× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 73d54586d85cd54a51befba1c0332c989318bdd228f764d233bad729add4cb33
File name: ntbr.exe
Detection ratio: 0 / 55
Analysis date: 2014-12-08 12:14:44 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware 20141208
AegisLab 20141208
Yandex 20141209
AhnLab-V3 20141208
ALYac 20141208
Antiy-AVL 20141208
Avast 20141208
AVG 20141208
Avira (no cloud) 20141208
AVware 20141208
Baidu-International 20141208
BitDefender 20141208
Bkav 20141208
ByteHero 20141208
CAT-QuickHeal 20141208
ClamAV 20141208
CMC 20141208
Comodo 20141208
Cyren 20141208
DrWeb 20141208
ESET-NOD32 20141208
F-Prot 20141208
F-Secure 20141210
Fortinet 20141208
GData 20141208
Ikarus 20141208
Jiangmin 20141207
K7AntiVirus 20141208
K7GW 20141208
Kaspersky 20141208
Kingsoft 20141208
Malwarebytes 20141208
McAfee 20141208
McAfee-GW-Edition 20141208
Microsoft 20141208
eScan 20141208
NANO-Antivirus 20141208
Norman 20141209
nProtect 20141205
Panda 20141208
Qihoo-360 20141208
Rising 20141208
Sophos AV 20141208
SUPERAntiSpyware 20141207
Symantec 20141208
Tencent 20141208
TheHacker 20141205
TotalDefense 20141207
TrendMicro 20141208
TrendMicro-HouseCall 20141208
VBA32 20141209
VIPRE 20141208
ViRobot 20141208
Zillya 20141206
Zoner 20141204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-08 11:57:44
Entry Point 0x000013E5
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
closesocket
inet_addr
WSACleanup
WSAStartup
connect
htons
recv
WSASocketW
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:12:08 12:57:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28160

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x13e5

InitializedDataSize
23552

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 5a6a6329ac92fd864b17abccc6eaedf8
SHA1 09d9759ae7998e4cc421542726a51751acbd19c9
SHA256 73d54586d85cd54a51befba1c0332c989318bdd228f764d233bad729add4cb33
ssdeep
768:ZtC3gIWveNG/R/s/zC3h6opwLskx9FPk0ED0XnN6PmT/kd:bCQDWNG50/zKsLskpPT3

authentihash 2b3330f7bbcd2197ab5ef1c97d7ffd6db0e0a39917c2264b34f80edb2ad75689
imphash 5045ca23eb616cbe4e405f2f68d04816
File size 44.0 KB ( 45056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-08 12:14:44 UTC ( 4 years ago )
Last submission 2014-12-08 12:14:44 UTC ( 4 years ago )
File names ntbr.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs