home

wmimgmt.exe

The executable wmimgmt.exe has been detected as malware by 40 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘wmi32’.
MD5:
1f1b4ad735baed29db94ee5cb3d2f8c5

SHA-1:
797a6d76c7e477e65672c5adc52c38e740cb4d06

SHA-256:
bf7716443f3d1fa4695c1df1aa6892cce02785639914ef6dd2fddb7c57d38fc3

Scanner detections:
40 / 68

Status:
Malware

Analysis date:
4/19/2024 7:34:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Downloader.Agent.ABDP
647

Agnitum Outpost
Worm.AutoRun
7.1.1

AhnLab V3 Security
Worm/Win32.AutoRun
2014.10.03

Avira AntiVirus
TR/Patched.Ren.Gen
7.11.176.96

avast!
Win32:Malware-gen
2014.9-150428

AVG
Worm/AutoRun
2016.0.3125

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.15428

Bitdefender
Trojan.Downloader.Agent.ABDP
1.0.20.590

Bkav FE
W32.BedolabD
1.3.0.4959

Clam AntiVirus
Worm.Autorun-3020
0.98/21411

Comodo Security
Worm.Win32.Agent.UJ
19692

Dr.Web
Win32.HLLW.Autoruner.28501
9.0.1.0118

Emsisoft Anti-Malware
Trojan.Downloader.Agent.ABDP
8.15.04.28.03

ESET NOD32
Win32/AutoRun.Agent.UI
9.10504

Fortinet FortiGate
W32/Autorun.BX!worm
4/28/2015

F-Prot
W32/Autorun.XU
v6.4.7.1.166

F-Secure
Trojan.Downloader.Agent.ABDP
11.2015-28-04_3

G Data
Trojan.Downloader.Agent.ABDP
15.4.24

IKARUS anti.virus
Worm.Win32.Hilgild
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13550

Kaspersky
Worm.Win32.AutoRun
14.0.0.2122

McAfee
W32/Autorun.worm.bx
5600.6781

Microsoft Security Essentials
Worm:Win32/Hilgild!gen.A
1.11005

MicroWorld eScan
Trojan.Downloader.Agent.ABDP
16.0.0.354

NANO AntiVirus
Trojan.Win32.AutoRun.gxkfr
0.28.2.62440

Norman
Suspicious_Gen2.dam
11.20150428

nProtect
Worm/W32.AutoRun.214920
14.10.02.01

Panda Antivirus
W32/Autorun.JZJ
15.04.28.03

Qihoo 360 Security
Win32/Trojan.Downloader.a77
1.0.0.1015

Quick Heal
Worm.Hilgild.qh3
4.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.11E7B01E!300396574
23.00.65.15426

Sophos
W32/Clarbat-Gen
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Autorun
9908

Total Defense
Win32/SillyAutorun.ETG
37.0.11209

Trend Micro House Call
WORM_AUTORUN.SMV
7.2.118

Trend Micro
WORM_AUTORUN.SMV
10.465.28

Vba32 AntiVirus
Worm.AutoRun
3.12.26.3

VIPRE Antivirus
Worm.Win32.Hilgild.gena
33624

ViRobot
Worm.Win32.Autorun.214920
2011.4.7.4223

Zillya! Antivirus
Worm.AutoRun.Win32.11092
2.0.0.1941

File size:
209.9 KB (214,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\application data\wmimgmt.exe

File PE Metadata
Compilation timestamp:
9/7/2009 8:51:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:+1oqQJcHI2kiWzHNQVgd54vR5uBrKtKusdLI41Nu5Jlsp:T1cHI2kimNL7HBrKtKusu41NyJlsp

Entry address:
0x8720

Entry point:
55, 8B, EC, 81, EC, 20, 04, 00, 00, 53, 56, 57, E8, 3F, 07, 00, 00, E8, 5A, 26, 00, 00, 68, 88, 1F, 40, 00, FF, 15, A8, 10, 40, 00, 68, E8, 20, 40, 00, E8, F5, 15, 00, 00, 80, 65, FF, 00, 83, 3D, 86, 23, 40, 00, 01, 59, BB, 02, 01, 00, 00, 0F, 85, 09, 01, 00, 00, E8, 09, 07, 00, 00, 33, F6, 56, 56, 68, 00, 10, 00, 00, 68, 00, 00, 00, 08, FF, 15, E4, 11, 40, 00, A0, D8, B4, 40, 00, B9, 81, 00, 00, 00, 88, 85, E0, FB, FF, FF, 33, C0, 8D, BD, E1, FB, FF, FF, 68, 03, 01, 00, 00, F3, AB, 66, AB, AA, 8D, 85, EC...
 
[+]

Entropy:
4.6178

Developed / compiled with:
Microsoft Visual C++

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
wmi32

Command:
C:\ProgramData\application data\wmimgmt.exe


Remove wmimgmt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.