× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f11b896cc641db605d70186be468a148a64ea233a21d353e7483239e71e1516
File name: Win32-Napolar-Droppper.exe
Detection ratio: 48 / 54
Analysis date: 2014-09-11 15:57:23 UTC ( 7 months, 1 week ago )
Antivirus Result Update
AVG Dropper.Generic8.BTRR 20140911
AVware Trojan.Win32.Napolar.a (v) 20140911
Ad-Aware Gen:Variant.Symmi.35738 20140911
Agnitum Trojan.DR.Dapato!JKNPasUWfsI 20140911
AhnLab-V3 Dropper/Win32.Dapato 20140911
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20140911
Avast Win32:Napolar-E [Cryp] 20140911
Avira TR/Napolar.A.10 20140911
Baidu-International Trojan.Win32.Agent.40 20140911
BitDefender Gen:Variant.Symmi.35738 20140911
Bkav HW32.Paked.F670 20140911
CAT-QuickHeal TrojanDropper.Dapato.ra 20140911
CMC Packed.Win32.Obfuscated.10!O 20140908
Comodo Backdoor.Win32.Agent.CXI4 20140911
Cyren W32/Dapato.XUSQ-6274 20140911
DrWeb Trojan.PWS.Panda.4784 20140911
ESET-NOD32 Win32/Agent.VAE 20140911
Emsisoft Gen:Variant.Symmi.35738 (B) 20140911
F-Prot W32/Dapato.E 20140911
F-Secure Gen:Variant.Symmi.35738 20140911
Fortinet W32/Dapato.DAQX!tr 20140911
GData Gen:Variant.Symmi.35738 20140911
Ikarus Trojan-Dropper.Win32.Dapato 20140911
Jiangmin Trojan/Dropper.Dapato.lsas 20140910
K7AntiVirus Trojan ( 0040f6581 ) 20140911
K7GW Trojan ( 0040f6581 ) 20140911
Kaspersky Trojan-Dropper.Win32.Dapato.daqx 20140911
Kingsoft Win32.Troj.Undef.(kcloud) 20140911
Malwarebytes Trojan.Agent.FICO 20140911
McAfee W32/Napsolar-FHO!E918AE5279CC 20140911
McAfee-GW-Edition W32/Napsolar-FHO!E918AE5279CC 20140911
MicroWorld-eScan Gen:Variant.Symmi.35738 20140911
Microsoft Trojan:Win32/Napolar.A 20140911
NANO-Antivirus Trojan.Win32.Dapato.ccsous 20140911
Norman Suspicious_Gen4.ETTRO 20140911
Panda Trj/Dtcontx.G 20140911
Qihoo-360 HEUR/Malware.QVM05.Gen 20140911
Rising PE:Trojan.Win32.Generic.15A55663!363157091 20140911
SUPERAntiSpyware Heur.Agent/Gen-GalPic[i] 20140911
Sophos Troj/Napolar-A 20140911
Symantec Trojan.Gen 20140911
Tencent Win32.Trojan-dropper.Dapato.Ajbk 20140911
TheHacker Trojan/Agent.vae 20140911
TrendMicro-HouseCall TROJ_NAPOLAR.NIL 20140911
VBA32 BScope.Malware-Cryptor.Napolar.2683 20140911
VIPRE Trojan.Win32.Napolar.a (v) 20140911
ViRobot Dropper.Dapato.116224 20140911
Zillya Trojan.Fareit.Win32.2070 20140910
AegisLab 20140911
ByteHero 20140911
ClamAV 20140910
TotalDefense 20140911
Zoner 20140910
nProtect 20140911
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
© 1998-2011, Raize Software, Inc.

Publisher Raize Software, Inc.
File version 5.0
Description CodeSite Tools 5.0
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-24 03:39:40
Link date 4:39 AM 8/24/2013
Entry Point 0x000050B4
Number of sections 10
PE sections
PE imports
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptCreateHash
VirtualProtectEx
MessageBoxW
GetLastError
GetStdHandle
GetSystemInfo
FreeLibrary
ExitProcess
LoadLibraryA
RtlUnwind
DeleteCriticalSection
LocalAlloc
GetCommandLineW
UnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
RaiseException
WriteFile
CloseHandle
GetACP
GetModuleHandleW
LocalFree
GetVersion
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
VirtualAlloc
MessageBoxA
Number of PE resources by type
RT_RCDATA 3
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 2
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
5.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
99328

MIMEType
application/octet-stream

XXXXXXXXXXXXXXXXXX
,FileDescription

FileVersion
5.0

XXXXXXXX
|,LegalCopyright

TimeStamp
2013:08:24 04:39:40+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:07:20 10:37:19+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:07:20 10:37:19+01:00

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Raize Software, Inc.

CodeSize
15872

FileSubtype
0

ProductVersionNumber
5.0.0.0

EntryPoint
0x50b4

ObjectFileType
Executable application

eSiteTools50
XXXXXXXXXXXXXXXXXXXXXXX

Compressed bundles
File identification
MD5 e918ae5279ccbb47d9d2fa0f92fbf2ee
SHA1 7d54d7a937cf0ac899e937834d913ebd0027d8b0
SHA256 1f11b896cc641db605d70186be468a148a64ea233a21d353e7483239e71e1516
ssdeep
3072:Hg9LXJ9aap4HNz7zpqOfv5VCdXx122xlbARk0SE:A9jJ9t4HJ7VP4nPxlbAk0

imphash b003acd05dd5752426fdf3fc6a76b41b
File size 113.5 KB ( 116224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe bobsoft

VirusTotal metadata
First submission 2013-08-24 04:02:21 UTC ( 1 year, 8 months ago )
Last submission 2014-07-20 09:40:27 UTC ( 9 months ago )
File names output.14401484.txt
Win32-Napolar-Droppper.exe
e918ae5279ccbb47d9d2fa0f92fbf2ee.exe_
14401484
e918ae5279ccbb47d9d2fa0f92fbf2ee.ex_
Photo_016-www.facebook.com.exe
041f551d149928f8dd54a83101809e36_Photo_016-www.facebook.com.exe.safe
Photo_016-www.facebook.com.exe
E918AE5279CCBB47D9D2FA0F92FBF2EE.EXE
916bf992d146c1eb2599a403bc313f263d234326
file-5879791_exe
Photo_016-www.facebook.com.exe";?=
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!