× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c63b771b02ed30125c322c7d3ce20814427f59901f676d2da5b0ab337ad7fcc
File name: nn.jpg
Detection ratio: 5 / 67
Analysis date: 2019-02-07 04:38:47 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Endgame malicious (high confidence) 20181108
Rising Trojan.Fuerboos!8.EFC8/N3#81% (RDM+:cmRtazrvXKo3fJvqJvGC9wYgaUmX) 20190207
Symantec ML.Attribute.HighConfidence 20190207
Trapmine malicious.high.ml.score 20190123
Acronis 20190130
Ad-Aware 20190207
AegisLab 20190207
AhnLab-V3 20190206
Alibaba 20180921
ALYac 20190207
Antiy-AVL 20190207
Arcabit 20190207
Avast 20190207
Avast-Mobile 20190206
AVG 20190207
Avira (no cloud) 20190206
Babable 20180918
Baidu 20190202
BitDefender 20190207
Bkav 20190201
CAT-QuickHeal 20190206
ClamAV 20190206
CMC 20190206
Comodo 20190207
Cybereason 20190109
Cylance 20190207
Cyren 20190207
DrWeb 20190207
eGambit 20190207
Emsisoft 20190207
ESET-NOD32 20190207
F-Prot 20190207
F-Secure 20190207
Fortinet 20190207
GData 20190207
Sophos ML 20181128
Jiangmin 20190207
K7AntiVirus 20190207
K7GW 20190206
Kaspersky 20190207
Kingsoft 20190207
Malwarebytes 20190207
MAX 20190207
McAfee 20190207
McAfee-GW-Edition 20190206
Microsoft 20190207
eScan 20190207
NANO-Antivirus 20190207
Palo Alto Networks (Known Signatures) 20190207
Panda 20190206
Qihoo-360 20190207
SentinelOne (Static ML) 20190203
Sophos AV 20190206
SUPERAntiSpyware 20190206
TACHYON 20190207
Tencent 20190207
TheHacker 20190203
Trustlook 20190207
VBA32 20190206
VIPRE 20190207
ViRobot 20190206
Webroot 20190207
Yandex 20190206
Zillya 20190206
ZoneAlarm by Check Point 20190207
Zoner 20190207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2006-2014 ManiacTools

Product Nslookup
Original name Nslookup.exe
Internal name Nslookup
Description Categoryid Rotation
Comments Categoryid Rotation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-06 22:01:54
Entry Point 0x00039B08
Number of sections 4
PE sections
PE imports
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
OpenProcessToken
IsValidSecurityDescriptor
GetNamedSecurityInfoA
ImageList_ReplaceIcon
GetTextCharsetInfo
DeleteDC
SetBkMode
DeleteObject
GetTextExtentPoint32A
MoveToEx
GetStockObject
Ellipse
GetOutlineTextMetricsW
SelectObject
BitBlt
SetBkColor
CreateCompatibleDC
GetPixel
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
TlsGetValue
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetUserDefaultLCID
CompareStringW
CompareStringA
IsValidLocale
GetProcAddress
GetConsoleWindow
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
EnumSystemCodePagesW
RaiseException
TlsFree
SetFilePointer
ReadFile
WriteFileEx
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
ReadFileEx
VirtualAlloc
NetWkstaUserGetInfo
NetShareGetInfo
CreateErrorInfo
wglMakeCurrent
wglCreateContext
SHGetFolderPathW
Shell_NotifyIconA
PathUnquoteSpacesA
GetCursorInfo
SetPropA
BeginPaint
OffsetRect
GetIconInfo
CheckMenuRadioItem
GetSysColorBrush
GetSystemMetrics
MessageBoxW
GetMenu
GetWindowRect
InflateRect
EndPaint
LoadImageA
GetWindowDC
DialogBoxParamA
GetSysColor
GetDC
GetCursorPos
ReleaseDC
SetWindowTextA
DestroyIcon
DrawIconEx
SendMessageA
SetScrollPos
FrameRect
InsertMenuA
GetWindowLongA
FillRect
GetDesktopWindow
GetDialogBaseUnits
DialogBoxIndirectParamA
WinHttpReceiveResponse
InternetGetCookieA
InternetGetLastResponseInfoA
WTSQuerySessionInformationA
GdipAlloc
GdipDisposeImage
GdipLoadImageFromFile
GdipCloneImage
GdipFree
CoUninitialize
CreateBindCtx
CoCreateInstance
CoInitializeEx
PdhBrowseCountersA
PE exports
Number of PE resources by type
RT_ICON 6
RCDATA 6
BINDATA 4
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 23
PE resources
ExifTool file metadata
CodeSize
337920

SubsystemVersion
5.0

Comments
Categoryid Rotation

Languages
English

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.3.2.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Categoryid Rotation

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
412160

PrivateBuild
7.3.2.6

EntryPoint
0x39b08

OriginalFileName
Nslookup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2006-2014 ManiacTools

TimeStamp
2019:02:06 14:01:54-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Nslookup

ProductVersion
7.3.2.6

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ManiacTools

LegalTrademarks
Copyright (c) 2006-2014 ManiacTools

ProductName
Nslookup

ProductVersionNumber
7.3.2.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 970443cfcf3fad0af5947b267a4bdc1f
SHA1 d1983f14717ae89b74a939a31faa46eec15bfb3b
SHA256 2c63b771b02ed30125c322c7d3ce20814427f59901f676d2da5b0ab337ad7fcc
ssdeep
12288:XsccSa+k6LO1+R/a31t/e1fm058D6AtfBgTr117ZvB/D9lDFrws:Xsc/THOUR/s1M8DtmTr7ZvdzDFrj

authentihash 50f3176f17fcf86f2658f82f2e861329c508030788c16b1f7f54efd76c68214e
imphash c332d9399f9a00dd85ba31ee0379a62d
File size 733.5 KB ( 751104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-07 04:38:47 UTC ( 3 months, 2 weeks ago )
Last submission 2019-02-07 04:38:47 UTC ( 3 months, 2 weeks ago )
File names nn.jpg
Nslookup.exe
Nslookup
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Searched windows
Runtime DLLs