clod57f.Trojan.4cc6 20161215
Comodo TrojWare.Win32.Yakes 20161215
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.XHYC-8503 20161215
DrWeb Trojan.Dridex.318 20161215
Emsisoft Gen:Variant.Razy.6732 (B) 20161215
ESET-NOD32 Win32/Dridex.AA 20161215
F-Secure Gen:Variant.Razy.6732 20161215
Fortinet W32/Yakes.AA!tr 20161215
GData Gen:Variant.Razy.6732 20161215
Ikarus Backdoor.Win32.Drixed 20161215
Sophos ML ransom.win32.reveton.y 20161202
K7AntiVirus Trojan ( 004d86461 ) 20161215
K7GW Trojan ( 004d86461 ) 20161215
Malwarebytes Trojan.Dridex 20161215
eScan Gen:Variant.Razy.6732 20161215
NANO-Antivirus Trojan.Win32.Xpack.dzzktf 20161215
Panda Generic Suspicious 20161215
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20161215
Sophos AV Troj/Agent-AQAO 20161215
Symantec Trojan.Cridex 20161215
Tencent Win32.Trojan.Crypt.Wska 20161215
TrendMicro-HouseCall TSPY_DRIDEX.BYX 20161215
VIPRE Trojan.Win32.Generic!BT 20161215
Yandex Trojan.Yakes!NsZcOtCrOW0 20161215
Zillya Trojan.Dridex.Win32.424 20161214
Alibaba 20161215
Antiy-AVL 20161215
AVG 20161215
CAT-QuickHeal 20161215
ClamAV 20161215
CMC 20161215
F-Prot 20161215
Jiangmin 20161215
Kaspersky 20161215
Kingsoft 20161215
McAfee 20161215
McAfee-GW-Edition 20161215
Microsoft 20161215
nProtect 20161215
Rising 20161215
SUPERAntiSpyware 20161215
TheHacker 20161214
TotalDefense 20161215
TrendMicro 20161215
Trustlook 20161215
VBA32 20161215
ViRobot 20161215
WhiteArmor 20161212
Zoner 20161215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name RunLegacyCPLElevated.EXE
Internal name RunLegacyCPLElevated
File version 6.3.7603.16385 (win7_rtm.090713-1255)
Description Run a legacy CPL elevated
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-29 10:38:12
Entry Point 0x0000105A
Number of sections 8
PE sections
PE imports
ClusterNetworkEnum
DisconnectNamedPipe
GetWriteWatch
FreeConsole
GetCPInfoExW
GetEnvironmentStrings
FillConsoleOutputCharacterA
GetCommProperties
EnumUILanguagesA
GetProfileStringA
CreateHardLinkW
FoldStringW
GetVolumeNameForVolumeMountPointW
VarCyRound
MessageBoxA
ScreenToClient
is_wctype
putwc
_chkstk
memmove
strcat
strtoul
isdigit
sin
PdhOpenQueryA
PdhCalculateCounterFromRawValue
Number of PE resources by type
RT_ICON 13
MUI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.7613.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
175616

EntryPoint
0x105a

OriginalFileName
RunLegacyCPLElevated.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.7603.16385 (win7_rtm.090713-1255)

TimeStamp
2016:01:29 11:38:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
RunLegacyCPLElevated

ProductVersion
6.3.7603.16385

FileDescription
Run a legacy CPL elevated

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
48640

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.7603.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d88c2bed761c7384d0e8657477af9da7
SHA1 d3fe6e30572457bd8ce5b5258b0e7eb7e5689a10
SHA256 ab8fc800b3974b0b41bf6a5d74bb6932239c27a1a95cd4c128af2057b6909a5f
ssdeep
3072:TH8HmyOTBO4vKajNMPWqgVuLcXIwAlEp3TygMUJVYYPwCx:bx5MajlVAcYwAemgMWwC

authentihash 369183826ece0f11d2ce682fea019a5d084279d031e869e4b1cffe2bde0676cc
imphash cee42cbf0731dcaa116522ca5e4aa0e0
File size 214.5 KB ( 219648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-29 10:09:43 UTC ( 1 year, 10 months ago )
Last submission 2016-12-15 22:58:07 UTC ( 11 months, 1 week ago )
File names RunLegacyCPLElevated.EXE
RunLegacyCPLElevated
perdoma.exe
g545.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications