× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ddc76e010271a3238e30bee433c5adf5a1df3b70c7d1605dc207d6b5c6a2099
File name: Numar-prim-C.exe
Detection ratio: 4 / 57
Analysis date: 2015-04-21 13:42:14 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Cyren W32/Graftor.BR.gen!Eldorado 20150421
F-Prot W32/Graftor.BR.gen!Eldorado 20150421
NANO-Antivirus Trojan.Win32.DownLoader12.dprspk 20150421
Tencent Trojan.Win32.YY.Gen.5 20150421
Ad-Aware 20150421
AegisLab 20150421
Yandex 20150420
AhnLab-V3 20150421
Alibaba 20150421
ALYac 20150421
Antiy-AVL 20150421
Avast 20150421
AVG 20150421
Avira (no cloud) 20150424
AVware 20150421
Baidu-International 20150421
BitDefender 20150421
Bkav 20150421
ByteHero 20150421
CAT-QuickHeal 20150421
ClamAV 20150421
CMC 20150421
Comodo 20150421
DrWeb 20150421
Emsisoft 20150421
ESET-NOD32 20150421
F-Secure 20150421
Fortinet 20150421
GData 20150421
Ikarus 20150421
Jiangmin 20150420
K7AntiVirus 20150421
K7GW 20150421
Kaspersky 20150421
Kingsoft 20150421
Malwarebytes 20150421
McAfee 20150421
McAfee-GW-Edition 20150421
Microsoft 20150424
eScan 20150421
Norman 20150421
nProtect 20150421
Panda 20150421
Qihoo-360 20150421
Rising 20150421
Sophos AV 20150421
SUPERAntiSpyware 20150421
Symantec 20150421
TheHacker 20150421
TotalDefense 20150423
TrendMicro 20150421
TrendMicro-HouseCall 20150421
VBA32 20150420
VIPRE 20150421
ViRobot 20150421
Zillya 20150421
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-03 14:33:43
Entry Point 0x00001280
Number of sections 16
PE sections
PE imports
GetLastError
EnterCriticalSection
ReleaseMutex
TryEnterCriticalSection
ResumeThread
SetEvent
VirtualProtect
ExitProcess
TlsAlloc
GetHandleInformation
DeleteCriticalSection
GetAtomNameA
SetThreadPriority
WaitForSingleObject
AddAtomA
TlsGetValue
MultiByteToWideChar
SetProcessAffinityMask
GetProcAddress
GetThreadContext
GetCurrentThread
SuspendThread
CreateMutexA
IsDBCSLeadByteEx
InterlockedExchangeAdd
CreateSemaphoreA
WideCharToMultiByte
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
ResetEvent
DuplicateHandle
WaitForMultipleObjects
GetThreadPriority
SetThreadContext
GetProcessAffinityMask
ReleaseSemaphore
InitializeCriticalSection
VirtualQuery
CreateEventA
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
__p__fmode
malloc
getc
putwc
__p__environ
realloc
fread
fclose
wcsftime
ungetwc
wcsxfrm
atexit
abort
_setmode
getwc
fflush
fopen
strlen
_endthreadex
fsetpos
_cexit
fputc
iswctype
_errno
strtod
fwrite
fgetpos
strftime
_onexit
wcslen
fputs
exit
sprintf
putc
memcmp
strxfrm
_setjmp
towlower
printf
strchr
memset
longjmp
_fdopen
wcscoll
free
getenv
setlocale
signal
atoi
_fstati64
__getmainargs
calloc
_write
strcoll
memcpy
towupper
_lseeki64
memmove
setvbuf
_read
strerror
strcmp
_filelengthi64
_beginthreadex
memchr
__mb_cur_max
ungetc
fprintf
_getch
__set_app_type
vfprintf
localeconv
_ftime
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:10:03 15:33:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
466432

LinkerVersion
2.23

EntryPoint
0x1280

InitializedDataSize
508416

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
28160

File identification
MD5 a6c37b42b887abd0201670a44dd6644b
SHA1 098e2e8289821f9afe9cff5e3f09c0b316b147f7
SHA256 2ddc76e010271a3238e30bee433c5adf5a1df3b70c7d1605dc207d6b5c6a2099
ssdeep
24576:SfZbCpXcFQ6UHokxTGANHJn3v93IvcF0h1:SR6cm6UHokxTdHhvXF0h1

authentihash 8a9c3b55e7004925714652a1c157e7d9d4a4387ef67d844e52372b79ff8aae74
imphash 7b0825f71e646d8fe6158994d12fe016
File size 988.3 KB ( 1012006 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.4%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-21 13:42:14 UTC ( 2 years, 6 months ago )
Last submission 2015-04-21 13:42:14 UTC ( 2 years, 6 months ago )
File names Numar-prim-C.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
UDP communications