× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7060ed6c3d3015e245142465ab14e38d8f9c38bef5da4d2d2983e3c2252add57
File name: 8361A794DFA231D863E109FC9EEEF21F4CF09DDD_http:nmap.orgdistnmap-6....
Detection ratio: 27 / 52
Analysis date: 2014-10-22 18:14:50 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.143853 20141022
AegisLab Troj.W32.Gen 20141022
AhnLab-V3 Trojan/Win32.Llac 20141022
Antiy-AVL GrayWare[AdWare:not-a-virus]/Win32.iBryte 20141022
Avast Win32:Malware-gen 20141022
AVG Crypt3.VYV 20141022
Avira (no cloud) ADWARE/Adware.Gen 20141022
BitDefender Gen:Variant.Graftor.143853 20141022
Comodo TrojWare.Win32.Agent.CDTQ 20141022
DrWeb Trojan.DownLoader9.2162 20141022
Emsisoft Gen:Variant.Graftor.143853 (B) 20141022
ESET-NOD32 a variant of Win32/Kryptik.CDTQ 20141022
F-Secure Gen:Variant.Graftor.143853 20141022
Fortinet W32/Dropper.CDTQ!tr 20141022
GData Gen:Variant.Graftor.143853 20141022
Ikarus Trojan.Crypt3 20141022
Jiangmin AdWare/MSIL.aif 20141020
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20141020
K7GW Unwanted-Program ( 004a8e8a1 ) 20141021
Kaspersky HEUR:Trojan.Win32.Generic 20141022
Malwarebytes Trojan.Spy.Zbot 20141022
McAfee Generic-FAPZ!1B1AC728F143 20141022
McAfee-GW-Edition Generic-FAPZ!1B1AC728F143 20141022
eScan Gen:Variant.Graftor.143853 20141022
NANO-Antivirus Riskware.Win32.XPACK.cstwha 20141022
VBA32 AdWare.Agent 20141021
Zillya Trojan.Magania.Win32.64778 20141022
Yandex 20141021
AVware 20141022
Baidu-International 20141022
Bkav 20141022
ByteHero 20141022
CAT-QuickHeal 20141022
ClamAV 20141021
CMC 20141021
Cyren 20141022
F-Prot 20141021
Kingsoft 20141022
Microsoft 20141022
Norman 20141022
nProtect 20141022
Qihoo-360 20141022
Rising 20141022
Sophos 20141022
SUPERAntiSpyware 20141022
Symantec 20141022
Tencent 20141022
TheHacker 20141022
TrendMicro 20141022
TrendMicro-HouseCall 20141022
ViRobot 20141022
Zoner 20141020
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) Insecure.Com LLC (fyodor@insecure.org)

Product Nmap
Internal name NmapInstaller.exe
File version 6.47
Description Nmap installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-11 07:19:24
Entry Point 0x00002AAF
Number of sections 5
PE sections
Overlays
MD5 bb9e029acc9477dbb08dbab0273f0d47
File type data
Offset 90330
Size 30026815
Entropy 7.91
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
WinExec
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
GetTempPathA
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
ShellExecuteW
Number of PE resources by type
RT_DIALOG 7
RT_ICON 7
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
30208

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.47.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
10.0

EntryPoint
0x2aaf

LegalTrademark
NMAP

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Insecure.Com LLC (fyodor@insecure.org)

FileVersion
6.47

TimeStamp
2013:10:11 08:19:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NmapInstaller.exe

FileDescription
Nmap installer

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Insecure.org

CodeSize
46592

ProductName
Nmap

ProductVersionNumber
6.0.47.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1b1ac728f143d25e3df7888cf0896a7f
SHA1 de1aff99795e9261a0dca3fcc2baf31938b29721
SHA256 7060ed6c3d3015e245142465ab14e38d8f9c38bef5da4d2d2983e3c2252add57
ssdeep
786432:QcjhO+vSAXA6mHR3udgXC5BmzMTzfats/79AuyLM2825Wxx:QIY5Aw6mHIdgXC5BNTzyS/79AuT7Ew

authentihash 76a332ecbbd1f2f9f7805badaebf296c8e6b5d24b8f2efca6c4ece4dc9a751a1
imphash 71d65fd2c57876da46f794af5d1b9802
File size 28.7 MB ( 30117145 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-10-22 18:14:50 UTC ( 2 years, 6 months ago )
Last submission 2014-11-19 06:35:52 UTC ( 2 years, 5 months ago )
File names 7060ed6c3d3015e245142465ab14e38d8f9c38bef5da4d2d2983e3c2252add57
8361A794DFA231D863E109FC9EEEF21F4CF09DDD_http:nmap.orgdistnmap-6.47-setup.exe
NmapInstaller.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!