× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 18e72ab0ed61366abd6398d0c1b7a2a4fc8423e5b9dd6cb220d2805949f2b32c
File name: Nfo.exe
Detection ratio: 13 / 68
Analysis date: 2018-07-22 20:51:21 UTC ( 10 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Gen!c 20180722
CAT-QuickHeal Trojan.IGENERIC 20180722
Cylance Unsafe 20180722
Endgame malicious (moderate confidence) 20180711
Ikarus Trojan.Crypt 20180722
Sophos ML heuristic 20180717
Kingsoft Win32.Malware.Heur_Generic.A.(kcloud) 20180722
MAX malware (ai score=67) 20180722
McAfee RDN/Generic.hbg 20180722
McAfee-GW-Edition BehavesLike.Win32.Downloader.pc 20180722
Symantec ML.Attribute.HighConfidence 20180722
TheHacker Posible_Worm32 20180722
Zillya Trojan.Agent.Win32.600560 20180720
Ad-Aware 20180722
AhnLab-V3 20180721
Alibaba 20180713
ALYac 20180722
Antiy-AVL 20180722
Arcabit 20180722
Avast 20180722
Avast-Mobile 20180722
AVG 20180722
Avira (no cloud) 20180722
AVware 20180722
Babable 20180406
Baidu 20180717
BitDefender 20180722
Bkav 20180719
ClamAV 20180722
CMC 20180722
Comodo 20180722
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180722
DrWeb 20180722
eGambit 20180722
Emsisoft 20180722
ESET-NOD32 20180722
F-Prot 20180722
F-Secure 20180722
Fortinet 20180722
GData 20180722
Jiangmin 20180722
K7AntiVirus 20180722
K7GW 20180722
Kaspersky 20180722
Malwarebytes 20180722
Microsoft 20180722
eScan 20180722
NANO-Antivirus 20180722
Palo Alto Networks (Known Signatures) 20180722
Panda 20180722
Qihoo-360 20180722
Rising 20180722
SentinelOne (Static ML) 20180701
Sophos AV 20180722
SUPERAntiSpyware 20180722
TACHYON 20180722
Tencent 20180722
TotalDefense 20180722
TrendMicro 20180722
TrendMicro-HouseCall 20180722
Trustlook 20180722
VBA32 20180720
VIPRE 20180722
ViRobot 20180722
Webroot 20180722
Yandex 20180720
ZoneAlarm by Check Point 20180722
Zoner 20180721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product nFO Viewer
Internal name nFO Viewer
Description nFO Viewer
Comments nFO Viewer
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-27 14:50:33
Entry Point 0x0004B860
Number of sections 3
PE sections
PE imports
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
LoadIconA
waveOutOpen
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FARSI DEFAULT 5
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
nFO Viewer

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
Farsi

FileFlagsMask
0x003f

FileDescription
nFO Viewer

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x4b860

MIMEType
application/octet-stream

TimeStamp
2010:10:27 16:50:33+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
nFO Viewer

UninitializedDataSize
270336

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Under SEH Team

CodeSize
36864

ProductName
nFO Viewer

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 44c03c8d6277084c895e52f96b5c80c7
SHA1 befb2c4e5d341a8fd1a61689dbc8f8ddce9928da
SHA256 18e72ab0ed61366abd6398d0c1b7a2a4fc8423e5b9dd6cb220d2805949f2b32c
ssdeep
768:hALVBP+77JvoaxM5xpb6eP8/xCt89wb9E/6yDgWwraw43P:MUFxC6eE/wt89Gu/68O83P

authentihash 215046ab4359e8ba0d89e550811fba3adf25da8a0a950db253d385eb02edec48
imphash b34e7536cdd2300fd34f1a74c58026fa
File size 41.5 KB ( 42496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (31.0%)
Win32 EXE Yoda's Crypter (30.4%)
Microsoft Visual C++ compiled executable (generic) (18.9%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-07-01 22:33:32 UTC ( 8 years, 10 months ago )
Last submission 2018-07-22 20:51:21 UTC ( 10 months ago )
File names smona130697586147149894253
Nfo (2).exe
file-3294473_exe
smona131419165026291694421
smona131841425429639492009
smona132395136503081002416
d5ds63.exe
smona130625259779645513884
smona_18e72ab0ed61366abd6398d0c1b7a2a4fc8423e5b9dd6cb220d2805949f2b32c.bin
smona132233804823385724421
smona130846443939434233612
Nfo (4).exe
smona132382518857715082755
smona132396224449948360449
nFO Viewer
Nfo (3).exe
smona131070310394305550309
smona132394666448397023233
smona132395202201446187644
nfo.exe
smona132382362720251546827
read.medicine.Flow.Architect Studio.3Dv1.3.8_.exe
Nfo.exe
smona132295772037459108233
Nfo.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!