× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7bd5e86b5ab5032a7959cbfa3921db0ffec81318494ddbb402ee913fa2452aa8
File name: nAPKtk.exe
Detection ratio: 21 / 66
Analysis date: 2018-10-18 04:57:21 UTC ( 4 months ago ) View latest
Antivirus Result Update
Avast Win32:Trojan-gen 20181018
AVG Win32:Trojan-gen 20181018
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.681cba 20180225
Cylance Unsafe 20181018
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Zbot.ADC 20181018
GData Win32.Backdoor.Zeus.JZFS66 20181018
Sophos ML heuristic 20180717
Kaspersky Trojan-Spy.Win32.Panda.ccl 20181018
McAfee Artemis!F96815A02BA3 20181018
McAfee-GW-Edition BehavesLike.Win32.Ramnit.ch 20181018
Microsoft PWS:Win32/Vigorf.A 20181018
Palo Alto Networks (Known Signatures) generic.ml 20181018
Qihoo-360 HEUR/QVM19.1.99CB.Malware.Gen 20181018
Rising Downloader.Agent!8.B23 (CLOUD) 20181018
Symantec Packed.Generic.530 20181017
TrendMicro-HouseCall TROJ_GEN.R020H05JH18 20181018
Trustlook PE.Malware.General (score:9) 20181018
Webroot W32.Trojan.Gen 20181018
ZoneAlarm by Check Point Trojan-Spy.Win32.Panda.ccl 20181018
Ad-Aware 20181018
AegisLab 20181018
AhnLab-V3 20181018
Alibaba 20180921
ALYac 20181018
Antiy-AVL 20181017
Arcabit 20181018
Avast-Mobile 20181017
Avira (no cloud) 20181018
Babable 20180918
Baidu 20181017
BitDefender 20181018
Bkav 20181017
CAT-QuickHeal 20181013
ClamAV 20181017
CMC 20181017
Cyren 20181018
DrWeb 20181018
eGambit 20181018
Emsisoft 20181018
F-Prot 20181018
F-Secure 20181018
Fortinet 20181018
Ikarus 20181017
Jiangmin 20181018
K7AntiVirus 20181017
K7GW 20181018
Kingsoft 20181018
Malwarebytes 20181018
MAX 20181018
eScan 20181018
NANO-Antivirus 20181018
Panda 20181017
SentinelOne (Static ML) 20181011
Sophos AV 20181018
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181018
Tencent 20181018
TheHacker 20181015
TrendMicro 20181018
VBA32 20181017
ViRobot 20181017
Yandex 20181017
Zillya 20181017
Zoner 20181017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2008

Product Amyuni PDF Converter
Original name Install.exe
Internal name Install.exe
File version 1, 0, 0, 1
Description PDF Driver installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-17 09:32:30
Entry Point 0x00012485
Number of sections 5
PE sections
PE imports
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
LookupAccountNameA
CryptAcquireContextA
SystemFunction041
IsValidSid
GetSidIdentifierAuthority
CryptGenRandom
RegOpenKeyExW
RegSetValueExA
CryptReleaseContext
RegDeleteValueA
RegCreateKeyA
RegQueryValueExW
GetDeviceCaps
TextOutW
DeleteDC
SetBkMode
SelectObject
CreatePen
GetStockObject
CreateFontW
CreateSolidBrush
SetTextColor
GetObjectW
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetCPInfo
WaitForDebugEvent
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
ResumeThread
InitializeCriticalSection
OutputDebugStringW
InterlockedDecrement
SetLastError
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
ExitThread
SetThreadContext
TerminateProcess
WriteConsoleA
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
GetProcessHeap
lstrcmpA
GetComputerNameA
DuplicateHandle
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
ContinueDebugEvent
WideCharToMultiByte
HeapSize
GetCommandLineA
GetStringTypeA
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetFolderPathW
PathFileExistsW
StrStrIW
PathAppendW
SetFocus
RedrawWindow
EndDialog
PostQuitMessage
DefWindowProcW
CopyRect
GetMessageW
ShowWindow
SetWindowPos
GetSystemMetrics
SetWindowLongW
MessageBoxW
RegisterClassExW
DialogBoxParamW
IsCharAlphaNumericW
TranslateMessage
PostMessageW
GetDC
ReleaseDC
SendMessageW
SetWindowTextW
GetDlgItem
DrawTextW
LoadImageW
DispatchMessageW
SetRect
InvalidateRect
wsprintfA
CallWindowProcW
GetClientRect
GetWindowTextW
ValidateRect
LoadCursorW
LoadIconW
CreateWindowExW
timeSetEvent
ImageGetCertificateHeader
ImageGetCertificateData
Number of PE resources by type
RT_ICON 2
RT_STRING 2
RT_DIALOG 1
RT_MANIFEST 1
Struct(255) 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
FRENCH 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
29696

ImageVersion
0.0

ProductName
Amyuni PDF Converter

FileVersionNumber
3.0.3.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Install.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2018:06:17 10:32:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Install.exe

ProductVersion
3, 0, 3, 0

FileDescription
PDF Driver installer

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 1998-2008

MachineType
Intel 386 or later, and compatibles

CompanyName
AMYUNI Technologies Inc.

CodeSize
126976

FileSubtype
0

ProductVersionNumber
3.0.3.0

EntryPoint
0x12485

ObjectFileType
Executable application

Execution parents
File identification
MD5 f96815a02ba3052371fbe8546e774098
SHA1 55ad4df681cbafb8009a749a25df55c4a51d5ad7
SHA256 7bd5e86b5ab5032a7959cbfa3921db0ffec81318494ddbb402ee913fa2452aa8
ssdeep
3072:nMa4pV9xzlKoh2HvYNztvvBbO8j14LWN7hFNHiOVrNyr:b6VkE2yztQ8jNVfj3

authentihash 02a5b4810458c48571ab7bc6bc8adfb31b0de95f9aa9424f7720260142bb3426
imphash b03e0829d3f759b1abf326cbc78b6f62
File size 157.0 KB ( 160768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-17 17:08:26 UTC ( 4 months ago )
Last submission 2018-10-18 10:08:47 UTC ( 4 months ago )
File names history.exe
history.exe
cache.exe
bnca54.tmp
demo.exe
compatibility.exe
bn275e.tmp
winamp.exe
f96815a0.gxe
preferences.exe
bn91ec.tmp
permissions.exe
2018-10-17-Zeus-Panda-Banker-caused-by-Hancitor.exe
blist.exe
bn43d0.tmp
ui.exe
bnb3cc.tmp
nAPKtk.exe
bnd50d.tmp
extensions.exe
bn464d.tmp
Install.exe
mailviews.exe
profiles.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs