× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 086d1998340af13b3362ae0e1d285a42cac9a51a87b36854221c1d138b496b8d
File name: output.114612130.txt
Detection ratio: 46 / 66
Analysis date: 2018-12-05 15:02:55 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKD.31392283 20181205
AegisLab Trojan.Win32.Emotet.4!c 20181205
AhnLab-V3 Trojan/Win32.Banki.R247004 20181205
ALYac Trojan.Agent.Emotet 20181205
Arcabit Trojan.Autoruns.Generic.D1DF021B 20181205
Avast Win32:MalwareX-gen [Trj] 20181205
AVG Win32:MalwareX-gen [Trj] 20181205
BitDefender Trojan.Autoruns.GenericKD.31392283 20181205
ClamAV Win.Malware.Emotet-6766201-0 20181203
Comodo Malware@#2a6s4vhk53x0 20181205
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181205
Cyren W32/Emotet.JZ.gen!Eldorado 20181205
DrWeb Trojan.Emotet.508 20181205
Emsisoft Trojan.Autoruns.GenericKD.31392283 (B) 20181205
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20181205
F-Prot W32/Emotet.JZ.gen!Eldorado 20181205
F-Secure Trojan.Autoruns.GenericKD.31392283 20181205
Fortinet W32/Emotet.ANT!tr 20181205
GData Trojan.Autoruns.GenericKD.31392283 20181205
Ikarus P2P-Worm.Win32.Palevo 20181205
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0053b6a31 ) 20181205
K7GW Trojan ( 0054286f1 ) 20181205
Kaspersky Trojan-Banker.Win32.Emotet.btdy 20181204
Malwarebytes Trojan.Emotet 20181205
MAX malware (ai score=100) 20181205
McAfee RDN/Generic.grp 20181205
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20181205
Microsoft Trojan:Win32/Vigorf.A 20181205
eScan Trojan.Autoruns.GenericKD.31392283 20181205
Palo Alto Networks (Known Signatures) generic.ml 20181205
Panda Trj/RnkBend.A 20181204
Qihoo-360 Win32/Trojan.914 20181205
Rising Trojan.Emotet!8.B95 (CLOUD) 20181205
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/Emotet-ANT 20181205
Symantec Trojan.Gen.2 20181205
TACHYON Trojan/W32.Emotet.139264 20181205
Trapmine malicious.high.ml.score 20181128
TrendMicro TSPY_EMOTET.THABOCAH 20181205
TrendMicro-HouseCall TSPY_EMOTET.THABOCAH 20181205
VBA32 BScope.Trojan.Emotet 20181205
ViRobot Trojan.Win32.S.Emotet.139264.B 20181205
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.btdy 20181205
Alibaba 20180921
Antiy-AVL 20181205
Avast-Mobile 20181205
Avira (no cloud) 20181205
Babable 20180918
Baidu 20181205
Bkav 20181203
CAT-QuickHeal 20181205
CMC 20181204
eGambit 20181205
Jiangmin 20181205
Kingsoft 20181205
NANO-Antivirus 20181205
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
Tencent 20181205
TheHacker 20181202
Trustlook 20181205
Yandex 20181204
Zillya 20181204
Zoner 20181205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007 Nexon Corp.

Product NexonMessenger Game Service
Original name nmcogame.dll
Internal name nmcogame
File version 2, 5, 24, 0
Description NexonMessenger Game Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-08-21 02:59:10
Entry Point 0x00001F33
Number of sections 7
PE sections
PE imports
CreatePrivateObjectSecurityWithMultipleInheritance
JetIntersectIndexes
PlayMetaFile
SetTextCharacterExtra
StrokePath
GetEnhMetaFilePaletteEntries
WriteTapemark
SetFileIoOverlappedRange
CompareFileTime
GetFileSize
CreateFileW
GetCommandLineW
WriteConsoleOutputCharacterA
ConvertDefaultLocale
GetFileType
SetConsoleCursorInfo
GetUserDefaultLCID
SetProcessPriorityBoost
DeleteTimerQueue
SysReAllocStringLen
SetupTermDefaultQueueCallback
PathUndecorateA
CountClipboardFormats
GetWindowRect
IsMenu
GetPhysicalCursorPos
FindWindowA
DrawCaption
Number of PE resources by type
RT_STRING 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
KOREAN 2
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.5.24.0

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
NexonMessenger Game Service

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1f33

OriginalFileName
nmcogame.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007 Nexon Corp.

FileVersion
2, 5, 24, 0

TimeStamp
2007:08:21 04:59:10+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
nmcogame

ProductVersion
2, 5, 24, 0

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nexon Corp.

CodeSize
8192

ProductName
NexonMessenger Game Service

ProductVersionNumber
2.5.24.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e2bb38391da8b74817014e69191fd70f
SHA1 a446a7feee3ff9ec012946e5588fb79a6d7ec25b
SHA256 086d1998340af13b3362ae0e1d285a42cac9a51a87b36854221c1d138b496b8d
ssdeep
1536:IGiK1cMbvNQkUB+VjrC8iwGtr8IwFnfXRmKtlmBsOboLlVDu87NpHi13EKVWDpiq:IGBNzlVotVw1fRdljOboJVDadI4q

authentihash b4efbfa4472c249c5548400b96936395426a04a057cdb5a687eae00b5a686098
imphash 91eface0e48a86777050364063310b81
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-02 13:55:46 UTC ( 2 months, 2 weeks ago )
Last submission 2018-12-11 19:46:29 UTC ( 2 months, 1 week ago )
File names nmcogame.dll
output.114612130.txt
nmcogame
006348.exe
381202.exe
6.exe
2563.exe
3175.exe
output.114613066.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!