× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3300de4dbec0b91bdcc08a16a1f3e459937dcfcde8a00ec0ff7579b2cae2504a
File name: NoREpls1.2.1.exe
Detection ratio: 4 / 63
Analysis date: 2017-07-20 12:04:41 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170710
Cylance Unsafe 20170720
McAfee-GW-Edition BehavesLike.Win32.MysticCompressor.cm 20170720
Rising Malware.Heuristic!ET#81% (rdm+) 20170720
Ad-Aware 20170720
AegisLab 20170720
AhnLab-V3 20170720
Alibaba 20170720
ALYac 20170720
Antiy-AVL 20170720
Arcabit 20170720
Avast 20170720
AVG 20170720
Avira (no cloud) 20170720
AVware 20170720
Baidu 20170720
BitDefender 20170720
Bkav 20170720
CAT-QuickHeal 20170720
ClamAV 20170720
CMC 20170720
Comodo 20170720
Cyren 20170720
DrWeb 20170720
Emsisoft 20170720
Endgame 20170713
ESET-NOD32 20170720
F-Prot 20170720
F-Secure 20170720
Fortinet 20170720
GData 20170720
Ikarus 20170720
Sophos ML 20170607
Jiangmin 20170720
K7AntiVirus 20170720
K7GW 20170720
Kaspersky 20170720
Kingsoft 20170720
Malwarebytes 20170720
MAX 20170720
McAfee 20170720
Microsoft 20170720
eScan 20170720
NANO-Antivirus 20170720
nProtect 20170720
Palo Alto Networks (Known Signatures) 20170720
Panda 20170720
Qihoo-360 20170720
SentinelOne (Static ML) 20170718
Sophos AV 20170720
SUPERAntiSpyware 20170720
Symantec 20170720
Symantec Mobile Insight 20170720
Tencent 20170720
TheHacker 20170719
TrendMicro 20170720
TrendMicro-HouseCall 20170720
Trustlook 20170720
VBA32 20170720
VIPRE 20170720
ViRobot 20170720
Webroot 20170720
WhiteArmor 20170713
Yandex 20170719
Zillya 20170720
ZoneAlarm by Check Point 20170720
Zoner 20170720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

Product Nothing Really Epic; Pretty Lousy Software
Original name NoREpls.exe
Internal name NoREpls.exe
File version 1.2.1.0
Description Crackme by dtm@0x00sec
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-20 12:03:34
Entry Point 0x00002DC4
Number of sections 6
PE sections
PE imports
ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
CreateFontIndirectW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
FindFirstFileExW
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetFileSize
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FindNextFileW
FreeLibrary
TerminateProcess
GetModuleHandleExW
IsValidCodePage
SetLastError
CreateFileW
FindClose
TlsGetValue
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
EndDialog
PostQuitMessage
KillTimer
GetMessageW
ShowWindow
MessageBoxW
GetMenu
EnableWindow
SetDlgItemTextA
MoveWindow
DialogBoxParamW
GetDlgItemTextA
TranslateMessage
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
SendMessageW
SetWindowTextW
GetDlgItem
EnableMenuItem
GetWindowTextLengthA
SetTimer
IsDialogMessageW
GetClientRect
GetWindowTextLengthW
wsprintfW
DestroyWindow
Number of PE resources by type
RT_DIALOG 4
AFX_DIALOG_LAYOUT 4
RT_ICON 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH AUS 12
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.1.0

UninitializedDataSize
0

LanguageCode
English (Australian)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
107520

EntryPoint
0x2dc4

OriginalFileName
NoREpls.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017

FileVersion
1.2.1.0

TimeStamp
2017:07:20 13:03:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NoREpls.exe

ProductVersion
1.2.1.0

FileDescription
Crackme by dtm@0x00sec

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
dtm@0x00sec

CodeSize
55296

ProductName
Nothing Really Epic; Pretty Lousy Software

ProductVersionNumber
1.2.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 8c767a09cc708eeb08cc3de2de31b022
SHA1 832efae8d681c0eb5f7092ddf6d866d86bc16fac
SHA256 3300de4dbec0b91bdcc08a16a1f3e459937dcfcde8a00ec0ff7579b2cae2504a
ssdeep
3072:r7NP5lPmzjhtryGYROEwq2xS/SpoJYAZ8nfYMvNs:r7d5S9rTASO/Z8nfFN

authentihash b02ef2171ca503aeec0d2ddfa2e7d3ffa6c9ba1c17617655596c899389070925
imphash a422dfb0817bed4ef897051aaf429920
File size 157.5 KB ( 161280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-20 12:04:41 UTC ( 1 year, 4 months ago )
Last submission 2018-05-08 20:07:25 UTC ( 7 months ago )
File names NoREpls.exe
NoREpls1.2.1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
UDP communications