× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f0728723b782017fe52fe0976316c0ade6f8fedb1b00d1b2eb403d9d41af6819
File name: 091.exe
Detection ratio: 5 / 56
Analysis date: 2015-04-01 08:51:28 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Avast Win32:Evo-gen [Susp] 20150401
AVware Trojan.Win32.Yakes.d (v) 20150401
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150401
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150331
VIPRE Trojan.Win32.Yakes.d (v) 20150401
Ad-Aware 20150401
AegisLab 20150401
Yandex 20150331
AhnLab-V3 20150331
Alibaba 20150401
ALYac 20150401
Antiy-AVL 20150401
AVG 20150401
Avira (no cloud) 20150401
Baidu-International 20150331
BitDefender 20150401
Bkav 20150331
ByteHero 20150401
CAT-QuickHeal 20150401
ClamAV 20150401
CMC 20150401
Comodo 20150401
Cyren 20150401
DrWeb 20150401
Emsisoft 20150401
ESET-NOD32 20150401
F-Prot 20150401
F-Secure 20150401
Fortinet 20150401
GData 20150401
Ikarus 20150401
Jiangmin 20150331
K7AntiVirus 20150401
K7GW 20150401
Kaspersky 20150401
Kingsoft 20150401
Malwarebytes 20150401
McAfee 20150401
McAfee-GW-Edition 20150331
Microsoft 20150401
eScan 20150401
NANO-Antivirus 20150401
Norman 20150401
nProtect 20150401
Panda 20150331
Sophos 20150331
SUPERAntiSpyware 20150401
Symantec 20150401
Tencent 20150401
TheHacker 20150330
TotalDefense 20150331
TrendMicro 20150401
TrendMicro-HouseCall 20150401
VBA32 20150331
ViRobot 20150401
Zillya 20150401
Zoner 20150330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name MMFUtil.exe
Internal name MMFUtil.exe
File version 5.1.2601.5512 (xpsp.080413-2108)
Description WMI Snapin Helpers
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-01 07:23:48
Entry Point 0x00001073
Number of sections 6
PE sections
PE imports
JetRestore2
ExitThread
SetupGetLineTextW
isalpha
sin
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
AVI 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 6
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2601.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
83968

EntryPoint
0x1073

OriginalFileName
MMFUtil.exe

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2601.5512 (xpsp.080413-2108)

TimeStamp
2015:04:01 08:23:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MMFUtil.exe

ProductVersion
5.1.2601.5512

FileDescription
WMI Snapin Helpers

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
51200

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2601.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4c7f72fc16ac8daf5237cfc4e5546ac0
SHA1 7b38c5c3ecb1c830b4a44f3561fb990c8b375b41
SHA256 f0728723b782017fe52fe0976316c0ade6f8fedb1b00d1b2eb403d9d41af6819
ssdeep
1536:G2RnxYuWF6SZ0vP9x2B8jgzBpS9tHFJdWbpH+LnhuwWOU1/ms:dRnxnWASZS9x2dzjqFJkbpUKOAms

authentihash baad971a853587679b4010fd3cba3ec4f5a6be127e5f7be50c47ef6022dc5f1f
imphash bfa6573e1da184a77772a586ec5ab4f8
File size 113.5 KB ( 116224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-01 08:07:28 UTC ( 2 years, 1 month ago )
Last submission 2015-04-22 18:56:21 UTC ( 2 years, 1 month ago )
File names 4c7f72fc16ac8daf5237cfc4e5546ac0.bin
091[1].exe.dr
pridmet5a.exe
MMFUtil.exe
091.exe
totgesa32.exe
091.exe
091_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections
UDP communications