× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e1404f400254d90fbd7cdb023c9656c0bbd4a484893f76e9d5cce51422f6a70
File name: nfoviewer.exe
Detection ratio: 17 / 68
Analysis date: 2018-07-22 20:31:36 UTC ( 10 months ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Generic.4!c 20180722
Avira (no cloud) TR/Crypt.ZPACK.Gen 20180722
Babable Malware.HighConfidence 20180406
Cylance Unsafe 20180722
Ikarus Trojan.Crypt 20180722
Sophos ML heuristic 20180717
MAX malware (ai score=62) 20180722
McAfee Artemis!74940BDE3A40 20180722
McAfee-GW-Edition Artemis 20180722
Microsoft Trojan:Win32/Dynamer!ac 20180722
Palo Alto Networks (Known Signatures) generic.ml 20180722
Panda Trj/CI.A 20180722
Qihoo-360 Win32/Trojan.be3 20180722
Rising Trojan.Crypto!8.364 (CLOUD) 20180722
TheHacker Posible_Worm32 20180722
TrendMicro PAK_Generic.005 20180722
TrendMicro-HouseCall PAK_Generic.005 20180722
Ad-Aware 20180722
AhnLab-V3 20180721
Alibaba 20180713
ALYac 20180722
Antiy-AVL 20180722
Arcabit 20180722
Avast 20180722
Avast-Mobile 20180722
AVG 20180722
AVware 20180722
Baidu 20180717
BitDefender 20180722
Bkav 20180719
CAT-QuickHeal 20180722
ClamAV 20180722
CMC 20180722
Comodo 20180722
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180722
DrWeb 20180722
eGambit 20180722
Emsisoft 20180722
Endgame 20180711
ESET-NOD32 20180722
F-Prot 20180722
F-Secure 20180722
Fortinet 20180722
GData 20180722
Jiangmin 20180722
K7AntiVirus 20180722
K7GW 20180722
Kaspersky 20180722
Kingsoft 20180722
Malwarebytes 20180722
eScan 20180722
NANO-Antivirus 20180722
SentinelOne (Static ML) 20180701
Sophos AV 20180722
SUPERAntiSpyware 20180722
Symantec 20180722
TACHYON 20180722
Tencent 20180722
TotalDefense 20180722
Trustlook 20180722
VBA32 20180720
VIPRE 20180722
ViRobot 20180722
Webroot 20180722
Yandex 20180720
Zillya 20180720
ZoneAlarm by Check Point 20180722
Zoner 20180721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-02-01 16:03:04
Entry Point 0x000289C0
Number of sections 3
PE sections
PE imports
BitBlt
LoadLibraryA
ExitProcess
GetProcAddress
waveOutOpen
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:02:01 17:03:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
65536

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x289c0

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
98304

Compressed bundles
File identification
MD5 74940bde3a406f6af0f66ab76f11ccad
SHA1 dc91f254cfb8330173bf759e57745e840d6e3991
SHA256 2e1404f400254d90fbd7cdb023c9656c0bbd4a484893f76e9d5cce51422f6a70
ssdeep
1536:rBMS6WQxFQL5cs4TTfie/fS0D5mkfA6MZjP3Ak6MxB5ZtkggIw:lMSKFEal1fA6MZP3AYxh

authentihash a6fd065dd25b697c0ad1c4d63a26d0c9f6d2eb19e3dd380daa92f0726b8bd853
imphash 7e380ee79e4c40dbb033d4b84ff48b0d
File size 68.5 KB ( 70144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2016-10-25 12:50:36 UTC ( 2 years, 6 months ago )
Last submission 2018-07-22 20:31:36 UTC ( 10 months ago )
File names nfoviewer.exe
nfoviewer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs