× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c93095e6709699b3b09fa3a1ffecf6acc9d16cf8a5721b1e65d8d47837d78efe
File name: wmlaunch.exe
Detection ratio: 50 / 57
Analysis date: 2015-08-14 18:25:26 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware Win32.Ramnit.N 20150814
Yandex Win32.Nimnul.Gen.2 20150814
AhnLab-V3 Win32/Ramnit.G 20150814
ALYac Win32.Ramnit.N 20150813
Antiy-AVL Virus/Win32.Nimnul.a 20150814
Arcabit Win32.Ramnit.N 20150814
Avast Win32:RmnDrp 20150814
AVG SHeur4.CCQU 20150814
Avira (no cloud) W32/Ramnit.C 20150813
AVware Virus.Win32.Ramnit.b (v) 20150814
Baidu-International Virus.Win32.Nimnul.$a 20150814
BitDefender Win32.Ramnit.N 20150814
Bkav W32.HfsAutoB.C57D 20150814
CAT-QuickHeal W32.Ramnit.BA 20150814
ClamAV W32.Ramnit-1 20150814
CMC Virus.Win32.Ramit.1!O 20150814
Comodo Virus.Win32.Ramnit.K 20150814
Cyren W32/Ramnit.E 20150814
DrWeb Win32.Rmnet.12 20150814
Emsisoft Win32.Ramnit.N (B) 20150814
ESET-NOD32 Win32/Ramnit.H 20150814
F-Prot W32/Ramnit.E 20150814
F-Secure Win32.Ramnit.N 20150814
Fortinet W32/Ramnit.C 20150813
GData Win32.Ramnit.N 20150814
Ikarus Virus.Win32.Ramnit 20150814
Jiangmin Win32/IRCNite.wi 20150813
K7AntiVirus Virus ( 002fe95d1 ) 20150814
K7GW Virus ( 002fe95d1 ) 20150814
Kaspersky Virus.Win32.Nimnul.a 20150814
Kingsoft Win32.Ramnit.lx.30720 20150814
Malwarebytes Virus.Ramnit 20150814
McAfee W32/Ramnit.a 20150814
McAfee-GW-Edition BehavesLike.Win32.Ramnit.dh 20150814
Microsoft Virus:Win32/Ramnit.J 20150814
eScan Win32.Ramnit.N 20150814
NANO-Antivirus Virus.Win32.Nimnul.bqjjnb 20150814
nProtect Virus/W32.SpyEye 20150813
Panda W32/Cosmu.E 20150814
Rising PE:Win32.Mgr.b!1594784 20150812
Sophos AV W32/Ramnit-A 20150814
Symantec W32.Ramnit.B!inf 20150813
TotalDefense Win32/Ramnit.C 20150814
TrendMicro PE_RAMNIT.DEN 20150814
TrendMicro-HouseCall PE_RAMNIT.DEN 20150814
VBA32 Virus.Win32.Nimnul.b 20150814
VIPRE Virus.Win32.Ramnit.b (v) 20150814
ViRobot Win32.Nimnul.A[h] 20150814
Zillya Virus.Nimnul.Win32.1 20150813
Zoner Win32.Ramnit.H 20150814
AegisLab 20150814
Alibaba 20150814
ByteHero 20150814
Qihoo-360 20150814
SUPERAntiSpyware 20150814
Tencent 20150814
TheHacker 20150814
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name wmlaunch.exe
Internal name wmlaunch.exe
File version 11.0.5721.5145 (WMP_11.061018-2006)
Description Windows Media Player Launcher
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-10-19 04:04:58
Entry Point 0x0003E000
Number of sections 5
PE sections
Overlays
MD5 107230cbdc7e0436304c56b9f087fa94
File type data
Offset 302080
Size 428
Entropy 7.45
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
TraceMessage
RegQueryValueExW
DeviceIoControl
HeapFree
LoadLibraryExW
GetDriveTypeW
GetSystemInfo
lstrlenA
GetModuleFileNameW
GetLastError
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
HeapDestroy
HeapAlloc
VirtualProtect
LoadLibraryA
RtlUnwind
GetFileAttributesW
FreeLibrary
lstrcatW
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
SizeofResource
GetWindowsDirectoryW
GetCurrentProcessId
lstrlenW
WideCharToMultiByte
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
GetStartupInfoW
Sleep
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
lstrcpynW
CompareStringW
CreateThread
LoadLibraryW
ExpandEnvironmentStringsW
GetExitCodeThread
GetModuleHandleA
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
GetCurrentThreadId
InterlockedExchange
TerminateProcess
CreateEventW
lstrcmpiW
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
InterlockedDecrement
QueryDosDeviceW
GetTickCount
CreateFileA
DebugBreak
GetVersion
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
WNetGetConnectionW
WNetCancelConnection2W
WNetAddConnection2W
SysAllocString
VarUI4FromStr
SysFreeString
SysStringLen
SysAllocStringLen
ShellExecuteExW
PathGetCharTypeA
PathGetCharTypeW
CharNextW
CharNextA
CharPrevW
_purecall
__p__fmode
malloc
__wgetmainargs
realloc
memset
wcschr
__dllonexit
_wcsicmp
towupper
_vsnwprintf
_amsg_exit
??2@YAPAXI@Z
_lock
_onexit
_wtol
exit
??_V@YAXPAX@Z
_ftol
__setusermatherr
_controlfp
_XcptFilter
_adjust_fdiv
_cexit
??_U@YAPAXI@Z
wcspbrk
_wtoi
_unlock
_wcsnicmp
__p__commode
??3@YAXPAX@Z
free
wcsncmp
_CIsqrt
memcpy
memmove
towlower
_CIpow
wcsrchr
iswdigit
_beginthreadex
bsearch
iswspace
wcsstr
_initterm
_exit
_wcmdln
__set_app_type
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
CoTaskMemFree
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
40448

ImageVersion
6.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
11.0.5721.5145

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Media Player Launcher

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
wmlaunch.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.0.5721.5145 (WMP_11.061018-2006)

TimeStamp
2006:10:19 05:04:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmlaunch.exe

ProductVersion
11.0.5721.5145

SubsystemVersion
5.1

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
203776

FileSubtype
0

ProductVersionNumber
11.0.5721.5145

EntryPoint
0x3e000

ObjectFileType
Executable application

File identification
MD5 105be875a4a7635a8f5725658a353f73
SHA1 5e622db4f1f1eac85b067813aa25b6b2c5fa7377
SHA256 c93095e6709699b3b09fa3a1ffecf6acc9d16cf8a5721b1e65d8d47837d78efe
ssdeep
3072:aYIrxIQY12CYf1yHZtqjKjWwjR5iBxNwQJQr/5q+D7UWDhLQAlJU7VPaN0Fz+rP3:yjTwjR6xvJQrQMoahlJeENxI2

authentihash 0b6d8b400bfce32fb26b49713c96d0c8fe24c9499fd29726f0fde638d1d318c0
imphash 5882a359e4983dbdc45737d08416baf3
File size 295.4 KB ( 302508 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-08-14 18:25:26 UTC ( 3 years, 9 months ago )
Last submission 2015-08-14 18:25:26 UTC ( 3 years, 9 months ago )
File names wmlaunch.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs