× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4979bbceccbb991c909307d452666168ce660374079e299a13abae02c08960c1
File name: NermIttoy.exe
Detection ratio: 42 / 57
Analysis date: 2016-11-17 20:18:28 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.102645 20161117
AegisLab Backdoor.W32.Androm!c 20161117
AhnLab-V3 Trojan/Win32.Androm.N2139623987 20161117
ALYac Gen:Variant.Razy.102645 20161117
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161117
Arcabit Trojan.Razy.D190F5 20161117
Avast Win32:Trojan-gen 20161117
AVG PSW.Generic13.PTO 20161117
Avira (no cloud) TR/Crypt.ZPACK.lukwy 20161117
AVware Trojan.Win32.Generic!BT 20161117
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161117
BitDefender Gen:Variant.Razy.102645 20161117
Bkav W32.eHeur.Malware09 20161117
CAT-QuickHeal Backdoor.Vawtrak 20161117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.CLRE-8137 20161117
DrWeb Trojan.PWS.Papras.2166 20161117
Emsisoft Gen:Variant.Razy.102645 (B) 20161117
ESET-NOD32 a variant of Win32/GenKryptik.IJP 20161117
F-Secure Gen:Variant.Razy.102645 20161117
Fortinet W32/Androm.LDNX!tr.bdr 20161117
GData Gen:Variant.Razy.102645 20161117
Ikarus Backdoor.Win32.Vawtrak 20161117
Sophos ML backdoor.win32.vawtrak.o 20161018
K7AntiVirus Trojan ( 004fbb421 ) 20161117
K7GW Trojan ( 004fbb421 ) 20161117
Kaspersky Backdoor.Win32.Androm.ldnx 20161117
Malwarebytes Trojan.Zbot 20161117
McAfee RDN/Generic BackDoor 20161117
McAfee-GW-Edition BehavesLike.Win32.Ramnit.cc 20161117
Microsoft Backdoor:Win32/Vawtrak.E 20161117
eScan Gen:Variant.Razy.102645 20161117
NANO-Antivirus Trojan.Win32.Papras.ehskmc 20161117
Panda Trj/GdSda.A 20161117
Qihoo-360 HEUR/QVM20.1.17E2.Malware.Gen 20161117
Rising Malware.Generic!wYHK0QKSWnC@4 (thunder) 20161117
Sophos AV Mal/Generic-S 20161117
Symantec Trojan.Gen 20161117
Tencent Win32.Backdoor.Androm.Htmm 20161117
TrendMicro TROJ_GEN.R08NC0DJQ16 20161117
TrendMicro-HouseCall TROJ_GEN.R08NC0DJQ16 20161117
Yandex Backdoor.Androm!Bo90OC20AKA 20161117
Alibaba 20161117
ClamAV 20161117
CMC 20161117
Comodo 20161117
F-Prot 20161117
Jiangmin 20161117
Kingsoft 20161117
nProtect 20161117
SUPERAntiSpyware 20161117
TheHacker 20161115
TotalDefense 20161117
VBA32 20161117
VIPRE 20161117
ViRobot 20161117
Zillya 20161117
Zoner 20161117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright G Data Software AG 1997-2011

Product G Data Shredder
Original name REISSWOLF.DLL
Internal name REISSWOLF
File version 25.1.16034.328
Description G Data Shredder
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-04 03:06:28
Entry Point 0x0000350A
Number of sections 7
PE sections
PE imports
DhcpUndoRequestParams
McastGenUID
DhcpDelPersistentRequestParams
DhcpCApiCleanup
DhcpStaticRefreshParams
McastApiStartup
DhcpPersistentRequestParams
DhcpEnumClasses
McastRequestAddress
DhcpHandlePnPEvent
DhcpRequestParams
DhcpRegisterParamChange
McastEnumerateScopes
DhcpLeaseIpAddress
DhcpReleaseParameters
McastApiCleanup
DhcpLeaseIpAddressEx
DhcpNotifyConfigChangeEx
DhcpNotifyMediaReconnected
DhcpCApiInitialize
DhcpRenewIpAddressLease
GetStockObject
ImportRSoPData
DeleteGPOLink
CreateGPOLink
GetNativeSystemInfo
GetLastError
AttachConsole
GetStdHandle
BuildCommDCBA
LoadLibraryA
LoadLibraryW
FreeLibrary
VirtualProtect
GetSystemWow64DirectoryA
GetEnvironmentStringsW
RemoveDirectoryA
IsDBCSLeadByte
GlobalFindAtomW
GetTempFileNameW
ConvertFiberToThread
SetProcessWorkingSetSize
CreateActCtxA
CommConfigDialogW
LocalAlloc
CopyFileExA
GetCalendarInfoW
GetConsoleTitleW
GetCurrentDirectoryA
SetErrorMode
GetVolumePathNamesForVolumeNameA
RegisterConsoleOS2
BackupRead
DeleteFileW
GetProcAddress
FormatMessageA
GetComputerNameExA
GetFullPathNameA
RaiseException
GlobalAddAtomW
WideCharToMultiByte
GetModuleFileNameW
DebugSetProcessKillOnExit
GetCurrentProcessId
InterlockedExchange
CancelWaitableTimer
GetProcessWorkingSetSize
GetThreadTimes
ClearCommError
FormatMessageW
IsBadStringPtrW
LocalFree
MoveFileA
GlobalMemoryStatus
GetLogicalDriveStringsA
GetProcessShutdownParameters
Sleep
GetProfileIntA
ExitProcess
GetCurrencyFormatW
SetLastError
QueryWorkingSet
EnumProcesses
GetProcessImageFileNameW
EnumPageFilesW
InitializeProcessForWsWatch
GetWsChanges
GetForegroundWindow
OffsetRect
AnyPopup
GetClipboardOwner
GetShellWindow
FindWindowA
InflateRect
MoveWindow
LoadCursorFromFileA
AppendMenuW
GetWindow
GetClipboardSequenceNumber
GetCursor
CreatePopupMenu
GetKeyNameTextA
RegisterClassW
IsCharLowerA
IsZoomed
IsIconic
GetClassLongA
GetActiveWindow
GetTopWindow
GetDesktopWindow
LoadIconW
GetFocus
GetWindowRgnBox
GetWindowTextA
RunOnceUrlCache
InternetCanonicalizeUrlW
FindFirstUrlCacheEntryA
InternetUnlockRequestFile
CreateUrlCacheEntryW
GetUrlCacheEntryInfoExA
ForceNexusLookupExW
HttpOpenRequestW
InternetSetOptionExW
GetUrlCacheEntryInfoA
PrivacySetZonePreferenceW
FtpGetFileEx
InternetGetLastResponseInfoA
InternetConnectA
SetUrlCacheHeaderData
FtpGetFileA
FtpDeleteFileA
FindFirstUrlCacheEntryExW
GopherCreateLocatorW
InternetWriteFileExW
FindNextUrlCacheGroup
IsUrlCacheEntryExpiredA
FtpCommandW
InternetCheckConnectionA
SetUrlCacheEntryGroupA
InternetWriteFileExA
GopherCreateLocatorA
InternetTimeFromSystemTimeA
IsHostInProxyBypassList
GopherGetLocatorTypeA
CommitUrlCacheEntryA
FtpSetCurrentDirectoryW
InternetOpenUrlA
FindNextUrlCacheEntryExW
InternetCrackUrlW
GopherGetAttributeW
ShowX509EncodedCertificate
FindNextUrlCacheEntryExA
FtpPutFileW
InternetSetDialState
InternetSetOptionW
GopherGetAttributeA
InternetQueryFortezzaStatus
InternetGetCookieExW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
RepoDate
2016-02-02T18:27:12

SubsystemVersion
5.1

InitializedDataSize
81920

ImageVersion
0.0

ProductName
G Data Shredder

FileVersionNumber
25.1.16034.328

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

RepoRevision
59336

FileTypeExtension
exe

OriginalFileName
REISSWOLF.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
25.1.16034.328

TimeStamp
2014:05:04 04:06:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
REISSWOLF

ProductVersion
25.1.0.0

FileDescription
G Data Shredder

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright G Data Software AG 1997-2011

RepoModuleRevision
59290

MachineType
Intel 386 or later, and compatibles

CompanyName
G Data Software AG

CodeSize
77824

RepoModuleDate
2016-02-02T13:59:36

FileSubtype
0

ProductVersionNumber
25.1.0.0

EntryPoint
0x350a

ObjectFileType
Dynamic link library

File identification
MD5 25f813e97409bf7808756f1913b11102
SHA1 fe154a10418e6b238168a512a55d2f8d90f768aa
SHA256 4979bbceccbb991c909307d452666168ce660374079e299a13abae02c08960c1
ssdeep
3072:XvL/guqxHOf2Wr8Hzo0Hrz44obpEza2ircSqH:Y1HsUo2ebb

authentihash 920912aa6d41276d2397dbdeb1ebe55a8c6d49b58708eea2c7747b53af5286ea
imphash 9cd069d0d679946d500f5a99905ee0bd
File size 160.0 KB ( 163840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-17 20:18:28 UTC ( 2 years, 3 months ago )
Last submission 2016-11-17 20:18:28 UTC ( 2 years, 3 months ago )
File names 4979bbceccbb991c909307d452666168ce660374079e299a13abae02c08960c1
REISSWOLF.DLL
NermIttoy.exe
REISSWOLF
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Code injections in the following processes
Created mutexes
Searched windows
Runtime DLLs
UDP communications