× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7379c5f5989be9b790d071481ee4fdfaeeb0dc7c4566cad8363cb016acc8145e
File name: nc.exe
Detection ratio: 27 / 53
Analysis date: 2014-07-21 13:49:46 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-AppCare/NTSniff_v111.61440 20140721
AntiVir SPR/NetCat.A 20140721
Antiy-AVL Trojan[RemoteAdmin:not-a-virus]/Win32.NetCat 20140721
AVG NetCat.A 20140721
Bkav W32.Clode66.Trojan.0122 20140721
CMC Generic.Win32.ab41b1e2db!MD 20140721
Comodo ApplicUnsaf.Win32.RemoteAdmin.NetCat.A 20140721
DrWeb Tool.Netcat.377 20140721
ESET-NOD32 Win32/RemoteAdmin.NetCat 20140721
F-Prot W32/Netcat 20140721
F-Secure Riskware:W32/NetCat 20140720
Fortinet Riskware/Nt110 20140721
Jiangmin Trojan/VulnWatch.a 20140721
Kaspersky not-a-virus:RemoteAdmin.Win32.NetCat.a 20140721
Malwarebytes PUP.Netcat 20140721
McAfee Tool-NetCat 20140721
McAfee-GW-Edition Tool-NetCat 20140721
NANO-Antivirus Riskware.Win32.NetCat.ibcm 20140721
Panda Hacktool/NetCat.B 20140721
Rising PE:Hack.NetCat.c!1073876285 20140721
Sophos AV NetCat 20140721
Symantec NetCat 20140721
TheHacker Aplicacion/NetCat 20140718
TrendMicro HKTL_NETCAT 20140721
TrendMicro-HouseCall HKTL_NETCAT 20140721
VIPRE Trojan.Win32.Generic!BT 20140721
ViRobot RemoteAdmin.NetCat.61440 20140721
Ad-Aware 20140721
AegisLab 20140721
Yandex 20140721
Avast 20140721
Baidu-International 20140721
BitDefender 20140721
ByteHero 20140721
CAT-QuickHeal 20140721
ClamAV 20140721
Commtouch 20140721
Emsisoft 20140721
GData 20140721
Ikarus 20140721
K7AntiVirus 20140721
K7GW 20140719
Kingsoft 20140721
Microsoft 20140721
eScan 20140721
Norman 20140721
nProtect 20140721
Qihoo-360 20140721
SUPERAntiSpyware 20140721
Tencent 20140721
TotalDefense 20140721
VBA32 20140721
Zoner 20140718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-29 18:07:16
Entry Point 0x00004AC3
Number of sections 3
PE sections
PE imports
PeekNamedPipe
GetLastError
FreeConsole
GetStdHandle
LoadLibraryA
LCMapStringW
SetHandleCount
GetSystemInfo
GetOEMCP
LCMapStringA
GetNumberOfConsoleInputEvents
ExitProcess
GetVersionExA
VirtualProtect
HeapFree
GetModuleFileNameA
RtlUnwind
DuplicateHandle
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
CreateThread
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
WaitForMultipleObjects
TerminateThread
ExitThread
SetStdHandle
CompareStringW
GetCPInfo
GetStringTypeA
SetFilePointer
FlushFileBuffers
DisconnectNamedPipe
ReadFile
InterlockedExchange
WriteFile
GetStartupInfoA
CompareStringA
GetSystemTimeAsFileTime
PeekConsoleInputA
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
TerminateProcess
CreateProcessA
QueryPerformanceCounter
WideCharToMultiByte
HeapCreate
VirtualQuery
VirtualFree
GetEnvironmentStringsW
HeapDestroy
Sleep
GetFileType
SetEndOfFile
CreateFileA
HeapAlloc
GetCurrentThreadId
VirtualAlloc
GetModuleHandleA
CloseHandle
shutdown
accept
WSAStartup
connect
getsockname
htons
inet_ntoa
WSAGetLastError
recv
inet_addr
send
getservbyport
ntohs
select
gethostbyaddr
listen
__WSAFDIsSet
WSACleanup
gethostbyname
WSASetLastError
closesocket
setsockopt
socket
bind
recvfrom
getservbyname
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:12:29 19:07:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4ac3

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
PCAP parents
File identification
MD5 ab41b1e2db77cebd9e2779110ee3915d
SHA1 4122cf816aaa01e63cfb76cd151f2851bc055481
SHA256 7379c5f5989be9b790d071481ee4fdfaeeb0dc7c4566cad8363cb016acc8145e
ssdeep
1536:8LJg1OAEuxWhXTmNquG9L0RT/ADGRMlu:8LJlAEuxAWqu3ZMlu

authentihash 0b1daf5e3a92503734fd48e9b4a07815ff9f9086c89cfeb2c2f58b7bf1725278
imphash b47060fbcbd9d8ec9716eb4a0fdbc38f
File size 60.0 KB ( 61440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe usb-autorun via-tor

VirusTotal metadata
First submission 2006-05-23 14:32:44 UTC ( 13 years ago )
Last submission 2019-04-24 21:07:19 UTC ( 1 month ago )
File names k03pptli.hdf
nc.exe
m55mxaun.10r
owhgkxin.jlg
ab41b1e2db77cebd9e2779110ee3915d.exe
73fhnu
5gnzc2tr.q2v
bguzfx2s.sji
mp3tray.exe
mevrbv5p.b13
nc-1.11.exe
zlz22euy.4p2
AutoUpdater.exe
wgnz0m2w.bws
d0hwf5ja.c0u
teste_de_einsteinn.exe
fc4lfyz5.430
1h0jyshs.v4e
jme055zz.jzs
svchost.exe
nc.txt
ncoriginl.exe
FHA55UPF3GAG12F.tmp
output.112657148.txt
yc503lhh.ygp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!