× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fea8e081c2a162f1b8084691ae086ec1a9d78848bc805c574bb9a38dbf159641
File name: 87t5fv.exe
Detection ratio: 3 / 54
Analysis date: 2015-12-22 11:39:34 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ch 20151222
Qihoo-360 QVM19.1.Malware.Gen 20151222
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20151222
Ad-Aware 20151222
AegisLab 20151222
Yandex 20151220
AhnLab-V3 20151221
Alibaba 20151208
ALYac 20151222
Antiy-AVL 20151222
Arcabit 20151222
Avast 20151222
AVG 20151222
Avira (no cloud) 20151222
AVware 20151222
Baidu-International 20151222
BitDefender 20151222
Bkav 20151222
ByteHero 20151222
CAT-QuickHeal 20151222
ClamAV 20151222
CMC 20151217
Comodo 20151222
Cyren 20151222
DrWeb 20151222
Emsisoft 20151222
ESET-NOD32 20151222
F-Prot 20151222
F-Secure 20151222
Fortinet 20151222
GData 20151222
Ikarus 20151222
Jiangmin 20151221
K7AntiVirus 20151222
K7GW 20151222
Kaspersky 20151222
Malwarebytes 20151222
McAfee 20151222
Microsoft 20151222
eScan 20151222
NANO-Antivirus 20151222
nProtect 20151222
Panda 20151221
Sophos AV 20151222
SUPERAntiSpyware 20151222
Symantec 20151221
TheHacker 20151222
TrendMicro 20151222
TrendMicro-HouseCall 20151222
VBA32 20151221
VIPRE 20151219
ViRobot 20151222
Zillya 20151221
Zoner 20151222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name cmla2.EXE
Internal name cmla2.EXE
File version 5.3.2700.5100 (xpsp.080413-2108)
Description ????????? ???????? (Microsoft)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-08 06:13:23
Entry Point 0x00021860
Number of sections 10
PE sections
PE imports
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetConsoleFontSize
FileTimeToSystemTime
WriteConsoleInputA
MoveFileWithProgressW
GetPrivateProfileSectionNamesW
SetVolumeMountPointA
CallNamedPipeA
FillConsoleOutputCharacterW
Thread32First
VirtualAllocEx
LoadLibraryExA
VirtualFreeEx
SetTimeZoneInformation
GetConsoleCursorInfo
ContinueDebugEvent
SetProcessPriorityBoost
EnumSystemLocalesW
SetFileShortNameA
GetLogicalDrives
GetFileInformationByHandle
GetConsoleTitleA
GetCompressedFileSizeA
GetProcAddress
GetLocaleInfoW
GetProfileStringW
DecodeSystemPointer
GetFileSizeEx
GetDiskFreeSpaceW
lstrcpyA
FreeConsole
GlobalMemoryStatusEx
DuplicateHandle
MoveFileExA
EscapeCommFunction
FormatMessageW
TransmitCommChar
ReadConsoleOutputW
SetConsoleMode
CreateFileW
VirtualQuery
SetFileAttributesW
CreateFileA
LocalShrink
OutputDebugStringA
MprInfoBlockRemove
MprConfigInterfaceCreate
VarBstrFromR8
wnsprintfA
RegisterWindowMessageW
wsprintfW
wsprintfA
islower
calloc
toupper
memcpy
strftime
PdhLookupPerfNameByIndexW
PdhExpandWildCardPathW
PdhGetDefaultPerfCounterA
Number of PE resources by type
RT_ICON 5
RT_STRING 2
RT_MENU 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 11
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.3.2700.5100

UninitializedDataSize
5632

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
47104

EntryPoint
0x21860

OriginalFileName
cmla2.EXE

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.3.2700.5100 (xpsp.080413-2108)

TimeStamp
2018:07:08 07:13:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cmla2.EXE

ProductVersion
5.3.2700.5100

FileDescription
(Microsoft)

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
53248

ProductName
Microsoft Windows

ProductVersionNumber
5.3.2700.5100

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 cacb79e05cf54490a7067aa1544083fa
SHA1 f61c5cf805db286b1f5dc85dae82871b615372e9
SHA256 fea8e081c2a162f1b8084691ae086ec1a9d78848bc805c574bb9a38dbf159641
ssdeep
3072:pIxHOWb4Z8zMJs+b7I1jdiY+pz7JjIz8UiZagET6nXVK:pIEWoNzbM+BtIKZagET

authentihash 88938e2c1143fcbecb8a33c56a04b7a9e5d1219ba96f04e7ec22908aaafb4454
imphash 906011c73d5700b5af0198b450d4db2c
File size 150.0 KB ( 153600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-22 10:46:17 UTC ( 1 year, 11 months ago )
Last submission 2016-12-17 03:03:50 UTC ( 11 months, 1 week ago )
File names 87t5fv (1).exe
87t5fv_exe
87t5fv.exe
87t5fv.bad
cmla2.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications