× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 509c15d7cf5a90bbdb6cc69453f2d94f96f37317fb0befeeb3b758cea23354b7
File name: 5d3fa709e29d.png
Detection ratio: 15 / 59
Analysis date: 2017-03-04 06:30:50 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.71670 20170304
Arcabit Trojan.Symmi.D117F6 20170304
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170303
BitDefender Gen:Variant.Symmi.71670 20170304
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Gen:Variant.Symmi.71670 (B) 20170304
Endgame malicious (high confidence) 20170222
Fortinet W32/Kovter.C!tr 20170304
GData Gen:Variant.Symmi.71670 20170304
Sophos ML generic.a 20170203
eScan Gen:Variant.Symmi.71670 20170304
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170304
Rising Malware.Generic.1!tfe (thunder:1:Tq3phoSiy7D) 20170304
Symantec ML.Attribute.HighConfidence 20170303
Webroot Malicious 20170304
AegisLab 20170304
AhnLab-V3 20170303
Alibaba 20170228
ALYac 20170304
Antiy-AVL 20170304
Avast 20170304
AVG 20170304
Avira (no cloud) 20170303
AVware 20170304
Bkav 20170303
CAT-QuickHeal 20170303
ClamAV 20170304
CMC 20170303
Comodo 20170304
Cyren 20170304
DrWeb 20170304
ESET-NOD32 20170304
F-Prot 20170304
F-Secure 20170304
Ikarus 20170303
Jiangmin 20170301
K7AntiVirus 20170303
K7GW 20170304
Kaspersky 20170304
Kingsoft 20170304
Malwarebytes 20170304
McAfee 20170304
McAfee-GW-Edition 20170304
Microsoft 20170304
NANO-Antivirus 20170304
nProtect 20170304
Panda 20170303
Sophos AV 20170304
SUPERAntiSpyware 20170304
Tencent 20170304
TheHacker 20170302
TotalDefense 20170303
TrendMicro 20170304
TrendMicro-HouseCall 20170304
Trustlook 20170304
VBA32 20170303
VIPRE 20170304
ViRobot 20170304
WhiteArmor 20170303
Yandex 20170225
Zillya 20170303
Zoner 20170304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Nero

Product Nero Burning ROM Starter
Original name StartNBR.exe
Internal name NBRS
File version 15,0,25,0
Description Nero
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-05-16 03:12:52
Entry Point 0x00003992
Number of sections 8
PE sections
Overlays
MD5 5044b3d5d20fcde4d0791788076442de
File type data
Offset 366080
Size 797
Entropy 7.71
PE imports
[+] ADVAPI32.dll
CloseServiceHandle
RegQueryValueExA
RegCloseKey
EqualSid
QueryServiceStatus
CreateProcessAsUserA
RegOpenKeyA
RegSetValueExA
StartServiceA
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
[+] COMCTL32.dll
ImageList_Write
ImageList_GetIcon
ImageList_Create
ImageList_DrawEx
InitCommonControlsEx
[+] KERNEL32.dll
SetThreadAffinityMask
GetLastError
RegisterWaitForSingleObject
ReleaseMutex
GetModuleHandleA
RequestDeviceWakeup
Module32NextW
SetConsoleWindowInfo
SetFileValidData
CreateEventA
ExitProcess
CloseHandle
_hread
GetThreadTimes
SetConsoleCursorInfo
GetProcAddress
LoadLibraryA
[+] OLEAUT32.dll
VariantTimeToDosDateTime
SetErrorInfo
[+] SHELL32.dll
SHGetFileInfoA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
Shell_NotifyIconA
[+] USER32.dll
RedrawWindow
LoadBitmapA
SetWindowPos
DispatchMessageA
ClientToScreen
SetMenuItemInfoA
WindowFromPoint
GetDC
GetCursorPos
ReleaseDC
SendMessageA
GetClientRect
LoadAcceleratorsA
LoadImageA
MsgWaitForMultipleObjects
GetWindowTextA
InvalidateRgn
GetKeyState
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EnumWindows
CheckRadioButton
ShowWindow
GetPropA
EnableWindow
SetWindowPlacement
PeekMessageA
ChildWindowFromPoint
TranslateMessage
GetWindow
LoadStringA
SetClipboardData
IsZoomed
GetWindowPlacement
IsIconic
RegisterClassA
TrackPopupMenuEx
GetSubMenu
CreateWindowExA
FillRect
DeferWindowPos
EndPaint
DefFrameProcA
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
SetFocus
KillTimer
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
GetScrollInfo
CreatePopupMenu
CheckMenuItem
GetWindowLongA
DrawIconEx
SetTimer
GetDlgItem
CreateDialogParamA
ScreenToClient
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
GetMenuItemID
ExitWindowsEx
OpenClipboard
DrawTextA
IntersectRect
EndDialog
LoadMenuA
CreateIconIndirect
GetCapture
FindWindowA
GetSysColorBrush
BeginDeferWindowPos
DrawFrameControl
SetDlgItemTextA
MoveWindow
DialogBoxParamA
GetSysColor
SetScrollInfo
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
GetDoubleClickTime
DestroyIcon
IsWindowVisible
DefMDIChildProcA
UnionRect
FrameRect
DeleteMenu
InvalidateRect
wsprintfA
SetWindowTextA
TranslateAcceleratorA
DefDlgProcA
CallWindowProcA
GetClassNameA
GetFocus
CreateMenu
CloseClipboard
SetCursor
[+] comdlg32.dll
ChooseColorA
dwLBSubclass
[+] ole32.dll
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
ENGLISH ZIMBABWE 1
PE resources
ExifTool file metadata
SpecialBuild
15,0,25,0

SubsystemVersion
4.0

LinkerVersion
2.23

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
15.0.25.0

LanguageCode
Unknown (3009)

FileFlagsMask
0x0017

FileDescription
Nero

CharacterSet
Windows, Latin1

InitializedDataSize
385024

EntryPoint
0x3992

OriginalFileName
StartNBR.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 Nero

FileVersion
15,0,25,0

TimeStamp
2007:05:16 04:12:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NBRS

ProductVersion
15,0,25,0

UninitializedDataSize
124928

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
86016

ProductName
Nero Burning ROM Starter

ProductVersionNumber
15.0.25.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 b44c646e8547babc39ec5ff2e1865edd
SHA1 f0055dc6bc2090301c6926278e529f3b11648f7c
SHA256 509c15d7cf5a90bbdb6cc69453f2d94f96f37317fb0befeeb3b758cea23354b7
ssdeep
6144:OVgfg9gfvqMg7+hLS7KyDACp8flicE8dSbcJyh33Xgb6+JODdYDLfV5OwgS:OC/HqMZLNj3fls8Fy9XgbHIYX9J

authentihash 2096029f934ece56fe76239e6ba8ed4fb577121421ce250365f76774c482d9e2
imphash 34d9985872388a1b8237296006653d39
File size 358.3 KB ( 366877 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-04 06:30:50 UTC ( 1 year, 11 months ago )
Last submission 2017-03-06 18:27:48 UTC ( 1 year, 11 months ago )
File names StartNBR.exe
NBRS
1.exe
5d3fa709e29d.png
5d3fa709e29d.png
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications
Blog | Twitter | Contact us | ToS | Privacy policy