× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f30f7ee68c643cb7cae5bc77971602396ac1b37b3bb41c10f267cc9bafd45c45
File name: MemManDev5.exe
Detection ratio: 19 / 61
Analysis date: 2017-04-07 08:28:37 UTC ( 8 months, 1 week ago )
Antivirus Result Update
AegisLab Backdoor.W32.DarkKomet.tntk 20170407
Antiy-AVL Trojan/Win32.BTSGeneric 20170407
Avast Win32:Malware-gen 20170407
Avira (no cloud) TR/Dropper.Gen2 20170407
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170406
Comodo Application.Win32.CMDOW.a 20170407
Cyren W32/Trojan.SYGE-6877 20170407
ESET-NOD32 a variant of Win32/CMDOW.A potentially unsafe 20170407
Fortinet Riskware/CMDOW 20170407
Ikarus Trojan.Cmdow 20170407
Sophos ML trojan.win32.swrort.a 20170203
K7AntiVirus Trojan ( 00470eed1 ) 20170407
K7GW Trojan ( 00470eed1 ) 20170407
NANO-Antivirus Trojan.Win32.Cmdow.dmjuol 20170407
Qihoo-360 HEUR/QVM41.1.51C3.Malware.Gen 20170407
Rising Trojan.Generic (cloud:TCXeEJEoWWG) 20170407
TrendMicro HKTL_HIDEWIN 20170407
TrendMicro-HouseCall HKTL_HIDEWIN 20170407
Yandex Riskware.Agent! 20170406
Ad-Aware 20170407
AhnLab-V3 20170407
Alibaba 20170407
ALYac 20170407
Arcabit 20170407
AVG 20170407
AVware 20170407
BitDefender 20170407
Bkav 20170407
CAT-QuickHeal 20170407
ClamAV 20170407
CMC 20170407
CrowdStrike Falcon (ML) 20170130
DrWeb 20170407
Emsisoft 20170407
Endgame 20170407
F-Prot 20170407
F-Secure 20170407
GData 20170407
Jiangmin 20170407
Kaspersky 20170407
Kingsoft 20170407
Malwarebytes 20170407
McAfee 20170407
McAfee-GW-Edition 20170407
Microsoft 20170407
eScan 20170407
nProtect 20170407
Palo Alto Networks (Known Signatures) 20170407
Panda 20170406
SentinelOne (Static ML) 20170330
Sophos AV 20170407
SUPERAntiSpyware 20170407
Symantec 20170406
Symantec Mobile Insight 20170406
Tencent 20170407
TheHacker 20170406
Trustlook 20170407
VBA32 20170406
VIPRE 20170407
ViRobot 20170407
Webroot 20170407
WhiteArmor 20170327
Zillya 20170406
ZoneAlarm by Check Point 20170407
Zoner 20170407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-14 19:15:49
Entry Point 0x0001CAB5
Number of sections 6
PE sections
Overlays
MD5 af867328795d1d7c28fa7831375e3591
File type application/x-rar
Offset 259072
Size 53292859
Entropy 8.00
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FoldStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
DecodePointer
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
ResetEvent
FreeConsole
FindFirstFileW
SetEvent
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
Sleep
GetOEMCP
CreateHardLinkW
Number of PE resources by type
RT_STRING 10
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 23
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:14 20:15:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
188416

LinkerVersion
14.0

EntryPoint
0x1cab5

InitializedDataSize
69632

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 9c66bd00dcdf1e0289a88b41ee3f0c71
SHA1 e35315f3c595ab214143919d564dd22894d8518b
SHA256 f30f7ee68c643cb7cae5bc77971602396ac1b37b3bb41c10f267cc9bafd45c45
ssdeep
1572864:W/aNh62h8pIW9Y+Uc2iC9t/aDuiTy3tDDQ59ho:WY62Ch/p6ri2uTS

authentihash 403cd3b7f373b54474a9d9fee7e7a1a3106fcb27103a98f221be47e0c6b342d4
imphash 027ea80e8125c6dda271246922d4c3b0
File size 51.1 MB ( 53551931 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-07 08:28:37 UTC ( 8 months, 1 week ago )
Last submission 2017-04-07 08:28:37 UTC ( 8 months, 1 week ago )
File names MemManDev5.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!