× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: edb5ba42c85edbf30f8d9ba3da6b32093d5804ff9e27c3a6aff35ab7049f516f
File name: mmc.exe
Detection ratio: 0 / 61
Analysis date: 2017-04-25 11:57:38 UTC ( 2 days, 18 hours ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20170425
AVG 20170425
AVware 20170425
Ad-Aware 20170425
AegisLab 20170425
AhnLab-V3 20170425
Antiy-AVL 20170425
Arcabit 20170425
Avast 20170425
Avira (no cloud) 20170425
Baidu 20170424
BitDefender 20170425
CAT-QuickHeal 20170425
CMC 20170421
ClamAV 20170425
Comodo 20170425
CrowdStrike Falcon (ML) 20170130
Cyren 20170425
DrWeb 20170425
ESET-NOD32 20170425
Emsisoft 20170425
Endgame 20170419
F-Prot 20170425
F-Secure 20170425
Fortinet 20170425
GData 20170425
Ikarus 20170425
Invincea 20170413
Jiangmin 20170425
K7AntiVirus 20170425
K7GW 20170425
Kaspersky 20170425
Kingsoft 20170425
Malwarebytes 20170425
McAfee 20170425
McAfee-GW-Edition 20170425
eScan 20170425
Microsoft 20170425
NANO-Antivirus 20170425
Palo Alto Networks (Known Signatures) 20170425
Panda 20170424
Qihoo-360 20170425
Rising 20170425
SUPERAntiSpyware 20170425
SentinelOne (Static ML) 20170330
Sophos 20170425
Symantec 20170425
Tencent 20170425
TheHacker 20170424
TotalDefense 20170425
TrendMicro 20170425
TrendMicro-HouseCall 20170425
VBA32 20170421
VIPRE 20170425
ViRobot 20170425
Webroot 20170425
Yandex 20170424
Zillya 20170425
ZoneAlarm by Check Point 20170425
Zoner 20170425
nProtect 20170425
Alibaba 20170425
Symantec Mobile Insight 20170424
Trustlook 20170425
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name mmc.exe
Internal name mmc.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Microsoft Management Console
Signature verification Signed file, verified signature
Signing date 4:17 AM 7/14/2009
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Verification PCA
Valid from 9:39 PM 10/22/2008
Valid to 9:49 PM 1/22/2010
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 018B222E21FBB2952304D04D1D87F736ED46DEA4
Serial number 61 01 C6 C1 00 00 00 00 00 07
[+] Microsoft Windows Verification PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 11:03 PM 6/5/2007
Valid to 11:13 PM 6/5/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 80B9915817340CEE66D71EC27DA5F96EBF8D94D8
Serial number 61 04 CA 69 00 00 00 00 00 08
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-13 23:32:01
Entry Point 0x0003FB0E
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
SetGadgetStyle
GetGadgetRect
CreatePolygonRgn
GetTextMetricsW
TextOutW
CreateFontIndirectW
PatBlt
GetLayout
GetDeviceCaps
DeleteDC
SetLayout
PtInRegion
GetObjectW
BitBlt
FillRgn
ExtTextOutW
GetTextExtentPoint32W
RectVisible
GetStockObject
PtVisible
CreateCompatibleDC
SelectObject
CreateSolidBrush
Escape
DeleteObject
CreateCompatibleBitmap
DeactivateActCtx
HeapDestroy
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetFileTime
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
ReleaseActCtx
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
OutputDebugStringA
SetLastError
GetModuleFileNameW
HeapAlloc
LoadLibraryA
LoadLibraryExA
CreateActCtxW
GetFileMUIPath
DelayLoadFailureHook
ActivateActCtx
UnhandledExceptionFilter
FlushInstructionCache
InterlockedExchangeAdd
GetSystemDirectoryW
SetUnhandledExceptionFilter
TerminateProcess
SetCurrentDirectoryW
VirtualQuery
GetVersion
GetProcAddress
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
lstrcmpiW
LeaveCriticalSection
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
AddAtomW
GetProcessHeap
CompareStringW
lstrcpyW
GlobalReAlloc
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
lstrcmpW
ExpandEnvironmentStringsA
CreateFileW
GetCurrentThreadId
InterlockedIncrement
GetLastError
GetSystemInfo
GlobalFree
GlobalUnlock
GlobalAlloc
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
InterlockedCompareExchange
RaiseException
GetModuleHandleA
ReadFile
DeleteAtom
CloseHandle
GetModuleHandleW
GetLongPathNameW
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
Ord(6024)
Ord(4710)
Ord(2374)
Ord(3728)
Ord(3394)
Ord(4073)
Ord(6048)
Ord(2455)
Ord(4422)
Ord(2430)
Ord(4523)
Ord(3093)
Ord(940)
Ord(5214)
Ord(5061)
Ord(2373)
Ord(6278)
Ord(2873)
Ord(4494)
Ord(4335)
Ord(6057)
Ord(682)
Ord(5236)
Ord(3517)
Ord(5256)
Ord(4272)
Ord(3076)
Ord(4233)
Ord(1243)
Ord(6456)
Ord(6017)
Ord(2400)
Ord(648)
Ord(1090)
Ord(5048)
Ord(6330)
Ord(2177)
Ord(617)
Ord(6868)
Ord(3905)
Ord(4154)
Ord(4604)
Ord(5228)
Ord(4352)
Ord(2874)
Ord(1264)
Ord(5706)
Ord(543)
Ord(4431)
Ord(1767)
Ord(3568)
Ord(4584)
Ord(2532)
Ord(6316)
Ord(268)
Ord(2225)
Ord(4736)
Ord(5468)
Ord(470)
Ord(5752)
Ord(768)
Ord(6449)
Ord(3592)
Ord(3292)
Ord(2100)
Ord(985)
Ord(3579)
Ord(4418)
Ord(5784)
Ord(2641)
Ord(283)
Ord(3864)
Ord(1850)
Ord(5296)
Ord(4831)
Ord(1184)
Ord(810)
Ord(5154)
Ord(2422)
Ord(2715)
Ord(4426)
Ord(5848)
Ord(858)
Ord(5783)
Ord(4992)
Ord(4817)
Ord(4324)
Ord(2377)
Ord(3391)
Ord(5640)
Ord(4074)
Ord(5575)
Ord(4369)
Ord(4421)
Ord(6390)
Ord(4520)
Ord(5612)
Ord(3808)
Ord(2445)
Ord(3826)
Ord(5213)
Ord(4118)
Ord(4692)
Ord(2572)
Ord(4848)
Ord(501)
Ord(6185)
Ord(2391)
Ord(1937)
Ord(1229)
Ord(2385)
Ord(3793)
Ord(927)
Ord(5193)
Ord(4899)
Ord(5280)
Ord(4603)
Ord(652)
Ord(5255)
Ord(5094)
Ord(4364)
Ord(561)
Ord(5261)
Ord(6372)
Ord(3131)
Ord(3288)
Ord(3916)
Ord(4241)
Ord(4294)
Ord(613)
Ord(296)
Ord(5727)
Ord(2382)
Ord(1258)
Ord(860)
Ord(6113)
Ord(4621)
Ord(6315)
Ord(4828)
Ord(2980)
Ord(6399)
Ord(1995)
Ord(771)
Ord(4452)
Ord(5860)
Ord(496)
Ord(3744)
Ord(3281)
Ord(3167)
Ord(6168)
Ord(1900)
Ord(4717)
Ord(4539)
Ord(3494)
Ord(400)
Ord(815)
Ord(4525)
Ord(4718)
Ord(3716)
Ord(3566)
Ord(4425)
Ord(2538)
Ord(941)
Ord(4264)
Ord(5790)
Ord(6279)
Ord(6195)
Ord(3649)
Ord(4495)
Ord(1561)
Ord(2046)
Ord(3016)
Ord(825)
Ord(6188)
Ord(4457)
Ord(5251)
Ord(4273)
Ord(6004)
Ord(2858)
Ord(3344)
Ord(1215)
Ord(5935)
Ord(5047)
Ord(2862)
Ord(1941)
Ord(5499)
Ord(2176)
Ord(1644)
Ord(3366)
Ord(2504)
Ord(4998)
Ord(4282)
Ord(4157)
Ord(6451)
Ord(3654)
Ord(4607)
Ord(656)
Ord(4298)
Ord(4147)
Ord(2875)
Ord(4689)
Ord(1934)
Ord(2613)
Ord(1147)
Ord(4609)
Ord(4884)
Ord(3291)
Ord(4458)
Ord(6375)
Ord(5283)
Ord(334)
Ord(2879)
Ord(2116)
Ord(4869)
Ord(2108)
Ord(3053)
Ord(5070)
Ord(3188)
Ord(5712)
Ord(1826)
Ord(4407)
Ord(5977)
Ord(562)
Ord(3693)
Ord(1662)
Ord(986)
Ord(4419)
Ord(2857)
Ord(2640)
Ord(3865)
Ord(4018)
Ord(3490)
Ord(3254)
Ord(1165)
Ord(4451)
Ord(5155)
Ord(5273)
Ord(4582)
Ord(818)
Ord(5249)
Ord(4331)
Ord(4704)
Ord(4904)
Ord(816)
Ord(6191)
Ord(2971)
Ord(5568)
Ord(1720)
Ord(4075)
Ord(5679)
Ord(4420)
Ord(5264)
Ord(4267)
Ord(4518)
Ord(6171)
Ord(2546)
Ord(2088)
Ord(411)
Ord(1635)
Ord(4279)
Ord(5059)
Ord(6303)
Ord(6211)
Ord(2099)
Ord(988)
Ord(3629)
Ord(4270)
Ord(5239)
Ord(609)
Ord(2576)
Ord(3605)
Ord(3820)
Ord(2406)
Ord(1863)
Ord(537)
Ord(3439)
Ord(6332)
Ord(3597)
Ord(4292)
Ord(6371)
Ord(709)
Ord(2438)
Ord(4124)
Ord(4629)
Ord(4602)
Ord(4240)
Ord(2362)
Ord(5006)
Ord(4381)
Ord(755)
Ord(2606)
Ord(5436)
Ord(4433)
Ord(2383)
Ord(4616)
Ord(3282)
Ord(3697)
Ord(4462)
Ord(4788)
Ord(795)
Ord(3257)
Ord(1683)
Ord(3917)
Ord(6105)
Ord(3449)
Ord(2388)
Ord(4479)
Ord(567)
Ord(4414)
Ord(5726)
Ord(5284)
Ord(2293)
Ord(808)
Ord(4955)
Ord(4526)
Ord(2644)
Ord(5156)
Ord(5276)
Ord(540)
Ord(6466)
Ord(5592)
Ord(4253)
Ord(4186)
Ord(4078)
Ord(942)
Ord(3737)
Ord(1196)
Ord(2371)
Ord(4480)
Ord(3393)
Ord(401)
Ord(1008)
Ord(823)
Ord(6182)
Ord(3087)
Ord(2966)
Ord(5674)
Ord(2047)
Ord(1560)
Ord(5096)
Ord(2755)
Ord(1569)
Ord(5250)
Ord(3625)
Ord(3074)
Ord(4970)
Ord(4269)
Ord(2910)
Ord(6437)
Ord(5233)
Ord(6266)
Ord(4601)
Ord(5498)
Ord(975)
Ord(538)
Ord(2575)
Ord(4606)
Ord(3215)
Ord(5732)
Ord(3398)
Ord(4608)
Ord(289)
Ord(3743)
Ord(3133)
Ord(4893)
Ord(2115)
Ord(773)
Ord(4128)
Ord(5713)
Ord(472)
Ord(5871)
Ord(402)
Ord(1817)
Ord(1658)
Ord(324)
Ord(2527)
Ord(4847)
Ord(2854)
Ord(3936)
Ord(4371)
Ord(5755)
Ord(2627)
Ord(3871)
Ord(1131)
Ord(5725)
Ord(2637)
Ord(1172)
Ord(2717)
Ord(4583)
Ord(3102)
Ord(2290)
Ord(4239)
Ord(1192)
Ord(3658)
Ord(4958)
Ord(2375)
Ord(3729)
Ord(3397)
Ord(5567)
Ord(4072)
Ord(6712)
Ord(5279)
Ord(2437)
Ord(2567)
Ord(4209)
Ord(5649)
Ord(4254)
Ord(5596)
Ord(2447)
Ord(5215)
Ord(4266)
Ord(4690)
Ord(3621)
Ord(6238)
Ord(5298)
Ord(1634)
Ord(4501)
Ord(5237)
Ord(3701)
Ord(5257)
Ord(4224)
Ord(4942)
Ord(5010)
Ord(3190)
Ord(4148)
Ord(1151)
Ord(5869)
Ord(6331)
Ord(3356)
Ord(6370)
Ord(6325)
Ord(291)
Ord(2119)
Ord(4155)
Ord(4394)
Ord(915)
Ord(4605)
Ord(6379)
Ord(338)
Ord(4343)
Ord(3636)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3441)
Ord(5285)
Ord(4617)
Ord(3569)
Ord(3688)
Ord(1594)
Ord(6896)
Ord(489)
Ord(5710)
Ord(641)
Ord(4401)
Ord(1938)
Ord(4461)
Ord(3466)
Ord(4886)
Ord(1143)
Ord(4211)
Ord(384)
Ord(4229)
Ord(2294)
Ord(355)
Ord(5785)
Ord(4537)
Ord(1851)
Ord(4709)
Ord(813)
Ord(4787)
Ord(3436)
Ord(1177)
Ord(800)
Ord(5157)
Ord(6900)
Ord(3193)
Ord(6051)
Ord(3726)
Ord(2520)
Ord(3943)
Ord(1197)
Ord(5190)
Ord(6193)
Ord(2977)
Ord(3084)
Ord(4268)
Ord(803)
Ord(1567)
Ord(5095)
Ord(674)
Ord(3573)
Ord(1899)
Ord(6237)
Ord(2746)
Ord(5573)
Ord(6076)
Ord(4103)
Ord(3614)
Ord(5297)
Ord(1637)
Ord(686)
Ord(3792)
Ord(3825)
Ord(4502)
Ord(3348)
Ord(1719)
Ord(4397)
Ord(303)
Ord(1089)
Ord(3298)
Ord(5446)
Ord(2506)
Ord(3341)
Ord(4390)
Ord(976)
Ord(4347)
Ord(535)
Ord(560)
Ord(521)
Ord(1768)
Ord(6373)
Ord(3909)
Ord(4744)
Ord(2859)
Ord(1994)
Ord(5949)
Ord(702)
Ord(4459)
Ord(4435)
Ord(5303)
Ord(861)
Ord(2810)
Ord(2836)
Ord(3054)
Ord(4829)
Ord(4215)
Ord(765)
Ord(4846)
Ord(4766)
Ord(2855)
Ord(4370)
Ord(6928)
Ord(2776)
Ord(3870)
Ord(2634)
Ord(3296)
Ord(1173)
Ord(5286)
Ord(176)
Ord(225)
PathFindFileNameW
RedrawWindow
GetMessagePos
SetMenuDefaultItem
MoveWindow
DestroyMenu
GetForegroundWindow
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ChildWindowFromPointEx
GetDlgCtrlID
GetMenu
GetClassInfoW
DrawTextW
LoadImageW
GetNextDlgTabItem
CallNextHookEx
GetClientRect
ClientToScreen
GetWindowTextW
GetWindowTextLengthW
LoadAcceleratorsW
InvalidateRgn
CopyImage
PtInRect
DrawEdge
GetClassInfoExW
UpdateWindow
ShowWindow
DrawFrameControl
GetMenuState
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
SetClipboardViewer
IsWindowEnabled
GetWindow
GetIconInfo
SetParent
DestroyWindow
IsZoomed
GetWindowPlacement
LoadStringW
EnableMenuItem
TrackPopupMenuEx
DrawFocusRect
SetTimer
FillRect
EnumThreadWindows
MonitorFromPoint
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetMenuItemInfoW
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
IsIconic
BeginPaint
OffsetRect
DefWindowProcW
CopyIcon
KillTimer
MapWindowPoints
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
CharLowerW
PostMessageW
CreatePopupMenu
GetSubMenu
DrawIconEx
SetWindowTextW
GetDlgItem
BringWindowToTop
ScreenToClient
GetMenuItemCount
DestroyAcceleratorTable
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetSystemMenu
FindWindowExW
GetDC
InsertMenuW
SetForegroundWindow
NotifyWinEvent
GetMenuStringW
ReleaseDC
PrivateExtractIconsW
CreateAcceleratorTableW
GetCapture
MessageBeep
LoadMenuW
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
SendMessageW
RegisterClassExW
SetMenu
SetRectEmpty
AppendMenuW
ChangeClipboardChain
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
GetKeyState
EndDeferWindowPos
GetDoubleClickTime
DestroyIcon
IsWindowVisible
SystemParametersInfoW
UnionRect
SetRect
DeleteMenu
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
IsMenu
GetFocus
wsprintfW
TranslateAcceleratorW
UnhookWindowsHookEx
SetCursor
IsAppThemed
IsThemeActive
OpenThemeData
CloseThemeData
DrawThemeBackground
SetWindowTheme
?TraceError@@YGXPBGABVSC@mmcerror@@@Z
??8SC@mmcerror@@QBE_NABV01@@Z
?AddSnapinInterface@BookKeeping@@SG_NPAUIUnknown@@PBGAAH@Z
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?SetFunctionName@SC@mmcerror@@QAEXPBG@Z
?FromWin32@SC@mmcerror@@QAEAAV12@J@Z
?Throw@SC@mmcerror@@QAEXXZ
?TraceAndClear@SC@mmcerror@@QAEXXZ
??1SC@mmcerror@@QAE@XZ
?FindAllSnapinUIThreads@BookKeeping@@SGJPAPAKPAK@Z
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
?AddSnapin@BookKeeping@@SGJPBGAAH@Z
??0SC@mmcerror@@QAE@ABV01@@Z
?ReleaseSnapinInterface@BookKeeping@@SGJPAUIUnknown@@H@Z
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?GetErrorMessage@SC@mmcerror@@QBEXIPAG@Z
?MMCInterfaceError@BookKeeping@@SGXHPBG0@Z
??4SC@mmcerror@@QAEAAV01@J@Z
?MMC_PickIconDlg@@YGHPAUHWND__@@PAGIPAH@Z
?InterfaceMethodException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
?MMCErrorBox@@YGHPBGI@Z
??8SC@mmcerror@@QBE_NJ@Z
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?Throw@SC@mmcerror@@QAEXJ@Z
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?s_CallDepth@SC@mmcerror@@0IA
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
??0SC@mmcerror@@QAE@J@Z
?s_hWnd@SC@mmcerror@@0PAUHWND__@@A
??1?$CEventLock@UAppEvents@@@@QAE@XZ
?InvalidInterface@BookKeeping@@SGXHPBG0@Z
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
?IsError@SC@mmcerror@@QBE_NXZ
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
??9SC@mmcerror@@QBE_NJ@Z
?GetSnapinName@BookKeeping@@SGPBGH@Z
?GetStringModule@@YGPAUHINSTANCE__@@XZ
?RemoveItem@BookKeeping@@SGJPAX@Z
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
?MMCErrorBox@@YGHII@Z
??BSC@mmcerror@@QBE_NXZ
?InterfaceMethodActivationContextException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
??7SC@mmcerror@@QBEHXZ
?LoadStandardOverlays@@YGJPAU_IMAGELIST@@HPAH1@Z
InsideModalLoop
?FatalError@SC@mmcerror@@QBEXXZ
?AddRef@CMMCStrongReferences@@SGKXZ
?GetEventBuffer@@YGAAVCEventBuffer@@XZ
?ToHr@SC@mmcerror@@QBEJXZ
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?FindItem@BookKeeping@@SGPAVItemHandle@@PAX@Z
?Clear@SC@mmcerror@@QAEXXZ
?GetHelpID@SC@mmcerror@@QAEKXZ
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?MMCNullInterface@BookKeeping@@SGXHPBG0@Z
?ScSetConsoleEventDispatcher@CConsoleEventDispatcherProvider@@SG?AVSC@mmcerror@@PAVCConsoleEventDispatcher@@@Z
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?Release@CMMCStrongReferences@@SGKXZ
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?LKResult2HRESULT@BookKeeping@@SGJJ@Z
?AddItem@BookKeeping@@SGJAAVItemHandle@@@Z
?TraceSnapinError@@YGXPBGABVSC@mmcerror@@@Z
_purecall
__p__fmode
malloc
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
__wgetmainargs
??1type_info@@UAE@XZ
wcstoul
memset
wcschr
__dllonexit
__wargv
__RTDynamicCast
_wcsicmp
_ultow
realloc
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
_lock
_mbslen
_onexit
_ftol2_sse
exit
_XcptFilter
_mbsnbcnt
__setusermatherr
wcsrchr
_wcmdln
_cexit
_CxxThrowException
memmove_s
_unlock
_exit
__p__commode
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memcpy
memcpy_s
_except_handler4_common
wcsncmp
free
_callnewh
_controlfp
__CxxFrameHandler3
swscanf
_wcsnicmp
__argc
??0exception@@QAE@XZ
iswspace
wcsstr
wcstol
_initterm
_wtoi
_ltow
__set_app_type
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
OleLockRunning
OleUninitialize
DoDragDrop
StgOpenStorageOnILockBytes
StringFromGUID2
CreateStreamOnHGlobal
StringFromCLSID
CoCreateGuid
RegisterDragDrop
RevokeDragDrop
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
ProgIDFromCLSID
CoRegisterClassObject
OleInitialize
CoCreateInstance
OleRun
CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromProgID
CoFreeUnusedLibraries
GetHGlobalFromStream
CoDisconnectObject
CoGetMalloc
CoTaskMemFree
PE exports
Number of PE resources by type
RT_ICON 26
RT_BITMAP 6
RT_HTML 3
TYPELIB 2
RT_MANIFEST 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_CURSOR 1
UIFILE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 46
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
402432

ImageVersion
6.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
mmc.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 00:32:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mmc.exe

ProductVersion
6.1.7600.16385

FileDescription
Microsoft Management Console

OSVersion
6.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
998912

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x3fb0e

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 6aaf3bece2c3d17091bcef37c5a82ac0
SHA1 d63163689d0d55dd322ceb509bee63b0436946ad
SHA256 edb5ba42c85edbf30f8d9ba3da6b32093d5804ff9e27c3a6aff35ab7049f516f
ssdeep
24576:m/z+2Gpyb2JUqUQDyY4lCPwVwSJmRwlsXuejXqr6NMRDtZcGyoBn1ClhW5tz33mG:RynqUav4lCISSJmRwlsXuejXqr6NMRDt

authentihash 48fd601e9a65521fc6858a44cf679ca2b7644acbf54f1eaad6e0dae4eb65c182
imphash 6d2ed4addac7ebae62381320d82ac4c1
File size 1.3 MB ( 1401344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe signed trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with mmc.exe as its name.
VirusTotal metadata
First submission 2009-11-06 01:43:41 UTC ( 7 years, 5 months ago )
Last submission 2017-04-25 11:57:38 UTC ( 2 days, 18 hours ago )
File names mmc.exe1
mmc_exe_6aaf3bece2c3d17091bcef37c5a82ac0
498EAB6195EAECDA47EF464F15398CE75D4A648C58E742501B80142875C8C59A.exe
mmc(1430).exe
mmc.exe
a2da77.tmpscan
mmc.exe
C;_Windows_system32_mmc.exe
mmc(917).exe
mmc.exe.ubqu
mmc(419).exe
mmc.exe.90858
mmc[166846].exe
EDB5BA42C85EDBF30F8D9BA3DA6B32093D5804FF9E27C3A6AFF35AB7049F516F
mmc.exe.71259
imm-flt-69714
a54d3b6e96e5ec2b19c506ec0c33bc15fcf5c930.exe
mmc - Copy.exe
00956104.exe
6aaf3bece2c3d17091bcef37c5a82ac0
mmc.exe.47149
DB45021800BDE38E62E3152C68EBE500EEA6C2C5.exe
mmc.exe.N489
mmc(11958).exe
~vt7031.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!