× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17583992b323a542e7020ac47bc34db87904da3c489129ff31e50c0677f2f849
File name: wU9ba14Y6TcL.exe
Detection ratio: 7 / 60
Analysis date: 2017-10-24 20:38:25 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171024
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/Kryptik.FYDZ 20171024
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM20.1.B9ED.Malware.Gen 20171024
SentinelOne (Static ML) static engine - malicious 20171019
Ad-Aware 20171024
AegisLab 20171024
AhnLab-V3 20171024
ALYac 20171024
Antiy-AVL 20171024
Arcabit 20171024
Avast-Mobile 20171024
Avira (no cloud) 20171024
AVware 20171024
BitDefender 20171024
Bkav 20171024
CAT-QuickHeal 20171024
ClamAV 20171024
CMC 20171024
Comodo 20171024
Cyren 20171024
DrWeb 20171024
eGambit 20171024
F-Prot 20171024
F-Secure 20171024
Fortinet 20171024
GData 20171024
Ikarus 20171024
Jiangmin 20171024
K7AntiVirus 20171024
K7GW 20171024
Kaspersky 20171024
Malwarebytes 20171024
MAX 20171024
McAfee 20171024
McAfee-GW-Edition 20171024
Microsoft 20171024
eScan 20171024
NANO-Antivirus 20171024
nProtect 20171024
Palo Alto Networks (Known Signatures) 20171024
Panda 20171024
Rising 20171024
Sophos AV 20171024
SUPERAntiSpyware 20171024
Symantec 20171024
Symantec Mobile Insight 20171011
Tencent 20171024
TheHacker 20171024
TotalDefense 20171023
TrendMicro 20171024
TrendMicro-HouseCall 20171024
Trustlook 20171024
VBA32 20171024
VIPRE 20171024
Webroot 20171024
Yandex 20171023
Zillya 20171024
ZoneAlarm by Check Point 20171024
Zoner 20171024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name nlaapi.dll
Internal name nlaapi.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Network Location Awareness 2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-25 05:33:02
Entry Point 0x0000101E
Number of sections 9
PE sections
PE imports
OpenSCManagerW
CM_Add_Empty_Log_Conf
CertDeleteCertificateFromStore
CryptFindOIDInfo
JetCloseDatabase
GetNearestColor
InterlockedExchange
GetLastError
FlushProcessWriteBuffers
SwitchToThread
GetConsoleOutputCP
LocalAlloc
LocalFree
GetConsoleWindow
FreeLibrary
GetProcAddress
LoadLibraryA
GetOEMCP
RaiseException
acmDriverID
VarBoolFromDate
RasGetProjectionInfoA
RpcMgmtInqComTimeout
NdrUserMarshalFree
SetupQueueCopyIndirectW
SHDeleteKeyW
OleRun
CoInternetIsFeatureZoneElevationEnabled
URLDownloadToCacheFileA
URLDownloadToFileW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Network Location Awareness 2

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
104448

EntryPoint
0x101e

OriginalFileName
nlaapi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2017:10:25 06:33:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nlaapi.dll

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
128512

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b1a1d8c6fe0e760037522d4f2a890813
SHA1 14c4522ac5ce48383ea449b2973b146079757753
SHA256 17583992b323a542e7020ac47bc34db87904da3c489129ff31e50c0677f2f849
ssdeep
1536:+sxeFXaaHk8uWo4GTgjKoVg+Pt9pvawHseeag9R:JeFXHRuWtGTgGoRFvsR

authentihash a7519e2a3d96a8112617b94b5f7fe9b8fe89fe23451428cdf0cda67c4e15195a
imphash 874e728998071b2614bcbf76d49bcaf0
File size 223.5 KB ( 228864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-24 20:38:25 UTC ( 1 year, 1 month ago )
Last submission 2017-11-25 11:27:11 UTC ( 1 year ago )
File names nlaapi.dll
wU9ba14Y6TcL.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!