× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ccc3fd07b45d285940bc931b0b0c09e1184882faaf1e288245fc4f3f523b847
File name: ntlanmbn.exe
Detection ratio: 23 / 47
Analysis date: 2013-11-11 09:38:24 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Adware/Win32.Agent 20131111
AntiVir ADWARE/GFilter.Gen2 20131111
Avast Win32:Agent-ARFM [Adw] 20131111
AVG BHO.XBQ 20131110
BitDefender Gen:Adware.Heur.em0@YzX!hPw 20131111
Comodo ApplicUnwnt.Win32.Downloader.Agent.G 20131111
DrWeb Adware.Softomate.606 20131111
Emsisoft Gen:Adware.Heur.em0@YzX!hPw (B) 20131111
ESET-NOD32 a variant of Win32/BHO.OGV 20131111
F-Prot W32/AdAgent.AN.gen!Eldorado 20131111
F-Secure Gen:Adware.Heur.em0@YzX!hPw 20131111
Fortinet Riskware/BHO 20131111
GData Gen:Adware.Heur.em0@YzX!hPw 20131111
Jiangmin Adware/Agent.iiu 20131111
K7AntiVirus Adware 20131108
Kaspersky not-a-virus:HEUR:AdWare.Win32.Agent.gen 20131111
Kingsoft Win32.Troj.Agent.ad.(kcloud) 20130829
Malwarebytes Trojan.BHO 20131111
Microsoft Trojan:Win32/Jifcapi.A 20131111
eScan Gen:Adware.Heur.em0@YzX!hPw 20131111
NANO-Antivirus Trojan.Win32.BHO.brnoim 20131111
nProtect Trojan-Clicker/W32.Agent.68608.W 20131110
VBA32 AdWare.Agent.adlt 20131111
Yandex 20131110
Antiy-AVL 20131107
Baidu-International 20131111
Bkav 20131111
ByteHero 20131111
CAT-QuickHeal 20131111
ClamAV 20131111
Commtouch 20131111
Ikarus 20131111
K7GW 20131108
McAfee 20131111
McAfee-GW-Edition 20131111
Norman 20131110
Panda 20131110
Rising 20131111
Sophos AV 20131111
SUPERAntiSpyware 20131110
Symantec 20131111
TheHacker 20131111
TotalDefense 20131108
TrendMicro 20131111
TrendMicro-HouseCall 20131111
VIPRE 20131111
ViRobot 20131111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
File version 1.0
Description
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2034-02-03 19:29:14
Entry Point 0x00008E86
Number of sections 3
PE sections
PE imports
SetSecurityDescriptorDacl
SetServiceStatus
CryptReleaseContext
RegCloseKey
StartServiceCtrlDispatcherA
CryptAcquireContextA
RegSetValueExA
CryptGetHashParam
RegQueryValueExA
RegisterServiceCtrlHandlerExA
InitializeSecurityDescriptor
GetUserNameA
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
CryptHashData
CryptDestroyHash
CryptCreateHash
GetSystemTime
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
SystemTimeToFileTime
LCMapStringW
ReleaseMutex
MapViewOfFileEx
FileTimeToSystemTime
lstrlenA
WaitForSingleObject
FreeLibrary
LCMapStringA
HeapAlloc
GetTickCount
GetThreadLocale
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetACP
FreeEnvironmentStringsA
GetComputerNameA
GetCurrentProcess
GetVolumeInformationA
EnterCriticalSection
GetEnvironmentStrings
OpenFileMappingW
GetStringTypeW
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
lstrlenW
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
HeapCreate
GetCommandLineA
GetProcAddress
HeapDestroy
GetFileTime
CreateThread
GetStringTypeA
GetModuleHandleA
lstrcmpA
ReadFile
InterlockedExchange
WriteFile
GetStartupInfoA
CloseHandle
lstrcpynA
DuplicateHandle
HeapReAlloc
MoveFileExA
GetCurrentThreadId
GetOEMCP
GetFileType
TerminateProcess
WideCharToMultiByte
SetHandleCount
FreeLibraryAndExitThread
InitializeCriticalSection
UnmapViewOfFile
VirtualFree
CreateEventA
GetEnvironmentStringsW
InterlockedDecrement
Sleep
IsBadReadPtr
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
InterlockedIncrement
StrRChrA
CharLowerA
CharUpperA
CharNextA
wvsprintfA
LoadStringA
HttpSendRequestA
InternetQueryDataAvailable
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetCheckConnectionA
InternetConnectA
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetCrackUrlA
StringFromGUID2
PE exports
Number of PE resources by type
TEXT 1
RT_VERSION 1
Number of PE resources by language
GERMAN 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
18432

EntryPoint
0x8e86

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2034:02:03 20:29:14+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
51200

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 140e0b61eedcfb7111e1c0f23663614a
SHA1 2caf0c2b182f688872208d896576de7b31344ea4
SHA256 4ccc3fd07b45d285940bc931b0b0c09e1184882faaf1e288245fc4f3f523b847
ssdeep
1536:mNMq2YrbR5oDc3/LX6c9gfiBB7ca7WaTzToXIhOQRWDtAS1i:mPBeuhYYhOQRWDtji

authentihash aa9bc6bd94b5eb10c308683b22d7df86d35a738393fe0ef5826232bd7a0d8ff7
imphash 595775e0fe200a41aedd3d116fd45258
File size 67.0 KB ( 68608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit, COFF

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-11-11 09:38:24 UTC ( 5 years, 6 months ago )
Last submission 2013-11-11 09:38:24 UTC ( 5 years, 6 months ago )
File names ntlanmbn.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0EJQ15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs