× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b62b13739dbad2bf40326a1a157252c94cd998a4d0fe17a5b3ba8da107c7372e
File name: 0_IMzN8s.exe
Detection ratio: 39 / 58
Analysis date: 2016-09-06 07:37:12 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3500502 20160906
AegisLab Dangerousobject.Multi.Generic!c 20160906
AhnLab-V3 Trojan/Win32.Inject.N2091891548 20160905
ALYac Trojan.GenericKD.3500502 20160906
Avast Win32:Trojan-gen 20160906
AVG Crypt5.CNGN 20160906
Avira (no cloud) TR/Crypt.Xpack.ygdx 20160906
AVware Trojan.Win32.Generic!BT 20160906
BitDefender Trojan.GenericKD.3500502 20160906
Bkav HW32.Packed.9120 20160905
ClamAV Win.Trojan.Agent-1658990 20160906
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Trojan.NNST-9122 20160906
DrWeb Trojan.Inject2.27743 20160906
Emsisoft Trojan.Win32.Agent (A) 20160906
ESET-NOD32 a variant of Win32/Kryptik.FFHQ 20160906
F-Secure Trojan.GenericKD.3500502 20160906
Fortinet W32/Razy.BJW!tr 20160906
GData Trojan.GenericKD.3500502 20160906
Ikarus Trojan.Win32.Crypt 20160906
Sophos ML trojandropper.win32.gepys.a 20160830
K7AntiVirus Trojan ( 004f72621 ) 20160906
K7GW Trojan ( 004f72621 ) 20160906
Kaspersky Trojan.Win32.Razy.bjw 20160906
Malwarebytes Trojan.Dridex 20160906
McAfee Generic.aha 20160906
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20160906
Microsoft Trojan:Win32/Dynamer!ac 20160906
eScan Trojan.GenericKD.3500502 20160906
nProtect Trojan/W32.Razy.180476 20160906
Panda Trj/GdSda.A 20160905
Sophos AV Troj/Dridex-VY 20160906
Symantec Trojan.Cridex 20160906
Tencent Win32.Trojan.Bp-generic.Wpav 20160906
TrendMicro TROJ_GEN.R01BC0DI116 20160906
TrendMicro-HouseCall TROJ_GEN.R01BC0DI116 20160906
VIPRE Trojan.Win32.Generic!BT 20160831
ViRobot Trojan.Win32.Z.Dridex.180476.A[h] 20160906
Yandex Trojan.Razy! 20160905
Alibaba 20160905
Antiy-AVL 20160906
Arcabit 20160906
Baidu 20160906
CAT-QuickHeal 20160906
CMC 20160905
Comodo 20160906
F-Prot 20160906
Jiangmin 20160906
Kingsoft 20160906
NANO-Antivirus 20160906
Qihoo-360 20160906
Rising 20160906
SUPERAntiSpyware 20160906
TheHacker 20160905
TotalDefense 20160906
VBA32 20160905
Zillya 20160905
Zoner 20160906
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name cliconfg.exe
Internal name cliconfg.exe
File version 10.0.10257.16388 (th1.150709-1700)
Description SQL Client Configuration Utility EXE
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-28 22:16:56
Entry Point 0x0000C2D0
Number of sections 8
PE sections
PE imports
CreateToolhelp32Snapshot
FreeLibrary
GetLastError
RaiseException
LocalAlloc
VirtualQuery
InterlockedExchange
FreeConsole
GetComputerNameA
SetWaitableTimer
GetProcAddress
LoadLibraryA
isalnum
PdhGetFormattedCounterArrayA
Number of PE resources by type
RT_ICON 6
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.56

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.10240.16384

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0xc2d0

OriginalFileName
cliconfg.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.10257.16388 (th1.150709-1700)

TimeStamp
2016:08:28 23:16:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cliconfg.exe

ProductVersion
10.0.10257.16388

FileDescription
SQL Client Configuration Utility EXE

OSVersion
3.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.10240.16384

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5dbd9956b4e15026ea2c06427e7d0a4d
SHA1 1a5bb2087fe1d657208d18e7417885fcf74d383a
SHA256 b62b13739dbad2bf40326a1a157252c94cd998a4d0fe17a5b3ba8da107c7372e
ssdeep
3072:D7EyYNWPQaSnWtvXqn3w+iITp2hvxNO6k6Sw7C7JP+HgeFblyosT:D7EyGJF4q3w+tpx6hSw7ClGgylET

authentihash 5fae8c3a1c3ae207b29ed517fd2bb184ba6deda514853f9b1950de66a7bbb654
imphash a216764f8a79a96b49b28d6a92a02de5
File size 176.2 KB ( 180476 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-29 10:55:01 UTC ( 2 years, 5 months ago )
Last submission 2016-12-15 16:16:52 UTC ( 2 years, 2 months ago )
File names 0_IMzN8s.exe
IMzN8s.exe
cliconfg.exe
Scan.pdf.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0829.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications