× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a149f5d51caeb810fd77a159c15bf2028833f8de9f76571ecd6aff8a1974f20
File name: nvStView.exe
Detection ratio: 50 / 59
Analysis date: 2017-03-23 04:50:06 UTC ( 5 days, 8 hours ago )
Antivirus Result Update
Ad-Aware Trojan.Dropper.XGJ 20170323
AegisLab Troj.Downloader.W32.Zemot.mc0V 20170323
AhnLab-V3 Trojan/Win32.Zbot.R122550 20170323
ALYac Trojan.Dropper.XGJ 20170323
Antiy-AVL Trojan[Spy]/Win32.Zbot 20170323
Arcabit Trojan.Dropper.XGJ 20170323
Avast Win32:Malware-gen 20170323
AVG Inject2.BBWW 20170323
Avira (no cloud) TR/Dropper.Gen 20170322
AVware Trojan.Win32.Generic!BT 20170323
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9735 20170323
BitDefender Trojan.Dropper.XGJ 20170323
CAT-QuickHeal Ransom.Teerac.WR4 20170322
ClamAV Win.Malware.Agent435500331/CRDF-1 20170323
Comodo TrojWare.Win32.TrojanDropper.Sysn.FN 20170322
Cyren W32/Trojan.PSDD-2852 20170323
Emsisoft Trojan.Dropper.XGJ (B) 20170323
Endgame malicious (moderate confidence) 20170317
ESET-NOD32 a variant of Win32/Injector.BOFW 20170323
F-Prot W32/Trojan3.LRN 20170323
F-Secure Trojan.Dropper.XGJ 20170323
Fortinet W32/Kryptik.CQDT!tr 20170323
GData Trojan.Dropper.XGJ 20170323
Ikarus Trojan.Win32.Inject 20170322
Jiangmin TrojanSpy.Zbot.ehto 20170323
K7AntiVirus Trojan ( 004b00e21 ) 20170323
K7GW Trojan ( 004b00e21 ) 20170323
Kaspersky Trojan-Downloader.Win32.Zemot.a 20170323
Malwarebytes Spyware.Citadel 20170323
McAfee PWSZbot-FAFA!3617A3A0F293 20170323
McAfee-GW-Edition PWSZbot-FAFA!3617A3A0F293 20170323
Microsoft Trojan:Win32/Xtrat 20170323
eScan Trojan.Dropper.XGJ 20170323
NANO-Antivirus Trojan.Win32.Zbot.dhxyoj 20170323
nProtect Trojan-Downloader/W32.Zemot.466568 20170323
Palo Alto Networks (Known Signatures) generic.ml 20170323
Panda Trj/CI.A 20170322
Qihoo-360 Win32/Trojan.Dropper.b73 20170323
Rising Trojan.Generic (cloud:TJ5ptRiRrPC) 20170323
SentinelOne (Static ML) static engine - malicious 20170315
Sophos Troj/Agent-AJOR 20170323
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20170323
Symantec Trojan.Zbot 20170322
TheHacker Trojan/Injector.bofw 20170321
TotalDefense Win32/Zemot.MLGWNbD 20170323
VBA32 TrojanSpy.Zbot 20170322
VIPRE Trojan.Win32.Generic!BT 20170323
ViRobot Trojan.Win32.U.Agent.852992.A[h] 20170323
ZoneAlarm by Check Point Trojan-Downloader.Win32.Zemot.a 20170323
Zoner Trojan.Agent.PYN 20170323
Alibaba 20170323
CrowdStrike Falcon (ML) 20170130
DrWeb 20170323
Invincea 20170203
Kingsoft 20170323
Symantec Mobile Insight 20170322
Tencent 20170323
TrendMicro-HouseCall 20170323
Trustlook 20170323
Webroot 20170323
WhiteArmor 20170315
Yandex 20170321
Zillya 20170322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2012 NVIDIA Corporation. All rights reserved.

Product NVIDIA 3D Vision Photo Viewer
Original name nvStView.exe
Internal name nvStView.exe
File version 7.17.13.1061
Description NVIDIA 3D Vision Photo Viewer
Signature verification A certificate chain could not be built to a trusted root authority.
Signing date 5:55 AM 3/23/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-26 20:06:50
Entry Point 0x00005B8E
Number of sections 4
PE sections
Overlays
MD5 512feff0f3c29e984b4966c0b4d6d09b
File type data
Offset 463360
Size 3208
Entropy 7.56
PE imports
RegOpenKeyExA
GetUserNameA
RegOpenKeyExW
GetUserNameW
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
GetCommandLineW
RtlUnwind
lstrlenW
DeleteCriticalSection
GetCurrentProcess
GetWindowsDirectoryW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetProcAddress
TlsFree
GetStartupInfoW
SetStdHandle
SetFilePointer
RaiseException
GetCPInfo
GetStringTypeA
GetModuleHandleA
GetSystemDirectoryW
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
ExitProcess
GetFileType
TerminateProcess
GetModuleFileNameA
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
SetLastError
TlsSetValue
CreateFileA
HeapAlloc
OutputDebugStringA
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
GetForegroundWindow
GetWindowRect
IsWindowUnicode
GetWindowTextW
IsWindowVisible
GetDesktopWindow
GetMessageTime
LoadCursorW
GetCursor
GetWindowLongW
GetWindowTextA
GetMessagePos
Number of PE resources by type
RT_ICON 9
RT_RCDATA 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.17.13.1061

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
387072

EntryPoint
0x5b8e

OriginalFileName
nvStView.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2012 NVIDIA Corporation. All rights reserved.

FileVersion
7.17.13.1061

TimeStamp
2014:10:26 21:06:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nvStView.exe

ProductVersion
7.17.13.1061

FileDescription
NVIDIA 3D Vision Photo Viewer

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NVIDIA Corporation

CodeSize
75264

ProductName
NVIDIA 3D Vision Photo Viewer

ProductVersionNumber
7.17.13.1061

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 3617a3a0f293afa2bb23fdaa1582ed30
SHA1 7d3f4e89c52fa9ac21afd86ccdd98d5b0f119c3b
SHA256 4a149f5d51caeb810fd77a159c15bf2028833f8de9f76571ecd6aff8a1974f20
ssdeep
12288:f4SWWc7Wagc+7NWydOYuO70qr/tmlGG6/eLEO:QS7c7dg7A+70qrEpceYO

authentihash b6eb8b85b7fb3e51a1be9dee239b83fc40e21ec769cc97d5d04646a85c2f4944
imphash 6b4b63473f244397f49d81efa1b3e9c5
File size 455.6 KB ( 466568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-10-27 09:22:43 UTC ( 2 years, 5 months ago )
Last submission 2015-02-15 22:19:43 UTC ( 2 years, 1 month ago )
File names nvStView.exe
pdf.exe
174_142_90_231-80-TCP-[2014_10_27-11_27_58]-000006C4-.exe1
7d3f4e89c52fa9ac21afd86ccdd98d5b0f119c3b
3617a3a0f293afa2bb23fdaa1582ed30.vir
pdf.exe
pdf (1).exe
pdf[1].exe
9
3617a3a0f293afa2bb23fdaa1582ed30
4a149f5d51caeb810fd77a159c15bf2028833f8de9f76571ecd6aff8a1974f20
CYBERCRiME-TRACKER.NET-USER_SUBMISSION_4a149f5d51caeb810fd77a159c15bf2028833f8de9f76571ecd6aff8a1974f20
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.