× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f11b896cc641db605d70186be468a148a64ea233a21d353e7483239e71e1516
File name: Win32-Napolar-Droppper.exe
Detection ratio: 44 / 50
Analysis date: 2016-06-30 15:59:38 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
AVG Dropper.Generic8.BTRR 20160701
AVware Trojan.Win32.Napolar.a (v) 20160701
AegisLab Troj.Dropper.W32.Dapato.daqx!c 20160701
AhnLab-V3 Dropper/Win32.Dapato.N935041609 20160701
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20160701
Arcabit Trojan.Symmi.D8B9A 20160701
Avast Win32:Napolar-E [Cryp] 20160701
Avira (no cloud) TR/Napolar.A.10 20160701
BitDefender Gen:Variant.Symmi.35738 20160701
Bkav W32.DropperDapatoU.Trojan 20160630
CAT-QuickHeal TrojanDropper.Dapato.ra 20160701
CMC Trojan-Dropper.Win32.Dapato!O 20160630
Comodo Backdoor.Win32.Agent.CXI4 20160701
Cyren W32/Dapato.XUSQ-6274 20160701
DrWeb Trojan.PWS.Panda.4784 20160701
ESET-NOD32 Win32/Agent.VAE 20160701
Emsisoft Gen:Variant.Symmi.35738 (B) 20160701
F-Prot W32/Dapato.E 20160701
F-Secure Gen:Variant.Symmi.35738 20160701
Fortinet W32/Napolar.ABC!tr 20160701
GData Gen:Variant.Symmi.35738 20160701
Ikarus Trojan-Dropper.Win32.Dapato 20160701
Jiangmin Trojan/Dropper.Dapato.a 20160701
K7AntiVirus Trojan ( 0040f6581 ) 20160701
K7GW Trojan ( 0040f6581 ) 20160701
Kaspersky Backdoor.Win32.Napolar.vvw 20160701
Malwarebytes Trojan.Agent.FICO 20160701
McAfee W32/Napsolar-FHO!E918AE5279CC 20160701
McAfee-GW-Edition BehavesLike.Win32.FakeAlertSecurityTool.cc 20160701
Microsoft Trojan:Win32/Napolar.A 20160701
NANO-Antivirus Trojan.Win32.Dapato.ccsous 20160701
Panda Trj/Dtcontx.G 20160630
Qihoo-360 HEUR/Malware.QVM05.Gen 20160701
SUPERAntiSpyware Heur.Agent/Gen-GalPic[i] 20160701
Sophos Troj/Napolar-A 20160701
Symantec Trojan.Gen 20160701
Tencent Win32.Trojan-dropper.Dapato.Ajbk 20160701
TheHacker Trojan/Agent.vae 20160630
TrendMicro TROJ_NAPOLAR.NIL 20160701
TrendMicro-HouseCall TROJ_NAPOLAR.NIL 20160701
VBA32 BScope.Malware-Cryptor.Napolar.2683 20160701
VIPRE Trojan.Win32.Napolar.a (v) 20160701
ViRobot Dropper.Dapato.116224[h] 20160701
Zillya Trojan.Fareit.Win32.2070 20160701
Alibaba 20160701
Baidu 20160701
ClamAV 20160701
Kingsoft 20160701
TotalDefense 20160701
Zoner 20160701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 1998-2011, Raize Software, Inc.

File version 5.0
Description CodeSite Tools 5.0
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-24 03:39:40
Entry Point 0x000050B4
Number of sections 10
PE sections
PE imports
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptCreateHash
VirtualProtectEx
MessageBoxW
GetLastError
GetStdHandle
GetSystemInfo
FreeLibrary
ExitProcess
LoadLibraryA
RtlUnwind
DeleteCriticalSection
LocalAlloc
GetCommandLineW
UnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
RaiseException
WriteFile
CloseHandle
GetACP
GetModuleHandleW
LocalFree
GetVersion
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
VirtualAlloc
MessageBoxA
Number of PE resources by type
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
5.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
99328

EntryPoint
0x50b4

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0

TimeStamp
2013:08:24 04:39:40+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
CodeSite Tools 5.0

OSVersion
5.0

FileOS
Windows 16-bit

LegalCopyright
1998-2011, Raize Software, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Raize Software, Inc.

CodeSize
15872

FileSubtype
0

ProductVersionNumber
5.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e918ae5279ccbb47d9d2fa0f92fbf2ee
SHA1 7d54d7a937cf0ac899e937834d913ebd0027d8b0
SHA256 1f11b896cc641db605d70186be468a148a64ea233a21d353e7483239e71e1516
ssdeep
3072:Hg9LXJ9aap4HNz7zpqOfv5VCdXx122xlbARk0SE:A9jJ9t4HJ7VP4nPxlbAk0

authentihash ec8facf8c9e896e954c13d7cd214dc8373e8c8fcd40badd851e6e74c14dfe03c
imphash b003acd05dd5752426fdf3fc6a76b41b
File size 113.5 KB ( 116224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2013-08-24 04:02:21 UTC ( 3 years ago )
Last submission 2016-06-30 15:59:38 UTC ( 1 month, 3 weeks ago )
File names output.14401484.txt
Win32-Napolar-Droppper.exe
e918ae5279ccbb47d9d2fa0f92fbf2ee.exe_
14401484
e918ae5279ccbb47d9d2fa0f92fbf2ee.ex_
Photo_016-www.facebook.com.exe
041f551d149928f8dd54a83101809e36_Photo_016-www.facebook.com.exe.safe
Photo_016-www.facebook.com.exe
E918AE5279CCBB47D9D2FA0F92FBF2EE.EXE
916bf992d146c1eb2599a403bc313f263d234326
file-5879791_exe
Photo_016-www.facebook.com.exe";?=
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!