× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5bb32dd6343001898e752b6e0523150c14838e188a0189c6bdbdf09dcd5f8c4
File name: f2174b4ca0db8c2542df167d9d52fee06432ee6c
Detection ratio: 40 / 66
Analysis date: 2018-10-25 01:07:07 UTC ( 6 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31297690 20181024
AhnLab-V3 Malware/Win32.Generic.C2773327 20181024
ALYac Trojan.GenericKD.31297690 20181024
Arcabit Trojan.Generic.D1DD909A 20181024
Avast Win32:Trojan-gen 20181024
AVG Win32:Trojan-gen 20181024
BitDefender Trojan.GenericKD.31297690 20181025
Bkav HW32.Packed. 20181024
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.ca0db8 20180225
Cylance Unsafe 20181025
Emsisoft Trojan.GenericKD.31297690 (B) 20181024
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.COOP 20181025
F-Secure Trojan.GenericKD.31297690 20181020
Fortinet W32/Generic.AP.216510!tr 20181025
GData Trojan.GenericKD.31297690 20181024
Ikarus Trojan.Win32.Krypt 20181024
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053f6951 ) 20181024
K7GW Trojan ( 0053f6951 ) 20181024
Kaspersky Trojan-Banker.Win32.Emotet.bjmi 20181024
Malwarebytes Trojan.FakeMS 20181025
MAX malware (ai score=99) 20181025
McAfee GenericRXGN-CG!B6C27E700556 20181025
McAfee-GW-Edition BehavesLike.Win32.Sality.dc 20181024
Microsoft Trojan:Win32/Tiggre!plock 20181024
eScan Trojan.GenericKD.31297690 20181025
NANO-Antivirus Trojan.Win32.Emotet.fjnmpo 20181025
Panda Trj/GdSda.A 20181024
Qihoo-360 Win32/Trojan.1cd 20181025
Rising Ransom.GandCrypt!8.F33E (TFE:1:cJ6J3bbkf3P) 20181025
Sophos AV Mal/Generic-S 20181024
Symantec Trojan.Gen.2 20181025
TACHYON Banker/W32.Emotet.246272 20181025
TrendMicro TROJ_GEN.F0C2C00JK18 20181025
TrendMicro-HouseCall TROJ_GEN.F0C2C00JK18 20181025
ViRobot Trojan.Win32.Z.Highconfidence.246272.D 20181024
Webroot W32.Trojan.Emotet 20181025
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bjmi 20181024
AegisLab 20181025
Alibaba 20180921
Antiy-AVL 20181023
Avast-Mobile 20181024
Avira (no cloud) 20181024
Babable 20180918
Baidu 20181024
CAT-QuickHeal 20181024
CMC 20181024
Cyren 20181025
DrWeb 20181024
eGambit 20181025
F-Prot 20181024
Jiangmin 20181024
Kingsoft 20181025
Palo Alto Networks (Known Signatures) 20181025
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181001
Tencent 20181025
TheHacker 20181024
TotalDefense 20181024
Trustlook 20181025
VBA32 20181024
Yandex 20181024
Zillya 20181024
Zoner 20181024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CACLS.EXE
Internal name cacls
File version 10.0.16299.15 (WinBuild.160101.0800)
Description Control ACLs Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-30 07:42:56
Entry Point 0x00002000
Number of sections 5
PE sections
PE imports
CloseClusterGroup
ClusterControl
CloseClusterNode
MD5Final
MD5Update
OpenThread
ReplaceFileA
SystemTimeToFileTime
GetExitCodeProcess
CreateJobObjectW
GetTickCount
GetFileAttributesW
WaitForSingleObjectEx
GetLocalTime
UpdateResourceA
GetCurrentProcess
OpenFileMappingW
CopyFileExW
CreateMutexA
GetModuleHandleA
lstrcpy
GetTempPathW
GetStartupInfoA
FindFirstFileA
ReadFile
OpenMutexW
CreateFileMappingA
GetStringTypeW
GetProcAddress
CreateEventW
GetEnvironmentVariableA
HeapCreate
OpenEventW
SetLastError
SHGetFileInfoA
FindExecutableA
DragAcceptFiles
ShellMessageBoxA
DllUnregisterServer
DragQueryPoint
SHFree
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA
SHFileOperationA
PathIsRootW
UrlCombineA
UrlIsA
UrlGetPartA
UrlIsNoHistoryA
UrlUnescapeA
UrlHashA
UrlCreateFromPathW
UrlEscapeA
PathCombineW
UrlCompareW
WTSUnRegisterSessionNotification
WTSQuerySessionInformationA
WTSVirtualChannelWrite
WTSVirtualChannelPurgeOutput
WTSSendMessageA
WTSSetSessionInformationW
WTSSetUserConfigW
WTSOpenServerW
WTSVirtualChannelQuery
WTSWaitSystemEvent
WTSEnumerateServersA
Number of PE resources by type
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.16299.15

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Control ACLs Program

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
235008

EntryPoint
0x2000

OriginalFileName
CACLS.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.16299.15 (WinBuild.160101.0800)

TimeStamp
2016:04:30 00:42:56-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
cacls

ProductVersion
10.0.16299.15

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
10240

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.16299.15

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b6c27e700556e0c447eed8faf6b76961
SHA1 f2174b4ca0db8c2542df167d9d52fee06432ee6c
SHA256 c5bb32dd6343001898e752b6e0523150c14838e188a0189c6bdbdf09dcd5f8c4
ssdeep
3072:K6CHvlMFnXF7shL6NYppEm30H1I9jV1Qv/ZjU4sg4/D3qJ9U31R+83O/PGvsk/:SyhFW6N40VI9jV8ZjUtNDM4cQWPMsk

authentihash 28c7f8bacd22ae5aa9ff5e5c8e2e59760c6f7efca93cbf4b2e4b6fa47144bdfc
imphash 8bf02ddd5d75e5e5255802ccd678d97d
File size 240.5 KB ( 246272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (44.9%)
Win64 Executable (generic) (39.8%)
Win32 Executable (generic) (6.4%)
OS/2 Executable (generic) (2.9%)
Generic Win/DOS Executable (2.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-19 21:03:48 UTC ( 7 months ago )
Last submission 2018-11-09 07:07:32 UTC ( 6 months, 1 week ago )
File names b6c27e700556e0c447eed8faf6b76961
bb10.exe
CACLS.EXE
bb10.exe
cacls
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs