× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7afa6dfc431f058d1397ac7100d5650b97347e1f37f81a2e2d2ee5dfdff4660b
File name: njcwp610sw15918.exe
Detection ratio: 0 / 55
Analysis date: 2016-01-31 10:32:10 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20160130
AegisLab 20160130
Yandex 20160129
AhnLab-V3 20160129
Alibaba 20160129
ALYac 20160130
Antiy-AVL 20160130
Arcabit 20160130
Avast 20160130
AVG 20160130
Avira (no cloud) 20160130
Baidu-International 20160129
BitDefender 20160130
Bkav 20160129
ByteHero 20160131
CAT-QuickHeal 20160129
ClamAV 20160130
CMC 20160130
Comodo 20160130
Cyren 20160129
DrWeb 20160130
Emsisoft 20160130
ESET-NOD32 20160130
F-Prot 20160129
F-Secure 20160129
Fortinet 20160130
GData 20160130
Ikarus 20160129
Jiangmin 20160129
K7AntiVirus 20160129
K7GW 20160129
Kaspersky 20160129
Malwarebytes 20160130
McAfee 20160130
McAfee-GW-Edition 20160130
Microsoft 20160130
eScan 20160130
NANO-Antivirus 20160130
nProtect 20160129
Panda 20160129
Qihoo-360 20160131
Rising 20160129
Sophos AV 20160130
SUPERAntiSpyware 20160130
Symantec 20160129
Tencent 20160131
TheHacker 20160130
TotalDefense 20160129
TrendMicro 20160130
TrendMicro-HouseCall 20160130
VBA32 20160128
VIPRE 20160130
ViRobot 20160129
Zillya 20160130
Zoner 20160130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© NJStar Software Corp. 1991-2015. All Rights Reserved.

Product NJStar Chinese WP6
File version 6.1.0.15918
Description NJStar Chinese WP6 6.10 Shareware Setup
Comments http://www.njstar.com
Signature verification Signed file, verified signature
Signing date 12:37 AM 12/9/2015
Signers
[+] NJStar Software Pty Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/4/2011
Valid to 12:59 AM 5/4/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 72FD9A384C74AB7EFDC5A96E57239F50E039CD9C
Serial number 3E 12 CB 68 4E 6A 0D 4E A4 0F E6 9E 01 7B D6 74
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, appended, UPX_LZMA, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-24 19:19:59
Entry Point 0x000039E3
Number of sections 6
PE sections
Overlays
MD5 7fd3610c369c3258c50ad63a1767a77c
File type data
Offset 50176
Size 22470184
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
DeleteFileW
lstrcmpA
lstrcmpW
GetModuleHandleW
lstrcatW
lstrcpynA
FreeLibrary
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 18
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
NEUTRAL 1
PE resources
ExifTool file metadata
LegalTrademarks
NJStar is a trademark of NJStar Software Corp.

SubsystemVersion
5.0

Comments
http://www.njstar.com

InitializedDataSize
445952

ImageVersion
6.0

ProductName
NJStar Chinese WP6

FileVersionNumber
6.1.0.15918

UninitializedDataSize
16896

LanguageCode
Neutral

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

PrivateBuild
Built on 8/12/2015 at 9:58:36 AM

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.0.15918

TimeStamp
2012:02:24 20:19:59+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.0.15918

FileDescription
NJStar Chinese WP6 6.10 Shareware Setup

OSVersion
5.0

FileOS
Win32

LegalCopyright
NJStar Software Corp. 1991-2015. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
NJStar Software Corp.

CodeSize
28672

FileSubtype
0

ProductVersionNumber
6.1.0.15918

EntryPoint
0x39e3

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 1bbaf2e427aff06ef9f6ef45455e79cd
SHA1 34fc2bda44bf0f638531c7f291de48db60747d90
SHA256 7afa6dfc431f058d1397ac7100d5650b97347e1f37f81a2e2d2ee5dfdff4660b
ssdeep
393216:5iUxdxSiArpilvPwedpyawGKo0LgEq+CwW2f/br1/LRgmXDk81qP7P8By8h:5iU7x9SWpxz08E02nZXA8o0Bjh

authentihash b623fb0832d5d770e609feaf46dfe59c243f93d89e96398cda326dbb7d28f394
imphash 32f3282581436269b3a75b6675fe3e08
File size 21.5 MB ( 22520360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2015-12-17 07:02:25 UTC ( 3 years, 3 months ago )
Last submission 2018-07-10 21:44:25 UTC ( 8 months, 2 weeks ago )
File names njcwp610sw15918.exe
njcwp610sw15918.exe
unconfirmed 7883.crdownload
780393
njcwp.exe
njcwp.exe
7AFA6DFC431F058D1397AC7100D5650B97347E1F37F81A2E2D2EE5DFDFF4660B.exe
7AFA6DFC431F058D1397AC7100D5650B97347E1F37F81A2E2D2EE5DFDFF4660B
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!