× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7379c5f5989be9b790d071481ee4fdfaeeb0dc7c4566cad8363cb016acc8145e
File name: nc.exe
Detection ratio: 48 / 67
Analysis date: 2017-10-31 11:19:37 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Application.RemoteAdmin.RGU 20171031
AhnLab-V3 Win-AppCare/NTSniff_v111.61440 20171031
ALYac Misc.HackTool.NetCat 20171031
Antiy-AVL RiskWare[RemoteAdmin]/Win32.NetCat.a 20171031
Arcabit Application.RemoteAdmin.RGU 20171031
AVware Trojan.Win32.Generic!BT 20171031
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9951 20171031
BitDefender Application.RemoteAdmin.RGU 20171031
CAT-QuickHeal Remoteadmin.Netcat 20171031
CMC Generic.Win32.ab41b1e2db!MD 20171031
Comodo ApplicUnsaf.Win32.RemoteAdmin.NetCat.A 20171031
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cybereason malicious.1b8fb7 20170628
Cylance Unsafe 20171031
Cyren W32/Netcat.AXJU-8677 20171031
Emsisoft Application.RemoteAdmin.RGU (B) 20171031
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/RemoteAdmin.NetCat potentially unsafe 20171031
F-Prot W32/Netcat 20171031
F-Secure Riskware:W32/NetCat 20171031
Fortinet Riskware/Nt110 20171031
GData Win32.Riskware.NetCat.A 20171031
Ikarus PUA.RemoteAdmin.NetCat 20171031
Sophos ML heuristic 20170914
Jiangmin Trojan/VulnWatch.a 20171031
K7AntiVirus Unwanted-Program ( 004ba44d1 ) 20171031
K7GW Unwanted-Program ( 004ba44d1 ) 20171031
Kaspersky not-a-virus:RemoteAdmin.Win32.NetCat.a 20171031
MAX malware (ai score=100) 20171031
McAfee Tool-NetCat 20171031
McAfee-GW-Edition Tool-NetCat 20171031
NANO-Antivirus Riskware.Win32.RemoteAdmin.eijmmb 20171031
Palo Alto Networks (Known Signatures) generic.ml 20171031
Panda Hacktool/NetCat.B 20171030
Rising Hack.NetCat.c (CLASSIC) 20171031
Sophos AV NetCat (PUA) 20171031
SUPERAntiSpyware PUP.NetCat/Variant 20171031
Symantec NetCat 20171031
Tencent Win32.Trojan.Gen.Yehh 20171031
TheHacker Aplicacion/NetCat 20171028
TrendMicro HKTL_NETCAT 20171031
TrendMicro-HouseCall HKTL_NETCAT 20171031
VIPRE Trojan.Win32.Generic!BT 20171031
ViRobot RemoteAdmin.NetCat.61440 20171031
Webroot W32.Malware.Gen 20171031
Zillya Trojan.RemoteAdmin.Win32.8 20171030
ZoneAlarm by Check Point not-a-virus:RemoteAdmin.Win32.NetCat.a 20171031
Zoner PUA.NetCat 20171031
AegisLab 20171031
Alibaba 20170911
Avast 20171031
Avast-Mobile 20171031
AVG 20171031
Avira (no cloud) 20171031
Bkav 20171031
ClamAV 20171031
DrWeb 20171031
eGambit 20171031
Kingsoft 20171031
Malwarebytes 20171031
Microsoft 20171031
eScan 20171031
nProtect 20171031
Qihoo-360 20171031
SentinelOne (Static ML) 20171019
Symantec Mobile Insight 20171027
Trustlook 20171031
VBA32 20171030
WhiteArmor 20171024
Yandex 20171030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-29 18:07:16
Entry Point 0x00004AC3
Number of sections 3
PE sections
PE imports
PeekNamedPipe
GetLastError
FreeConsole
GetStdHandle
LoadLibraryA
LCMapStringW
SetHandleCount
GetSystemInfo
GetOEMCP
LCMapStringA
GetNumberOfConsoleInputEvents
ExitProcess
GetVersionExA
VirtualProtect
HeapFree
GetModuleFileNameA
RtlUnwind
DuplicateHandle
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
CreateThread
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
WaitForMultipleObjects
TerminateThread
ExitThread
SetStdHandle
CompareStringW
GetCPInfo
GetStringTypeA
SetFilePointer
FlushFileBuffers
DisconnectNamedPipe
ReadFile
InterlockedExchange
WriteFile
GetStartupInfoA
CompareStringA
GetSystemTimeAsFileTime
PeekConsoleInputA
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
TerminateProcess
CreateProcessA
QueryPerformanceCounter
WideCharToMultiByte
HeapCreate
VirtualQuery
VirtualFree
GetEnvironmentStringsW
HeapDestroy
Sleep
GetFileType
SetEndOfFile
CreateFileA
HeapAlloc
GetCurrentThreadId
VirtualAlloc
GetModuleHandleA
CloseHandle
shutdown
accept
WSAStartup
connect
getsockname
htons
inet_ntoa
WSAGetLastError
recv
inet_addr
send
getservbyport
ntohs
select
gethostbyaddr
listen
__WSAFDIsSet
WSACleanup
gethostbyname
WSASetLastError
closesocket
setsockopt
socket
bind
recvfrom
getservbyname
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:12:29 19:07:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4ac3

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
PCAP parents
File identification
MD5 ab41b1e2db77cebd9e2779110ee3915d
SHA1 4122cf816aaa01e63cfb76cd151f2851bc055481
SHA256 7379c5f5989be9b790d071481ee4fdfaeeb0dc7c4566cad8363cb016acc8145e
ssdeep
1536:8LJg1OAEuxWhXTmNquG9L0RT/ADGRMlu:8LJlAEuxAWqu3ZMlu

authentihash 0b1daf5e3a92503734fd48e9b4a07815ff9f9086c89cfeb2c2f58b7bf1725278
imphash b47060fbcbd9d8ec9716eb4a0fdbc38f
File size 60.0 KB ( 61440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe usb-autorun via-tor

VirusTotal metadata
First submission 2006-05-23 14:32:44 UTC ( 13 years ago )
Last submission 2019-04-24 21:07:19 UTC ( 1 month ago )
File names k03pptli.hdf
nc.exe
m55mxaun.10r
owhgkxin.jlg
ab41b1e2db77cebd9e2779110ee3915d.exe
73fhnu
5gnzc2tr.q2v
bguzfx2s.sji
mp3tray.exe
mevrbv5p.b13
nc-1.11.exe
zlz22euy.4p2
AutoUpdater.exe
wgnz0m2w.bws
d0hwf5ja.c0u
teste_de_einsteinn.exe
fc4lfyz5.430
1h0jyshs.v4e
jme055zz.jzs
svchost.exe
nc.txt
ncoriginl.exe
FHA55UPF3GAG12F.tmp
output.112657148.txt
yc503lhh.ygp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!