× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 715c3a3cba73ae4409dafaae11d9aa517ec3c7c8f2fe8dfea7c4a602b389be8e
File name: rnpasswd.exe
Detection ratio: 3 / 64
Analysis date: 2019-03-13 01:43:18 UTC ( 1 week, 6 days ago ) View latest
Antivirus Result Update
Kaspersky not-a-virus:PSWTool.Win32.PassRenewer.b 20190313
Trapmine malicious.moderate.ml.score 20190301
ZoneAlarm by Check Point not-a-virus:PSWTool.Win32.PassRenewer.b 20190312
Acronis 20190222
Ad-Aware 20190312
AegisLab 20190313
AhnLab-V3 20190312
Alibaba 20190306
Antiy-AVL 20190313
Arcabit 20190313
Avast 20190313
Avast-Mobile 20190312
AVG 20190313
Avira (no cloud) 20190313
Babable 20180918
Baidu 20190306
BitDefender 20190313
Bkav 20190312
CAT-QuickHeal 20190312
ClamAV 20190312
CMC 20190312
Comodo 20190313
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cyren 20190313
DrWeb 20190313
eGambit 20190313
Emsisoft 20190313
Endgame 20190215
ESET-NOD32 20190313
F-Secure 20190313
Fortinet 20190313
GData 20190312
Ikarus 20190312
Sophos ML 20181128
Jiangmin 20190313
K7AntiVirus 20190312
K7GW 20190312
Kingsoft 20190313
Malwarebytes 20190312
MAX 20190313
McAfee 20190312
McAfee-GW-Edition 20190312
Microsoft 20190312
eScan 20190312
NANO-Antivirus 20190312
Palo Alto Networks (Known Signatures) 20190313
Panda 20190312
Qihoo-360 20190313
Rising 20190312
SentinelOne (Static ML) 20190311
Sophos AV 20190312
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190313
Tencent 20190313
TheHacker 20190308
TotalDefense 20190312
TrendMicro-HouseCall 20190312
Trustlook 20190313
VBA32 20190312
VIPRE 20190312
ViRobot 20190313
Yandex 20190312
Zoner 20190312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00013C98
Number of sections 8
PE sections
PE imports
CloseServiceHandle
RegFlushKey
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
QueryServiceStatus
RegQueryValueExA
ConvertStringSidToSidA
ControlService
LookupAccountSidA
RegCreateKeyExA
DeleteService
RegOpenKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetLastError
GetStdHandle
EnterCriticalSection
lstrlenA
WaitForSingleObject
FreeLibrary
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
FormatMessageA
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
WriteFile
EnumCalendarInfoA
SetConsoleTextAttribute
ReadFile
ResetEvent
lstrcpynA
GetACP
GetDiskFreeSpaceA
GetCurrentThreadId
GetFullPathNameA
SetEvent
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
LoadStringA
CharNextA
WaitForInputIdle
MessageBoxA
wvsprintfA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_STRING 7
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77312

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x13c98

InitializedDataSize
17408

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
PE resource-wise parents
Compressed bundles
File identification
MD5 0216af893b002b3596a953b106dd354d
SHA1 158904ca6c1b2d4359ad765a7ca3f64899e1ba5d
SHA256 715c3a3cba73ae4409dafaae11d9aa517ec3c7c8f2fe8dfea7c4a602b389be8e
ssdeep
1536:xeq5FUQNpqgTYwyt7v0fjwGl/3uraWGnhd/YGtRx97dyCq6J0ZuWheg2cky5nw9:ZFUcTTqgf0GlfurabnhdntRx97dyCtJJ

authentihash 7587137d1d4760a4044496f6c0e807f91e532d5e2d0d6ac96da41b80d849e623
imphash e277f537d6686dfd6bbff701518835d1
File size 93.5 KB ( 95744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (69.1%)
Win32 Executable Borland Delphi 6 (27.3%)
Win32 Executable Delphi generic (1.4%)
Win32 Dynamic Link Library (generic) (0.6%)
Win32 Executable (generic) (0.4%)
Tags
peexe

VirusTotal metadata
First submission 2007-11-21 15:47:10 UTC ( 11 years, 4 months ago )
Last submission 2019-03-11 15:34:15 UTC ( 2 weeks ago )
File names scan_file
6beb93dd0076112e76a1019e15b68e0009cda748.exe
vs5l0gbh.cnq
-rnpasswd-.e-xe
vsg617ga.b2g
0216af893b002b3596a953b106dd354d
rnpasswd.exe1
vsqb13f5.85c
vscr06n3.g3a
vs3p12um.c8p
rnpasswd._exe
vso31jq0.g74
0216af893b002b3596a953b106dd354d_rnpasswd.exe
A0132821.exe
rnpasswd.exe_
vs9kg6c7.o88
00d483ef20cf3102f3c28483f27a5787.safe
vs0217vs.go1
00d483ef20cf3102f3c28483f27a5787.safe
rnpasswdexe
muestra.vr
rnpasswd.exe
avz00001.dta
vstl1fbk.bds
0216af893b002b3596a953b106dd354d
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!