× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 18f6a08876b91e7541ad07a014368d529476abe34e8494b4886f22bb52944a73
File name: SlyNFO.exe
Detection ratio: 2 / 56
Analysis date: 2015-08-24 10:56:55 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
CMC Trojan.Win32.Generic!O 20150824
VBA32 Trojan.Autoit.F 20150822
Ad-Aware 20150824
AegisLab 20150824
Yandex 20150822
AhnLab-V3 20150824
Alibaba 20150824
ALYac 20150824
Antiy-AVL 20150824
Arcabit 20150824
Avast 20150823
AVG 20150824
Avira (no cloud) 20150824
AVware 20150824
Baidu-International 20150824
BitDefender 20150824
Bkav 20150824
ByteHero 20150824
CAT-QuickHeal 20150824
ClamAV 20150824
Comodo 20150824
Cyren 20150824
DrWeb 20150824
Emsisoft 20150824
ESET-NOD32 20150824
F-Prot 20150824
F-Secure 20150824
Fortinet 20150824
GData 20150824
Ikarus 20150824
Jiangmin 20150823
K7AntiVirus 20150824
K7GW 20150824
Kaspersky 20150824
Kingsoft 20150824
Malwarebytes 20150824
McAfee 20150824
McAfee-GW-Edition 20150823
Microsoft 20150824
eScan 20150824
NANO-Antivirus 20150824
nProtect 20150824
Panda 20150824
Qihoo-360 20150824
Rising 20150823
Sophos AV 20150824
SUPERAntiSpyware 20150822
Symantec 20150823
Tencent 20150824
TheHacker 20150824
TrendMicro 20150824
TrendMicro-HouseCall 20150824
VIPRE 20150824
ViRobot 20150824
Zillya 20150824
Zoner 20150824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
MetalloSoft

File version 2.0.0.2
Description SlyNFO Viewer
Packers identified
F-PROT AutoIt, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x0012FF60
Number of sections 3
PE sections
Overlays
MD5 f95e3c05e494cc8896a99d74598de347
File type data
Offset 788480
Size 116614
Entropy 8.00
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
VariantInit
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_ICON 15
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 28
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
2.0.0.2

UninitializedDataSize
970752

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
520192

EntryPoint
0x12ff60

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.0.2

TimeStamp
2012:01:29 22:32:28+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
SlyNFO Viewer

OSVersion
5.0

FileOS
Win32

LegalCopyright
MetalloSoft

MachineType
Intel 386 or later, and compatibles

CodeSize
274432

FileSubtype
0

ProductVersionNumber
3.3.8.1

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 f9b77c65dfdf701ee3732e2b024d5128
SHA1 eb33f4f731b154fbb0550a4a763a6f72b1136554
SHA256 18f6a08876b91e7541ad07a014368d529476abe34e8494b4886f22bb52944a73
ssdeep
12288:Q6Wq4aaE6KwyF5L0Y2D1PqL4oXkdCjsiK4Ldti4:mthEVaPqL4oXkwrD

authentihash fc2936ae62026ad01b6a49f133803001b5e71abf7bf8a2cfa41caaf9dddb481d
imphash 890e522b31701e079a367b89393329e6
File size 883.9 KB ( 905094 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2015-08-22 12:32:15 UTC ( 1 year, 12 months ago )
Last submission 2016-10-18 22:52:18 UTC ( 10 months ago )
File names SlyNFO.exe
SlyNFO.exe
SlyNFO.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Opened service managers
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.