× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f18154fdb0d0620f40c392e595daf6023b6799768b50a91059e26149e977eee6
File name: Changelog_Urgent.doc.exe
Detection ratio: 23 / 46
Analysis date: 2013-03-28 13:05:32 UTC ( 1 year ago ) View latest
Antivirus Result Update
AVG SHeur4.BETV 20130328
AhnLab-V3 Trojan/Win32.Bublik 20130328
AntiVir TR/Necurs.N 20130328
Avast Win32:Malware-gen 20130328
Comodo UnclassifiedMalware 20130328
DrWeb Trojan.Necurs.97 20130328
ESET-NOD32 Win32/Cridex.AA 20130328
Emsisoft Trojan.Win32.Agent.AMN (A) 20130328
Fortinet W32/Bublik.LYZ!tr 20130328
GData Win32:Malware-gen 20130328
Ikarus Trojan.Win32.Bublik 20130328
Kaspersky Trojan.Win32.Bublik.akko 20130328
Malwarebytes Trojan.FakeMS 20130328
McAfee PWS-Zbot-FASH!E01EA945B8D0 20130328
McAfee-GW-Edition Artemis!E01EA945B8D0 20130328
Microsoft Worm:Win32/Cridex.E 20130328
PCTools Malware.Cridex 20130328
Panda Suspicious file 20130328
Sophos Troj/Cridex-BF 20130328
Symantec W32.Cridex 20130328
TrendMicro WORM_CRIDEX.GT 20130328
TrendMicro-HouseCall WORM_CRIDEX.GT 20130328
VIPRE Win32.Malware!Drop 20130328
Agnitum 20130328
Antiy-AVL 20130328
BitDefender 20130328
ByteHero 20130322
CAT-QuickHeal 20130328
ClamAV 20130328
Commtouch 20130327
F-Prot 20130327
F-Secure 20130328
Jiangmin 20130326
K7AntiVirus 20130327
Kingsoft 20130325
MicroWorld-eScan 20130328
NANO-Antivirus 20130328
Norman 20130328
Rising 20130328
SUPERAntiSpyware 20130328
TheHacker 20130327
TotalDefense 20130328
VBA32 20130328
ViRobot 20130328
eSafe 20130324
nProtect 20130328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Version 5.2.3790.0
Original name LLSMGR.EXE
Internal name LLSMGR.EXE
File version 5.2.3790.0 (srv03_rtm.030324-2048)
Description License Manager
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-06-19 19:21:12
Link date 8:21 PM 6/19/2002
Entry Point 0x00002965
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
CopyFileW
GetModuleFileNameW
GlobalFree
SetEvent
QueryPerformanceCounter
GetTickCount
GlobalUnlock
lstrlenW
GetLocalTime
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
InterlockedDecrement
DeleteFileW
GetUserDefaultLCID
InterlockedCompareExchange
lstrcpynW
CompareStringW
lstrcpyW
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GlobalLock
LocalFree
TerminateProcess
CreateEventW
CreateFileW
GlobalAlloc
lstrcatW
Sleep
GetCurrentThreadId
LocalAlloc
InterlockedIncrement
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
FindWindowA
CountClipboardFormats
_cexit
_amsg_exit
malloc
puts
__p__fmode
_exit
_adjust_fdiv
__setusermatherr
wcschr
free
wcslen
?terminate@@YAXXZ
wcstok
exit
_XcptFilter
__getmainargs
_initterm
_wtol
__p__commode
_controlfp
__set_app_type
CoUninitialize
CoInitialize
OleSetContainedObject
CoCreateInstance
StringFromCLSID
StgCreateDocfile
CoTaskMemFree
OleCreate
Number of PE resources by type
RT_STRING 23
RT_DIALOG 16
RT_ICON 3
RT_MENU 3
RT_BITMAP 3
RT_GROUP_ICON 2
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 52
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.3790.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
69632

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.3790.0 (srv03_rtm.030324-2048)

TimeStamp
2002:06:19 20:21:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LLSMGR.EXE

FileAccessDate
2013:04:29 22:40:05+01:00

ProductVersion
5.2.3790.0

FileDescription
License Manager

OSVersion
4.0

FileCreateDate
2013:04:29 22:40:05+01:00

OriginalFilename
LLSMGR.EXE

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
98304

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.2.3790.0

EntryPoint
0x2965

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e01ea945b8d055c5c115ab58749ac502
SHA1 fb43edcf45dd67a1bdd0a528cf78a58d75035893
SHA256 f18154fdb0d0620f40c392e595daf6023b6799768b50a91059e26149e977eee6
ssdeep
3072:MkX/NkIuOXypyppThuduubcoImMOB89ms:N/NxuOXyUf1u0ubXImMOB8

File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-27 18:24:36 UTC ( 1 year ago )
Last submission 2013-07-03 03:20:59 UTC ( 9 months, 2 weeks ago )
File names KB00493403.exe
e01ea945b8d055c5c115ab58749ac502
KB01148523.exe
file-5313596_exe
Changelog_Urgent_N992.doc.exe
expE.tmp.exe
Changelog.doc.exe
Changelog_Urgent_N992.doc.ex_
KB01407191.1
Changelog_Urgent.doc.exe
e01ea945b8d055c5c115ab58749ac502.exe
e01ea945b8d055c5c115ab58749ac502
LLSMGR.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections