× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 75988a4d91c5d3ccf8065f1d2835e80b446d6d5e2add75ffe76af04777f03722
File name: 25.gi
Detection ratio: 39 / 47
Analysis date: 2013-06-28 10:37:58 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Yandex Trojan.DL.Agent!42kYsoroggg 20130627
AhnLab-V3 Downloader/Win32.Agent 20130627
AntiVir TR/Dropper.Gen 20130628
Avast Win32:Malware-gen 20130628
AVG Agent2.AXUV.dropper 20130628
BitDefender Trojan.Generic.3248977 20130628
ByteHero Virus.Win32.Part.a 20130613
ClamAV Win.Trojan.Agent-88803 20130628
Commtouch W32/Zegost.AA.gen!Eldorado 20130628
Comodo TrojWare.Win32.Trojan.Agent.Gen 20130628
DrWeb Trojan.Siggen3.20417 20130628
Emsisoft Trojan.Generic.3248977 (B) 20130628
eSafe Win32.TRDropper 20130625
ESET-NOD32 Win32/Agent.OFQ 20130628
F-Prot W32/Zegost.AA.gen!Eldorado 20130627
F-Secure Trojan.Generic.3248977 20130628
Fortinet W32/Agent.DZQB!tr.dldr 20130628
GData Trojan.Generic.3248977 20130628
Ikarus Trojan-Dropper.Agent 20130628
Jiangmin TrojanDownloader.Agent.crkl 20130628
K7AntiVirus Riskware 20130627
K7GW Riskware 20130627
Kaspersky Trojan-Downloader.Win32.Agent.dzqb 20130628
Kingsoft Win32.Troj.Agent.of.(kcloud) 20130506
McAfee Artemis!079B0ECB7478 20130628
McAfee-GW-Edition Artemis!079B0ECB7478 20130627
Microsoft Trojan:Win32/Trafog!rts 20130628
NANO-Antivirus Trojan.Win32.Agent.dxmoa 20130628
Norman Suspicious_Gen2.OXOEA 20130628
nProtect Trojan/W32.Agent.106498.B 20130628
Panda Trj/Downloader.XSY 20130628
PCTools Trojan.ADH 20130628
Rising Trojan.Win32.Generic.11ED90D9 20130628
Sophos AV Mal/Generic-L 20130628
Symantec Trojan.ADH 20130628
TheHacker Trojan/Downloader.Agent.dzqb 20130625
VBA32 Win32.Agent 20130627
VIPRE Trojan.Win32.Generic!BT 20130628
ViRobot Trojan.Win32.Downloader.106498.D 20130628
Antiy-AVL 20130627
CAT-QuickHeal 20130628
Malwarebytes 20130628
eScan 20130628
SUPERAntiSpyware 20130628
TotalDefense 20130627
TrendMicro 20130628
TrendMicro-HouseCall 20130628
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ¢ç2001

Publisher Microsoft Corporation
Product Microsoft¢ç Windows¢ç Operating System
Version 5.1.2600.2180
Original name ntmsvc.exe
Internal name ntmsvc.exe
File version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description Local Security Access Manager
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-09-28 02:56:40
Entry Point 0x00007F30
Number of sections 4
PE sections
PE imports
[+] ADVAPI32.dll
CloseServiceHandle
RegCloseKey
OpenServiceA
CreateServiceA
RegSetValueExA
StartServiceA
ChangeServiceConfig2A
RegOpenKeyExA
RegCreateKeyA
OpenSCManagerA
[+] KERNEL32.dll
GetLastError
HeapFree
GetStdHandle
LCMapStringW
HeapCreate
GetOEMCP
LCMapStringA
CopyFileA
GetTickCount
IsBadWritePtr
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
WinExec
GetACP
FreeEnvironmentStringsA
GetStartupInfoA
SizeofResource
GetFileSize
SetHandleCount
LockResource
SetFileTime
DeleteFileA
GetCurrentDirectoryA
ExitProcess
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
IsBadReadPtr
SetStdHandle
GetFileTime
GetModuleHandleA
GetTempPathA
UnhandledExceptionFilter
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetDriveTypeA
LocalFree
TerminateProcess
GetEnvironmentStrings
WideCharToMultiByte
IsBadCodePtr
LoadResource
VirtualFree
HeapDestroy
GetFileType
SetEndOfFile
CreateFileA
HeapAlloc
GetVersion
FindResourceA
VirtualAlloc
LocalAlloc
[+] USER32.dll
wsprintfA
Number of PE resources by type
SETUP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
KOREAN 1
PE resources
ExifTool file metadata
SpecialBuild
Windows XP/2000

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Local Security Access Manager

CharacterSet
Unicode

InitializedDataSize
53248

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 2001

FileVersion
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2009:09:28 03:56:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ntmsvc.exe

ProductVersion
5.1.2600.2180

UninitializedDataSize
0

OSVersion
4.0

OriginalFilename
ntmsvc.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Microsoft Windows Operating System

ProductVersionNumber
1.0.0.2

EntryPoint
0x7f30

ObjectFileType
Executable application

File identification
MD5 079b0ecb7478b8a8e69e192cd425ea00
SHA1 72ef195eaf1f21fd5c8df57d64838e342f1a8ce3
SHA256 75988a4d91c5d3ccf8065f1d2835e80b446d6d5e2add75ffe76af04777f03722
ssdeep
3072:j8dSoLosNg/qUqhtw23yO5ILJrY+DXTlMo:Yd1D3Uqc23GdrRDXTp

File size 104.0 KB ( 106498 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2009-11-14 17:18:09 UTC ( 8 years, 5 months ago )
Last submission 2013-06-28 10:37:58 UTC ( 4 years, 10 months ago )
File names sYQS.tmp
25.gif-sX9wmP
rMHpD.mht
aa
ntmsvc.exe
25.gi
079B0ECB7478B8A8E69E192CD425EA00
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | | Google groups | ToS | Privacy policy