× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 088f40a7a52635ff19e80c62883977d94dd5835e85739e19504f7437d296760b
File name: wnhelp.exe
Detection ratio: 0 / 43
Analysis date: 2011-02-16 14:11:57 UTC ( 8 years, 1 month ago ) View latest
Antivirus Result Update
AhnLab-V3 20110214
AntiVir 20110216
Antiy-AVL 20110216
Avast 20110216
Avast5 20110216
AVG 20110216
BitDefender 20110216
CAT-QuickHeal 20110216
ClamAV 20110216
Commtouch 20110216
Comodo 20110216
DrWeb 20110216
Emsisoft 20110216
eSafe 20110216
eTrust-Vet 20110216
F-Prot 20110215
F-Secure 20110216
Fortinet 20110216
GData 20110216
Ikarus 20110216
Jiangmin 20110216
K7AntiVirus 20110216
Kaspersky 20110216
McAfee 20110216
McAfee-GW-Edition 20110216
Microsoft 20110216
NOD32 20110216
Norman 20110215
nProtect 20110215
Panda 20110215
PCTools 20110216
Prevx 20110216
Rising 20110216
Sophos AV 20110216
SUPERAntiSpyware 20110216
Symantec 20110216
TheHacker 20110215
TrendMicro 20110216
TrendMicro-HouseCall 20110215
VBA32 20110216
VIPRE 20110216
ViRobot 20110216
VirusBuster 20110215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-12 20:37:51
Entry Point 0x00025650
Number of sections 5
PE sections
PE imports
CloseServiceHandle
ChangeServiceConfig2W
StartServiceW
OpenProcessToken
GetUserNameW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerW
OpenServiceW
AdjustTokenPrivileges
StartServiceCtrlDispatcherW
LookupPrivilegeValueW
DeleteService
CreateServiceW
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
CreateEventW
TlsGetValue
SetLastError
InitializeCriticalSection
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetDateFormatA
OpenProcess
GetStartupInfoW
ReadProcessMemory
GetProcAddress
GetProcessHeap
CompareStringW
GetTimeFormatA
FreeConsole
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
EnumProcesses
GetProcessImageFileNameW
Ord(680)
wsprintfW
OleInitialize
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:10:12 21:37:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
237568

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x25650

InitializedDataSize
64000

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 c86327222d873fb4e12900a5cadcb849
SHA1 b1983db46e0cb4687e4c55b64c4d8d53551877fa
SHA256 088f40a7a52635ff19e80c62883977d94dd5835e85739e19504f7437d296760b
ssdeep
6144:5GM9f8BHPlmg2XR2j0mYHLptiVK0LZV3C5:5x98HPlmg6R2j0mYF4VRLZtq

authentihash 0ce90ba0d06e02ac59a7d97881f0f864e0d1684dd264cf6aa50ceead68064994
imphash 36f45b4fc28024edaa6b07d01662b07e
File size 295.5 KB ( 302592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2011-02-16 14:11:57 UTC ( 8 years, 1 month ago )
Last submission 2018-10-16 04:40:23 UTC ( 5 months ago )
File names 25793961
wnhelp1.exe
output.17584094.txt
wnhelp.exe
vti-rescan
154_05_19_2017_22_42_40_wnhelp.exe.malware
MlyManager.exe
wnhelp.exe
vt-upload-EsMlw
81c1d808556ab7e61e5aab99ab3577f1302592.exe
17584094
wnhelp [1-31855].exe
r12.exe
file-3273543_exe
wnhelp.exe
154_05_19_2017_22_42_40_wnhelp.exe.malware
c86327222d873fb4e12900a5cadcb849
dx_PE_ (602).exe
w.exe
wn32.exe
audioxd.exe
wn64.exe
b1983db46e0cb4687e4c55b64c4d8d53551877fa
swn.exe
WNHELP.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!