× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1ba33e9b4f6344c580a674251f8aff4442c0b4c1fceed321835b938c2679282
File name: bg11.exe
Detection ratio: 16 / 68
Analysis date: 2018-11-01 06:22:35 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181101
Bkav HW32.Packed. 20181031
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.4fa716 20180225
Cylance Unsafe 20181101
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20181101
McAfee Artemis!72F88CF77852 20181101
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20181101
Microsoft VirTool:Win32/CeeInject 20181101
Palo Alto Networks (Known Signatures) generic.ml 20181101
Rising Spyware.Stealer!8.3090 (TFE:3:jPTRwKW7lJE) 20181101
Symantec ML.Attribute.HighConfidence 20181031
Webroot W32.Trojan.Emotet 20181101
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181101
Ad-Aware 20181101
AegisLab 20181101
AhnLab-V3 20181031
Alibaba 20180921
ALYac 20181031
Antiy-AVL 20181031
Arcabit 20181101
Avast 20181101
Avast-Mobile 20181031
Avira (no cloud) 20181031
AVware 20180925
Babable 20180918
Baidu 20181101
BitDefender 20181101
CAT-QuickHeal 20181031
ClamAV 20181101
CMC 20181031
Cyren 20181101
DrWeb 20181101
eGambit 20181101
Emsisoft 20181101
ESET-NOD32 20181101
F-Prot 20181101
F-Secure 20181101
Fortinet 20181101
GData 20181101
Ikarus 20181031
Jiangmin 20181101
K7AntiVirus 20181101
K7GW 20181031
Kingsoft 20181101
Malwarebytes 20181101
MAX 20181101
eScan 20181101
NANO-Antivirus 20181101
Panda 20181031
Qihoo-360 20181101
SentinelOne (Static ML) 20181011
Sophos AV 20181101
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181101
Tencent 20181101
TheHacker 20181031
TotalDefense 20181031
TrendMicro 20181101
TrendMicro-HouseCall 20181101
Trustlook 20181101
VBA32 20181031
ViRobot 20181101
Yandex 20181030
Zillya 20181030
Zoner 20181101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CACLS.EXE
Internal name cacls
File version 10.0.16299.15 (WinBuild.160101.0800)
Description Control ACLs Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-30 07:42:56
Entry Point 0x00002000
Number of sections 5
PE sections
PE imports
CertFreeCRLContext
CertDeleteCRLFromStore
CertAlgIdToOID
CertGetNameStringA
CertDuplicateCRLContext
CertDuplicateStore
CertCompareCertificate
CertFindExtension
CertFindChainInStore
CertSaveStore
CryptFindOIDInfo
MD5Final
MD5Update
OpenThread
ReplaceFileA
CreateJobObjectA
SystemTimeToFileTime
UpdateResourceW
OpenEventW
GetExitCodeProcess
GetTickCount
GetFileAttributesW
WaitForSingleObjectEx
GetLocalTime
GetStartupInfoA
GetCurrentProcessId
OpenFileMappingA
GetProcAddress
CreateMutexA
GetStringTypeA
GetModuleHandleA
FindFirstFileA
lstrcpyA
CreateFileMappingA
MoveFileExA
CopyFileExW
GetTempPathW
HeapCreate
WriteFile
CreateEventA
OpenSemaphoreW
SetLastError
CPEncrypt
CPDeriveKey
CPDecrypt
SHGetFileInfoA
FindExecutableA
DragAcceptFiles
ShellMessageBoxA
DllUnregisterServer
DragQueryPoint
SHFree
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA
SHFileOperationA
UrlCreateFromPathA
PathIsRootW
UrlCombineA
UrlIsA
UrlGetPartA
UrlIsNoHistoryA
UrlUnescapeA
UrlHashA
UrlEscapeA
PathCombineW
UrlCompareW
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.16299.15

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Control ACLs Program

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
235008

EntryPoint
0x2000

OriginalFileName
CACLS.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.16299.15 (WinBuild.160101.0800)

TimeStamp
2016:04:30 07:42:56+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
cacls

ProductVersion
10.0.16299.15

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
9728

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.16299.15

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 72f88cf77852467496000dfbab06afb6
SHA1 9e6623a4fa7165f5020c954a818b57d32735666d
SHA256 b1ba33e9b4f6344c580a674251f8aff4442c0b4c1fceed321835b938c2679282
ssdeep
3072:CSQ4cr2uidXk/0SaEZO70VeHQ5ISpLAG6yPLqQ9ryVluvBVYCppuSSc26I8sgpn:CpTEt7SU0KQhFAGhLd9ryPiY4Og

authentihash 457f11e84cf474b155eb4afb606f17b684585819306725a9963469e5045a9116
imphash ed6e22dabad21cb1e0cc7d7a734c5d02
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (44.9%)
Win64 Executable (generic) (39.8%)
Win32 Executable (generic) (6.4%)
OS/2 Executable (generic) (2.9%)
Generic Win/DOS Executable (2.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-01 02:51:32 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-09 07:07:37 UTC ( 3 months, 1 week ago )
File names bg11.exe
cacls
72f88cf77852467496000dfbab06afb6
CACLS.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs