× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f11b896cc641db605d70186be468a148a64ea233a21d353e7483239e71e1516
File name: Win32-Napolar-Droppper.exe
Detection ratio: 51 / 57
Analysis date: 2016-04-25 22:18:21 UTC ( 1 month ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.35738 20160425
AVG Dropper.Generic8.BTRR 20160425
AVware Trojan.Win32.Napolar.a (v) 20160425
Ad-Aware Gen:Variant.Symmi.35738 20160425
AegisLab Troj.W32.Gen.lsSY 20160425
AhnLab-V3 Dropper/Win32.Dapato 20160425
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20160425
Arcabit Trojan.Symmi.D8B9A 20160425
Avast Win32:Napolar-E [Cryp] 20160425
Avira (no cloud) TR/Napolar.A.10 20160425
Baidu-International Trojan.Win32.Agent.40 20160425
BitDefender Gen:Variant.Symmi.35738 20160425
Bkav W32.DropperDapatoU.Trojan 20160425
CAT-QuickHeal TrojanDropper.Dapato.ra 20160425
CMC Trojan-Dropper.Win32.Dapato!O 20160425
Comodo Backdoor.Win32.Agent.CXI4 20160425
Cyren W32/Dapato.XUSQ-6274 20160425
DrWeb Trojan.PWS.Panda.4784 20160425
ESET-NOD32 Win32/Agent.VAE 20160425
Emsisoft Gen:Variant.Symmi.35738 (B) 20160425
F-Prot W32/Dapato.E 20160425
F-Secure Gen:Variant.Symmi.35738 20160425
Fortinet W32/Napolar.ABC!tr 20160425
GData Gen:Variant.Symmi.35738 20160425
Ikarus Trojan-Dropper.Win32.Dapato 20160425
Jiangmin Trojan/Dropper.Dapato.a 20160425
K7AntiVirus Trojan ( 0040f6581 ) 20160425
K7GW Trojan ( 0040f6581 ) 20160425
Kaspersky Trojan-Dropper.Win32.Dapato.daqx 20160425
Malwarebytes Trojan.Agent.FICO 20160425
McAfee W32/Napsolar-FHO!E918AE5279CC 20160425
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20160425
eScan Gen:Variant.Symmi.35738 20160425
Microsoft Trojan:Win32/Napolar.A 20160425
NANO-Antivirus Trojan.Win32.Dapato.ccsous 20160425
Panda Trj/Dtcontx.G 20160425
Qihoo-360 HEUR/Malware.QVM05.Gen 20160425
Rising Trojan.Win32.Generic.15A55663 (Cloud) 20160425
SUPERAntiSpyware Heur.Agent/Gen-GalPic[i] 20160425
Sophos Troj/Napolar-A 20160425
Symantec Trojan.Gen 20160425
Tencent Win32.Trojan-dropper.Dapato.Ajbk 20160425
TheHacker Trojan/Agent.vae 20160424
TrendMicro TROJ_NAPOLAR.NIL 20160425
TrendMicro-HouseCall TROJ_NAPOLAR.NIL 20160425
VBA32 BScope.Malware-Cryptor.Napolar.2683 20160425
VIPRE Trojan.Win32.Napolar.a (v) 20160425
ViRobot Dropper.Dapato.116224[h] 20160425
Yandex Trojan.DR.Dapato!JKNPasUWfsI 20160425
Zillya Trojan.Fareit.Win32.2070 20160425
nProtect Trojan-Dropper/W32.Dapato.116224.B 20160425
Alibaba 20160425
Baidu 20160422
ClamAV 20160425
Kingsoft 20160425
TotalDefense 20160425
Zoner 20160425
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 1998-2011, Raize Software, Inc.

File version 5.0
Description CodeSite Tools 5.0
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-24 03:39:40
Entry Point 0x000050B4
Number of sections 10
PE sections
PE imports
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptCreateHash
VirtualProtectEx
MessageBoxW
GetLastError
GetStdHandle
GetSystemInfo
FreeLibrary
ExitProcess
LoadLibraryA
RtlUnwind
DeleteCriticalSection
LocalAlloc
GetCommandLineW
UnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
RaiseException
WriteFile
CloseHandle
GetACP
GetModuleHandleW
LocalFree
GetVersion
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
VirtualAlloc
MessageBoxA
Number of PE resources by type
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 2
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
5.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
99328

EntryPoint
0x50b4

MIMEType
application/octet-stream

XXXXXXXXXXXXXXXXXX
,FileDescription

FileVersion
5.0

XXXXXXXX
|,LegalCopyright

TimeStamp
2013:08:24 04:39:40+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Raize Software, Inc.

CodeSize
15872

FileSubtype
0

ProductVersionNumber
5.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

eSiteTools50
XXXXXXXXXXXXXXXXXXXXXXX

Compressed bundles
File identification
MD5 e918ae5279ccbb47d9d2fa0f92fbf2ee
SHA1 7d54d7a937cf0ac899e937834d913ebd0027d8b0
SHA256 1f11b896cc641db605d70186be468a148a64ea233a21d353e7483239e71e1516
ssdeep
3072:Hg9LXJ9aap4HNz7zpqOfv5VCdXx122xlbARk0SE:A9jJ9t4HJ7VP4nPxlbAk0

authentihash ec8facf8c9e896e954c13d7cd214dc8373e8c8fcd40badd851e6e74c14dfe03c
imphash b003acd05dd5752426fdf3fc6a76b41b
File size 113.5 KB ( 116224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2013-08-24 04:02:21 UTC ( 2 years, 9 months ago )
Last submission 2014-07-20 09:40:27 UTC ( 1 year, 10 months ago )
File names output.14401484.txt
Win32-Napolar-Droppper.exe
e918ae5279ccbb47d9d2fa0f92fbf2ee.exe_
14401484
e918ae5279ccbb47d9d2fa0f92fbf2ee.ex_
Photo_016-www.facebook.com.exe
041f551d149928f8dd54a83101809e36_Photo_016-www.facebook.com.exe.safe
Photo_016-www.facebook.com.exe
E918AE5279CCBB47D9D2FA0F92FBF2EE.EXE
916bf992d146c1eb2599a403bc313f263d234326
file-5879791_exe
Photo_016-www.facebook.com.exe";?=
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!