× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d9364b24f152b5176bc533217585f6d9efe9619724ba7775b5e325b18e70d16
File name: 2zFgRaLNbxCV.exe
Detection ratio: 12 / 67
Analysis date: 2017-10-25 00:44:24 UTC ( 10 months, 4 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171024
AVG FileRepMalware 20171024
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171024
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171025
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYDZ 20171024
Fortinet W32/GenKryptik.AVEL!tr 20171025
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM20.1.BAFC.Malware.Gen 20171025
Rising Malware.Heuristic!ET#91% (RDM+:cmRtazqbi4rklZeQl/rXixbVGsEj) 20171025
SentinelOne (Static ML) static engine - malicious 20171019
Ad-Aware 20171025
AegisLab 20171024
AhnLab-V3 20171024
Alibaba 20170911
ALYac 20171024
Antiy-AVL 20171024
Arcabit 20171025
Avast-Mobile 20171024
Avira (no cloud) 20171025
AVware 20171025
BitDefender 20171024
Bkav 20171024
CAT-QuickHeal 20171024
ClamAV 20171024
CMC 20171024
Comodo 20171024
Cyren 20171025
DrWeb 20171024
eGambit 20171025
Emsisoft 20171025
F-Prot 20171024
F-Secure 20171025
GData 20171025
Ikarus 20171024
Jiangmin 20171024
K7AntiVirus 20171024
K7GW 20171024
Kaspersky 20171025
Kingsoft 20171025
Malwarebytes 20171025
MAX 20171025
McAfee 20171024
McAfee-GW-Edition 20171024
Microsoft 20171024
eScan 20171025
NANO-Antivirus 20171024
nProtect 20171024
Palo Alto Networks (Known Signatures) 20171025
Panda 20171024
Sophos AV 20171024
SUPERAntiSpyware 20171024
Symantec 20171024
Symantec Mobile Insight 20171011
Tencent 20171025
TheHacker 20171024
TotalDefense 20171024
TrendMicro 20171025
TrendMicro-HouseCall 20171024
Trustlook 20171025
VBA32 20171024
VIPRE 20171025
ViRobot 20171024
Webroot 20171025
WhiteArmor 20171024
Yandex 20171024
Zillya 20171024
ZoneAlarm by Check Point 20171025
Zoner 20171025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name nlaapi.dll
Internal name nlaapi.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Network Location Awareness 2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-25 09:35:55
Entry Point 0x0000101E
Number of sections 9
PE sections
PE imports
OpenSCManagerW
CM_Add_Empty_Log_Conf
CertDeleteCertificateFromStore
CryptFindOIDInfo
JetCloseDatabase
GetNearestColor
InterlockedExchange
LocalFree
FlushProcessWriteBuffers
SwitchToThread
GetConsoleOutputCP
LocalAlloc
GetLastError
GetConsoleWindow
FreeLibrary
LoadLibraryA
GetProcAddress
GetOEMCP
RaiseException
acmDriverID
VarBoolFromDate
RasGetProjectionInfoA
RpcMgmtInqComTimeout
NdrUserMarshalFree
SetupQueueCopyIndirectW
SHDeleteKeyW
OleRun
CoInternetIsFeatureZoneElevationEnabled
URLDownloadToCacheFileA
URLDownloadToFileW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Network Location Awareness 2

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
104448

EntryPoint
0x101e

OriginalFileName
nlaapi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2017:10:25 10:35:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nlaapi.dll

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
132096

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 5f658e9bdeeff2e89dbd19cd89e60b33
SHA1 34ed44dd795af5bef9fa43878ba0892564717b38
SHA256 3d9364b24f152b5176bc533217585f6d9efe9619724ba7775b5e325b18e70d16
ssdeep
1536:B0jENd180zKTeINaxtI9tGbt3O/jX5qz8VsI84c:BPdaAXxfVg7ZVO

authentihash ead08ee5dbf634899357dbded0671f8231a085f316478fa74216ee010156403c
imphash 2070dad688356778339b61d4b374e130
File size 227.0 KB ( 232448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-25 00:44:24 UTC ( 10 months, 4 weeks ago )
Last submission 2017-11-28 09:51:35 UTC ( 9 months, 3 weeks ago )
File names nlaapi.dll
2zFgRaLNbxCV.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!