× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: edb5ba42c85edbf30f8d9ba3da6b32093d5804ff9e27c3a6aff35ab7049f516f
File name: mmc.exe
Detection ratio: 0 / 64
Analysis date: 2017-07-21 07:09:08 UTC ( 4 days, 13 hours ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20170721
AVG 20170721
AVware 20170721
Ad-Aware 20170721
AegisLab 20170721
AhnLab-V3 20170721
Antiy-AVL 20170721
Arcabit 20170721
Avast 20170721
Avira (no cloud) 20170720
Baidu 20170721
BitDefender 20170721
Bkav 20170720
CAT-QuickHeal 20170721
CMC 20170721
ClamAV 20170721
Comodo 20170721
CrowdStrike Falcon (ML) 20170710
Cylance 20170721
Cyren 20170721
DrWeb 20170721
ESET-NOD32 20170721
Emsisoft 20170721
Endgame 20170713
F-Prot 20170721
F-Secure 20170721
Fortinet 20170721
GData 20170721
Ikarus 20170720
Sophos ML 20170607
Jiangmin 20170721
K7AntiVirus 20170721
K7GW 20170721
Kaspersky 20170721
Kingsoft 20170721
MAX 20170721
Malwarebytes 20170721
McAfee 20170721
McAfee-GW-Edition 20170721
eScan 20170720
Microsoft 20170721
NANO-Antivirus 20170721
Palo Alto Networks (Known Signatures) 20170721
Panda 20170720
Qihoo-360 20170721
Rising 20170721
SUPERAntiSpyware 20170721
SentinelOne (Static ML) 20170718
Sophos AV 20170721
Symantec 20170721
Tencent 20170721
TheHacker 20170719
TotalDefense 20170721
TrendMicro 20170721
TrendMicro-HouseCall 20170721
VBA32 20170720
VIPRE 20170721
ViRobot 20170721
Webroot 20170721
Yandex 20170721
Zillya 20170720
ZoneAlarm by Check Point 20170721
Zoner 20170721
nProtect 20170721
Alibaba 20170721
Symantec Mobile Insight 20170720
Trustlook 20170721
WhiteArmor 20170713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name mmc.exe
Internal name mmc.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Microsoft Management Console
Signature verification Signed file, verified signature
Signing date 4:17 AM 7/14/2009
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Verification PCA
Valid from 9:39 PM 10/22/2008
Valid to 9:49 PM 1/22/2010
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 018B222E21FBB2952304D04D1D87F736ED46DEA4
Serial number 61 01 C6 C1 00 00 00 00 00 07
[+] Microsoft Windows Verification PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 11:03 PM 6/5/2007
Valid to 11:13 PM 6/5/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 80B9915817340CEE66D71EC27DA5F96EBF8D94D8
Serial number 61 04 CA 69 00 00 00 00 00 08
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-13 23:32:01
Entry Point 0x0003FB0E
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
SetGadgetStyle
GetGadgetRect
CreatePolygonRgn
GetTextMetricsW
TextOutW
CreateFontIndirectW
PatBlt
GetLayout
GetDeviceCaps
DeleteDC
SetLayout
PtInRegion
GetObjectW
BitBlt
FillRgn
ExtTextOutW
GetTextExtentPoint32W
RectVisible
GetStockObject
PtVisible
CreateCompatibleDC
SelectObject
CreateSolidBrush
Escape
DeleteObject
CreateCompatibleBitmap
DeactivateActCtx
HeapDestroy
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetFileTime
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
ReleaseActCtx
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
OutputDebugStringA
SetLastError
GetModuleFileNameW
HeapAlloc
LoadLibraryA
LoadLibraryExA
CreateActCtxW
GetFileMUIPath
DelayLoadFailureHook
ActivateActCtx
UnhandledExceptionFilter
FlushInstructionCache
InterlockedExchangeAdd
GetSystemDirectoryW
SetUnhandledExceptionFilter
TerminateProcess
SetCurrentDirectoryW
VirtualQuery
GetVersion
GetProcAddress
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
lstrcmpiW
LeaveCriticalSection
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
AddAtomW
GetProcessHeap
CompareStringW
lstrcpyW
GlobalReAlloc
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
lstrcmpW
ExpandEnvironmentStringsA
CreateFileW
GetCurrentThreadId
InterlockedIncrement
GetLastError
GetSystemInfo
GlobalFree
GlobalUnlock
GlobalAlloc
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
InterlockedCompareExchange
RaiseException
GetModuleHandleA
ReadFile
DeleteAtom
CloseHandle
GetModuleHandleW
GetLongPathNameW
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
Ord(6024)
Ord(4710)
Ord(2374)
Ord(3728)
Ord(3394)
Ord(4073)
Ord(6048)
Ord(2455)
Ord(4422)
Ord(2430)
Ord(4523)
Ord(3093)
Ord(940)
Ord(5214)
Ord(5061)
Ord(2373)
Ord(6278)
Ord(2873)
Ord(4494)
Ord(4335)
Ord(6057)
Ord(682)
Ord(5236)
Ord(3517)
Ord(5256)
Ord(4272)
Ord(3076)
Ord(4233)
Ord(1243)
Ord(6456)
Ord(6017)
Ord(2400)
Ord(648)
Ord(1090)
Ord(5048)
Ord(6330)
Ord(2177)
Ord(617)
Ord(6868)
Ord(3905)
Ord(4154)
Ord(4604)
Ord(5228)
Ord(4352)
Ord(2874)
Ord(1264)
Ord(5706)
Ord(543)
Ord(4431)
Ord(1767)
Ord(3568)
Ord(4584)
Ord(2532)
Ord(6316)
Ord(268)
Ord(2225)
Ord(4736)
Ord(5468)
Ord(470)
Ord(5752)
Ord(768)
Ord(6449)
Ord(3592)
Ord(3292)
Ord(2100)
Ord(985)
Ord(3579)
Ord(4418)
Ord(5784)
Ord(2641)
Ord(283)
Ord(3864)
Ord(1850)
Ord(5296)
Ord(4831)
Ord(1184)
Ord(810)
Ord(5154)
Ord(2422)
Ord(2715)
Ord(4426)
Ord(5848)
Ord(858)
Ord(5783)
Ord(4992)
Ord(4817)
Ord(4324)
Ord(2377)
Ord(3391)
Ord(5640)
Ord(4074)
Ord(5575)
Ord(4369)
Ord(4421)
Ord(6390)
Ord(4520)
Ord(5612)
Ord(3808)
Ord(2445)
Ord(3826)
Ord(5213)
Ord(4118)
Ord(4692)
Ord(2572)
Ord(4848)
Ord(501)
Ord(6185)
Ord(2391)
Ord(1937)
Ord(1229)
Ord(2385)
Ord(3793)
Ord(927)
Ord(5193)
Ord(4899)
Ord(5280)
Ord(4603)
Ord(652)
Ord(5255)
Ord(5094)
Ord(4364)
Ord(561)
Ord(5261)
Ord(6372)
Ord(3131)
Ord(3288)
Ord(3916)
Ord(4241)
Ord(4294)
Ord(613)
Ord(296)
Ord(5727)
Ord(2382)
Ord(1258)
Ord(860)
Ord(6113)
Ord(4621)
Ord(6315)
Ord(4828)
Ord(2980)
Ord(6399)
Ord(1995)
Ord(771)
Ord(4452)
Ord(5860)
Ord(496)
Ord(3744)
Ord(3281)
Ord(3167)
Ord(6168)
Ord(1900)
Ord(4717)
Ord(4539)
Ord(3494)
Ord(400)
Ord(815)
Ord(4525)
Ord(4718)
Ord(3716)
Ord(3566)
Ord(4425)
Ord(2538)
Ord(941)
Ord(4264)
Ord(5790)
Ord(6279)
Ord(6195)
Ord(3649)
Ord(4495)
Ord(1561)
Ord(2046)
Ord(3016)
Ord(825)
Ord(6188)
Ord(4457)
Ord(5251)
Ord(4273)
Ord(6004)
Ord(2858)
Ord(3344)
Ord(1215)
Ord(5935)
Ord(5047)
Ord(2862)
Ord(1941)
Ord(5499)
Ord(2176)
Ord(1644)
Ord(3366)
Ord(2504)
Ord(4998)
Ord(4282)
Ord(4157)
Ord(6451)
Ord(3654)
Ord(4607)
Ord(656)
Ord(4298)
Ord(4147)
Ord(2875)
Ord(4689)
Ord(1934)
Ord(2613)
Ord(1147)
Ord(4609)
Ord(4884)
Ord(3291)
Ord(4458)
Ord(6375)
Ord(5283)
Ord(334)
Ord(2879)
Ord(2116)
Ord(4869)
Ord(2108)
Ord(3053)
Ord(5070)
Ord(3188)
Ord(5712)
Ord(1826)
Ord(4407)
Ord(5977)
Ord(562)
Ord(3693)
Ord(1662)
Ord(986)
Ord(4419)
Ord(2857)
Ord(2640)
Ord(3865)
Ord(4018)
Ord(3490)
Ord(3254)
Ord(1165)
Ord(4451)
Ord(5155)
Ord(5273)
Ord(4582)
Ord(818)
Ord(5249)
Ord(4331)
Ord(4704)
Ord(4904)
Ord(816)
Ord(6191)
Ord(2971)
Ord(5568)
Ord(1720)
Ord(4075)
Ord(5679)
Ord(4420)
Ord(5264)
Ord(4267)
Ord(4518)
Ord(6171)
Ord(2546)
Ord(2088)
Ord(411)
Ord(1635)
Ord(4279)
Ord(5059)
Ord(6303)
Ord(6211)
Ord(2099)
Ord(988)
Ord(3629)
Ord(4270)
Ord(5239)
Ord(609)
Ord(2576)
Ord(3605)
Ord(3820)
Ord(2406)
Ord(1863)
Ord(537)
Ord(3439)
Ord(6332)
Ord(3597)
Ord(4292)
Ord(6371)
Ord(709)
Ord(2438)
Ord(4124)
Ord(4629)
Ord(4602)
Ord(4240)
Ord(2362)
Ord(5006)
Ord(4381)
Ord(755)
Ord(2606)
Ord(5436)
Ord(4433)
Ord(2383)
Ord(4616)
Ord(3282)
Ord(3697)
Ord(4462)
Ord(4788)
Ord(795)
Ord(3257)
Ord(1683)
Ord(3917)
Ord(6105)
Ord(3449)
Ord(2388)
Ord(4479)
Ord(567)
Ord(4414)
Ord(5726)
Ord(5284)
Ord(2293)
Ord(808)
Ord(4955)
Ord(4526)
Ord(2644)
Ord(5156)
Ord(5276)
Ord(540)
Ord(6466)
Ord(5592)
Ord(4253)
Ord(4186)
Ord(4078)
Ord(942)
Ord(3737)
Ord(1196)
Ord(2371)
Ord(4480)
Ord(3393)
Ord(401)
Ord(1008)
Ord(823)
Ord(6182)
Ord(3087)
Ord(2966)
Ord(5674)
Ord(2047)
Ord(1560)
Ord(5096)
Ord(2755)
Ord(1569)
Ord(5250)
Ord(3625)
Ord(3074)
Ord(4970)
Ord(4269)
Ord(2910)
Ord(6437)
Ord(5233)
Ord(6266)
Ord(4601)
Ord(5498)
Ord(975)
Ord(538)
Ord(2575)
Ord(4606)
Ord(3215)
Ord(5732)
Ord(3398)
Ord(4608)
Ord(289)
Ord(3743)
Ord(3133)
Ord(4893)
Ord(2115)
Ord(773)
Ord(4128)
Ord(5713)
Ord(472)
Ord(5871)
Ord(402)
Ord(1817)
Ord(1658)
Ord(324)
Ord(2527)
Ord(4847)
Ord(2854)
Ord(3936)
Ord(4371)
Ord(5755)
Ord(2627)
Ord(3871)
Ord(1131)
Ord(5725)
Ord(2637)
Ord(1172)
Ord(2717)
Ord(4583)
Ord(3102)
Ord(2290)
Ord(4239)
Ord(1192)
Ord(3658)
Ord(4958)
Ord(2375)
Ord(3729)
Ord(3397)
Ord(5567)
Ord(4072)
Ord(6712)
Ord(5279)
Ord(2437)
Ord(2567)
Ord(4209)
Ord(5649)
Ord(4254)
Ord(5596)
Ord(2447)
Ord(5215)
Ord(4266)
Ord(4690)
Ord(3621)
Ord(6238)
Ord(5298)
Ord(1634)
Ord(4501)
Ord(5237)
Ord(3701)
Ord(5257)
Ord(4224)
Ord(4942)
Ord(5010)
Ord(3190)
Ord(4148)
Ord(1151)
Ord(5869)
Ord(6331)
Ord(3356)
Ord(6370)
Ord(6325)
Ord(291)
Ord(2119)
Ord(4155)
Ord(4394)
Ord(915)
Ord(4605)
Ord(6379)
Ord(338)
Ord(4343)
Ord(3636)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3441)
Ord(5285)
Ord(4617)
Ord(3569)
Ord(3688)
Ord(1594)
Ord(6896)
Ord(489)
Ord(5710)
Ord(641)
Ord(4401)
Ord(1938)
Ord(4461)
Ord(3466)
Ord(4886)
Ord(1143)
Ord(4211)
Ord(384)
Ord(4229)
Ord(2294)
Ord(355)
Ord(5785)
Ord(4537)
Ord(1851)
Ord(4709)
Ord(813)
Ord(4787)
Ord(3436)
Ord(1177)
Ord(800)
Ord(5157)
Ord(6900)
Ord(3193)
Ord(6051)
Ord(3726)
Ord(2520)
Ord(3943)
Ord(1197)
Ord(5190)
Ord(6193)
Ord(2977)
Ord(3084)
Ord(4268)
Ord(803)
Ord(1567)
Ord(5095)
Ord(674)
Ord(3573)
Ord(1899)
Ord(6237)
Ord(2746)
Ord(5573)
Ord(6076)
Ord(4103)
Ord(3614)
Ord(5297)
Ord(1637)
Ord(686)
Ord(3792)
Ord(3825)
Ord(4502)
Ord(3348)
Ord(1719)
Ord(4397)
Ord(303)
Ord(1089)
Ord(3298)
Ord(5446)
Ord(2506)
Ord(3341)
Ord(4390)
Ord(976)
Ord(4347)
Ord(535)
Ord(560)
Ord(521)
Ord(1768)
Ord(6373)
Ord(3909)
Ord(4744)
Ord(2859)
Ord(1994)
Ord(5949)
Ord(702)
Ord(4459)
Ord(4435)
Ord(5303)
Ord(861)
Ord(2810)
Ord(2836)
Ord(3054)
Ord(4829)
Ord(4215)
Ord(765)
Ord(4846)
Ord(4766)
Ord(2855)
Ord(4370)
Ord(6928)
Ord(2776)
Ord(3870)
Ord(2634)
Ord(3296)
Ord(1173)
Ord(5286)
Ord(176)
Ord(225)
PathFindFileNameW
RedrawWindow
GetMessagePos
SetMenuDefaultItem
MoveWindow
DestroyMenu
GetForegroundWindow
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ChildWindowFromPointEx
GetDlgCtrlID
GetMenu
GetClassInfoW
DrawTextW
LoadImageW
GetNextDlgTabItem
CallNextHookEx
GetClientRect
ClientToScreen
GetWindowTextW
GetWindowTextLengthW
LoadAcceleratorsW
InvalidateRgn
CopyImage
PtInRect
DrawEdge
GetClassInfoExW
UpdateWindow
ShowWindow
DrawFrameControl
GetMenuState
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
SetClipboardViewer
IsWindowEnabled
GetWindow
GetIconInfo
SetParent
DestroyWindow
IsZoomed
GetWindowPlacement
LoadStringW
EnableMenuItem
TrackPopupMenuEx
DrawFocusRect
SetTimer
FillRect
EnumThreadWindows
MonitorFromPoint
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetMenuItemInfoW
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
IsIconic
BeginPaint
OffsetRect
DefWindowProcW
CopyIcon
KillTimer
MapWindowPoints
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
CharLowerW
PostMessageW
CreatePopupMenu
GetSubMenu
DrawIconEx
SetWindowTextW
GetDlgItem
BringWindowToTop
ScreenToClient
GetMenuItemCount
DestroyAcceleratorTable
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetSystemMenu
FindWindowExW
GetDC
InsertMenuW
SetForegroundWindow
NotifyWinEvent
GetMenuStringW
ReleaseDC
PrivateExtractIconsW
CreateAcceleratorTableW
GetCapture
MessageBeep
LoadMenuW
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
SendMessageW
RegisterClassExW
SetMenu
SetRectEmpty
AppendMenuW
ChangeClipboardChain
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
GetKeyState
EndDeferWindowPos
GetDoubleClickTime
DestroyIcon
IsWindowVisible
SystemParametersInfoW
UnionRect
SetRect
DeleteMenu
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
IsMenu
GetFocus
wsprintfW
TranslateAcceleratorW
UnhookWindowsHookEx
SetCursor
IsAppThemed
IsThemeActive
OpenThemeData
CloseThemeData
DrawThemeBackground
SetWindowTheme
?TraceError@@YGXPBGABVSC@mmcerror@@@Z
??8SC@mmcerror@@QBE_NABV01@@Z
?AddSnapinInterface@BookKeeping@@SG_NPAUIUnknown@@PBGAAH@Z
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?SetFunctionName@SC@mmcerror@@QAEXPBG@Z
?FromWin32@SC@mmcerror@@QAEAAV12@J@Z
?Throw@SC@mmcerror@@QAEXXZ
?TraceAndClear@SC@mmcerror@@QAEXXZ
??1SC@mmcerror@@QAE@XZ
?FindAllSnapinUIThreads@BookKeeping@@SGJPAPAKPAK@Z
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
?AddSnapin@BookKeeping@@SGJPBGAAH@Z
??0SC@mmcerror@@QAE@ABV01@@Z
?ReleaseSnapinInterface@BookKeeping@@SGJPAUIUnknown@@H@Z
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?GetErrorMessage@SC@mmcerror@@QBEXIPAG@Z
?MMCInterfaceError@BookKeeping@@SGXHPBG0@Z
??4SC@mmcerror@@QAEAAV01@J@Z
?MMC_PickIconDlg@@YGHPAUHWND__@@PAGIPAH@Z
?InterfaceMethodException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
?MMCErrorBox@@YGHPBGI@Z
??8SC@mmcerror@@QBE_NJ@Z
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?Throw@SC@mmcerror@@QAEXJ@Z
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?s_CallDepth@SC@mmcerror@@0IA
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
??0SC@mmcerror@@QAE@J@Z
?s_hWnd@SC@mmcerror@@0PAUHWND__@@A
??1?$CEventLock@UAppEvents@@@@QAE@XZ
?InvalidInterface@BookKeeping@@SGXHPBG0@Z
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
?IsError@SC@mmcerror@@QBE_NXZ
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
??9SC@mmcerror@@QBE_NJ@Z
?GetSnapinName@BookKeeping@@SGPBGH@Z
?GetStringModule@@YGPAUHINSTANCE__@@XZ
?RemoveItem@BookKeeping@@SGJPAX@Z
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
?MMCErrorBox@@YGHII@Z
??BSC@mmcerror@@QBE_NXZ
?InterfaceMethodActivationContextException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
??7SC@mmcerror@@QBEHXZ
?LoadStandardOverlays@@YGJPAU_IMAGELIST@@HPAH1@Z
InsideModalLoop
?FatalError@SC@mmcerror@@QBEXXZ
?AddRef@CMMCStrongReferences@@SGKXZ
?GetEventBuffer@@YGAAVCEventBuffer@@XZ
?ToHr@SC@mmcerror@@QBEJXZ
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?FindItem@BookKeeping@@SGPAVItemHandle@@PAX@Z
?Clear@SC@mmcerror@@QAEXXZ
?GetHelpID@SC@mmcerror@@QAEKXZ
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?MMCNullInterface@BookKeeping@@SGXHPBG0@Z
?ScSetConsoleEventDispatcher@CConsoleEventDispatcherProvider@@SG?AVSC@mmcerror@@PAVCConsoleEventDispatcher@@@Z
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?Release@CMMCStrongReferences@@SGKXZ
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?LKResult2HRESULT@BookKeeping@@SGJJ@Z
?AddItem@BookKeeping@@SGJAAVItemHandle@@@Z
?TraceSnapinError@@YGXPBGABVSC@mmcerror@@@Z
_purecall
__p__fmode
malloc
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
__wgetmainargs
??1type_info@@UAE@XZ
wcstoul
memset
wcschr
__dllonexit
__wargv
__RTDynamicCast
_wcsicmp
_ultow
realloc
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
_lock
_mbslen
_onexit
_ftol2_sse
exit
_XcptFilter
_mbsnbcnt
__setusermatherr
wcsrchr
_wcmdln
_cexit
_CxxThrowException
memmove_s
_unlock
_exit
__p__commode
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memcpy
memcpy_s
_except_handler4_common
wcsncmp
free
_callnewh
_controlfp
__CxxFrameHandler3
swscanf
_wcsnicmp
__argc
??0exception@@QAE@XZ
iswspace
wcsstr
wcstol
_initterm
_wtoi
_ltow
__set_app_type
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
OleLockRunning
OleUninitialize
DoDragDrop
StgOpenStorageOnILockBytes
StringFromGUID2
CreateStreamOnHGlobal
StringFromCLSID
CoCreateGuid
RegisterDragDrop
RevokeDragDrop
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
ProgIDFromCLSID
CoRegisterClassObject
OleInitialize
CoCreateInstance
OleRun
CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromProgID
CoFreeUnusedLibraries
GetHGlobalFromStream
CoDisconnectObject
CoGetMalloc
CoTaskMemFree
PE exports
Number of PE resources by type
RT_ICON 26
RT_BITMAP 6
RT_HTML 3
TYPELIB 2
RT_MANIFEST 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_VERSION 1
RT_CURSOR 1
MUI 1
UIFILE 1
Number of PE resources by language
ENGLISH US 46
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
402432

EntryPoint
0x3fb0e

OriginalFileName
mmc.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 00:32:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mmc.exe

ProductVersion
6.1.7600.16385

FileDescription
Microsoft Management Console

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
998912

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 6aaf3bece2c3d17091bcef37c5a82ac0
SHA1 d63163689d0d55dd322ceb509bee63b0436946ad
SHA256 edb5ba42c85edbf30f8d9ba3da6b32093d5804ff9e27c3a6aff35ab7049f516f
ssdeep
24576:m/z+2Gpyb2JUqUQDyY4lCPwVwSJmRwlsXuejXqr6NMRDtZcGyoBn1ClhW5tz33mG:RynqUav4lCISSJmRwlsXuejXqr6NMRDt

authentihash 48fd601e9a65521fc6858a44cf679ca2b7644acbf54f1eaad6e0dae4eb65c182
imphash 6d2ed4addac7ebae62381320d82ac4c1
File size 1.3 MB ( 1401344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe signed trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with mmc.exe as its name.
VirusTotal metadata
First submission 2009-11-06 01:43:41 UTC ( 7 years, 8 months ago )
Last submission 2017-07-21 07:09:08 UTC ( 4 days, 13 hours ago )
File names a2da77.tmpscan
mmc.exe
old666e.tmp
mmc.exe.47149
mmc.exe
imm-flt-582985691
d63163689d0d55dd322ceb509bee63b0436946ad.exe
c;_windows_system32_mmc.exe
6aaf3bece2c3d17091bcef37c5a82ac0
mmc(9373).exe
mmc.exe.mui
ffa9b.tmpscan
f77de2.tmpscan
myfile.exe
mmc(138).exe
MMC.EXE
mmc-{4b3334b3-9849-41f5-9d81-491efdc84dfb}-v2911264.exe
a43eb1.tmpscan
mmc(1627).exe
mmc.exe.66405
mmc.exe.63756
mmc.exe.63228
02355984.exe
mmc.exe
C;_Windows_system32_mmc.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!