× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0dc4d281b2a09edccc2c28898c7b1f572fa5cf3803fc8b6832d2bb1207036a89
File name: nmc.exe
Detection ratio: 18 / 67
Analysis date: 2018-06-20 18:03:22 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20180620
Avast Win32:Malware-gen 20180620
AVG Win32:Malware-gen 20180620
Bkav W32.eHeur.Malware14 20180620
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cylance Unsafe 20180620
Endgame malicious (moderate confidence) 20180612
ESET-NOD32 a variant of Generik.KGWVLDR 20180620
Sophos ML heuristic 20180601
Kaspersky Backdoor.Win32.Mokes.xnl 20180620
McAfee Artemis!669C34C265B0 20180620
McAfee-GW-Edition BehavesLike.Win32.BadFile.dc 20180620
Palo Alto Networks (Known Signatures) generic.ml 20180620
Qihoo-360 Win32/Backdoor.834 20180620
Sophos AV Mal/Generic-S 20180620
Symantec Packed.Generic.516 20180620
TrendMicro-HouseCall Suspicious_GEN.F47V0620 20180620
ZoneAlarm by Check Point Backdoor.Win32.Mokes.xnl 20180620
Ad-Aware 20180620
AhnLab-V3 20180620
Alibaba 20180620
ALYac 20180620
Antiy-AVL 20180620
Arcabit 20180620
Avast-Mobile 20180620
Avira (no cloud) 20180620
AVware 20180620
Baidu 20180620
BitDefender 20180620
CAT-QuickHeal 20180620
ClamAV 20180620
CMC 20180620
Comodo 20180620
Cybereason 20180225
Cyren 20180620
DrWeb 20180620
eGambit 20180620
Emsisoft 20180620
F-Prot 20180620
F-Secure 20180620
Fortinet 20180620
GData 20180620
Ikarus 20180620
Jiangmin 20180620
K7AntiVirus 20180620
K7GW 20180620
Kingsoft 20180620
Malwarebytes 20180620
MAX 20180620
Microsoft 20180620
eScan 20180620
NANO-Antivirus 20180620
Panda 20180620
Rising 20180620
SentinelOne (Static ML) 20180618
SUPERAntiSpyware 20180620
Symantec Mobile Insight 20180619
TACHYON 20180620
Tencent 20180620
TheHacker 20180619
TotalDefense 20180620
TrendMicro 20180620
Trustlook 20180620
VBA32 20180620
VIPRE 20180620
ViRobot 20180620
Webroot 20180620
Yandex 20180620
Zillya 20180620
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Compass Copyright ©. All rights reserved.

Product JoelNested
Internal name JoelNested
Description Hive 101 4ss
Comments Hive 101 4ss
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-19 07:02:41
Entry Point 0x0008B600
Number of sections 3
PE sections
PE imports
RegCloseKey
AuthzInitializeResourceManager
InitCommonControlsEx
ChooseColorA
CryptFindOIDInfo
SaveDC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(41)
LresultFromObject
VariantCopy
EnumPageFilesA
SetupBackupErrorA
StrCmpNIA
OpenPrinterA
GdipFree
CoTaskMemFree
PdhOpenQueryA
Number of PE resources by type
RT_ICON 6
RT_DIALOG 4
RT_STRING 4
RCDATA 2
RT_BITMAP 2
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Hive 101 4ss

InitializedDataSize
61440

ImageVersion
0.0

ProductName
JoelNested

FileVersionNumber
7.5.61.4

UninitializedDataSize
348160

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
7.5.61.4

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:06:19 08:02:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
JoelNested

ProductVersion
7.5.61.4

FileDescription
Hive 101 4ss

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Compass Copyright . All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Compass

CodeSize
221184

FileSubtype
0

ProductVersionNumber
7.5.61.4

EntryPoint
0x8b600

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 669c34c265b0c9228fb3e99f2125bd57
SHA1 15800d50c3edd191c7c99b12864d9ff3e1b91953
SHA256 0dc4d281b2a09edccc2c28898c7b1f572fa5cf3803fc8b6832d2bb1207036a89
ssdeep
6144:7Z90B6S5Le0TEMmEPA2l0oQiS8o9vzLKZodIh6juSrL7Ho2Wu:7Z90l5L5YMTPA2Kom9jIhAv/

authentihash 4e418517456e9b831a58f7a9f202970e3abe2958dbc593143e0b9913a23bd91e
imphash 7279af37131ae37e9cef3a194aa4aff9
File size 274.5 KB ( 281088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.0%)
UPX compressed Win32 Executable (27.5%)
Win32 EXE Yoda's Crypter (27.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-06-20 14:22:34 UTC ( 11 months, 1 week ago )
Last submission 2018-06-21 05:47:08 UTC ( 11 months, 1 week ago )
File names nmc.exe
JoelNested
TempPnY63.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs