× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af3363889533e3e74fd5262c2f284d071552600d2a324b3e8fbdace124c26b4c
File name: CMD.EXE
Detection ratio: 2 / 57
Analysis date: 2016-11-27 07:16:15 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20161024
nProtect Trojan/W32.PornoBlocker.53760.M 20161127
Ad-Aware 20161127
AegisLab 20161127
AhnLab-V3 20161126
Alibaba 20161125
ALYac 20161127
Antiy-AVL 20161127
Arcabit 20161127
Avast 20161127
AVG 20161126
Avira (no cloud) 20161126
AVware 20161127
Baidu 20161126
BitDefender 20161127
Bkav 20161126
CAT-QuickHeal 20161126
ClamAV 20161127
CMC 20161127
Comodo 20161127
Cyren 20161127
DrWeb 20161127
Emsisoft 20161127
ESET-NOD32 20161126
F-Prot 20161127
F-Secure 20161127
Fortinet 20161127
GData 20161127
Ikarus 20161126
Sophos ML 20161018
Jiangmin 20161124
K7AntiVirus 20161127
K7GW 20161127
Kaspersky 20161127
Kingsoft 20161127
Malwarebytes 20161127
McAfee 20161127
McAfee-GW-Edition 20161127
Microsoft 20161126
eScan 20161127
NANO-Antivirus 20161127
Panda 20161126
Qihoo-360 20161127
Rising 20161127
Sophos AV 20161127
SUPERAntiSpyware 20161126
Symantec 20161127
Tencent 20161127
TheHacker 20161126
TotalDefense 20161127
TrendMicro 20161127
TrendMicro-HouseCall 20161127
Trustlook 20161127
VBA32 20161125
VIPRE 20161127
ViRobot 20161127
WhiteArmor 20161125
Yandex 20161126
Zillya 20161125
Zoner 20161127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name USERINIT.EXE
Internal name userinit
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Userinit Logon Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-13 23:34:19
Entry Point 0x00002B4E
Number of sections 4
PE sections
Overlays
MD5 0c56b088ea3b949f89d0a6aaedef544a
File type ASCII text
Offset 26112
Size 27648
Entropy 0.00
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
GetCurrentProcess
OpenProcessToken
CreateThread
SetThreadPriority
CreateProcessW
GetCurrentThread
GetLastError
GetUserDefaultLangID
RegQueryValueExA
LoadLibraryW
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
LocalAlloc
GetTickCount
LoadLibraryA
lstrlenW
FreeLibrary
HeapSetInformation
GetStartupInfoA
LoadLibraryExA
CompareFileTime
GetCurrentProcessId
DelayLoadFailureHook
UnhandledExceptionFilter
RegOpenKeyExA
GetProcAddress
InterlockedCompareExchange
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
GetFileAttributesExW
LocalFree
FormatMessageW
TerminateProcess
SearchPathW
SetCurrentDirectoryW
OpenEventW
Sleep
GetCurrentThreadId
GetEnvironmentVariableW
SetLastError
GetSystemMetrics
MessageBoxW
LoadRemoteFonts
GetKeyboardLayout
RegisterClassExW
DefWindowProcW
LoadStringW
CreateWindowExW
SystemParametersInfoW
CharNextW
ExitWindowsEx
DestroyWindow
Ord(175)
_cexit
_acmdln
_wcsicmp
_ismbblead
memmove
__p__commode
memset
__setusermatherr
__p__fmode
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
exit
_XcptFilter
__getmainargs
_initterm
_exit
_controlfp
_vsnwprintf
__set_app_type
NtOpenKey
DbgPrint
RtlInitUnicodeString
NtClose
Number of PE resources by type
RT_MANIFEST 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Userinit Logon Application

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
5120

EntryPoint
0x2b4e

OriginalFileName
USERINIT.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 00:34:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
userinit

ProductVersion
6.1.7600.16385

SubsystemVersion
6.1

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
19968

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 45e9306bb9047b55e3565d5f0f70ca26
SHA1 44e9a50fd7f8ee27ec8815a65a32a2ac991a0e0b
SHA256 af3363889533e3e74fd5262c2f284d071552600d2a324b3e8fbdace124c26b4c
ssdeep
384:Oj+CsDNjesrHdlvJhRLYZpgKeGf5F/hyWeR22PXG/7LKpuZeRsJCKWuVymWB:OxstZlRhNYZpgpuFeR22vo7L3O1

authentihash 70b1c416e99a15d2fa61cf338a4e9432ab3759c42ac57612b774e46ec1ac1f5c
imphash da2666d3347f129193ab91a0eab85c0c
File size 52.5 KB ( 53760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2010-09-10 14:45:54 UTC ( 8 years, 7 months ago )
Last submission 2018-11-30 20:58:13 UTC ( 4 months, 2 weeks ago )
File names 44e9a50fd7f8ee27ec8815a65a32a2ac991a0e0b
CMD.EXE
userinit
USERINIT.EXE.MUI
COMBOCHAOS.EXE
NOTEPAD.EXE
TASKHOST.EXE
userinit.exe
USERINIT.EXE
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1108.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!