× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 86f5ce429067a851ab5c132a668ee2fdf6372f2311d8b30a85069d42321081e0
File name: nanoparticle
Detection ratio: 49 / 64
Analysis date: 2019-02-19 00:22:59 UTC ( 4 days, 23 hours ago )
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Gen:Variant.Razy.456765 20190218
ALYac Spyware.Infostealer.Azorult 20190218
Antiy-AVL Trojan[PSW]/Win32.Azorult 20190218
Arcabit Trojan.Razy.D6F83D 20190219
Avast Win32:Malware-gen 20190218
AVG Win32:Malware-gen 20190218
Avira (no cloud) TR/Crypt.ZPACK.zflsy 20190218
BitDefender Gen:Variant.Razy.456765 20190218
CAT-QuickHeal Trojanpws.Azorult 20190218
ClamAV Win.Dropper.Razy-6837126-0 20190218
Comodo Malware@#7jhgaytpxs8t 20190218
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.ca2010 20190109
Cylance Unsafe 20190219
Cyren W32/Trojan.CAFN-1115 20190218
DrWeb Trojan.PWS.Stealer.24943 20190218
eGambit Unsafe.AI_Score_76% 20190219
Emsisoft Gen:Variant.Razy.456765 (B) 20190218
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/PSW.Delf.OSF 20190218
F-Secure Trojan.TR/Crypt.ZPACK.zflsy 20190219
Fortinet W32/Injector.EDAC!tr 20190218
GData Gen:Variant.Razy.456765 20190218
Ikarus Trojan.Win32.Injector 20190218
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005463191 ) 20190218
K7GW Trojan ( 005463191 ) 20190218
Kaspersky Trojan-PSW.Win32.Azorult.gbh 20190218
Malwarebytes Trojan.Agent 20190218
McAfee Fareit-FMW!0B89C90F91C0 20190219
McAfee-GW-Edition BehavesLike.Win32.Generic.hh 20190218
Microsoft VirTool:Win32/VBInject.BAI!bit 20190219
eScan Gen:Variant.Razy.456765 20190218
NANO-Antivirus Trojan.Win32.Razy.fmjgmx 20190218
Palo Alto Networks (Known Signatures) generic.ml 20190219
Panda Trj/GdSda.A 20190218
Qihoo-360 Win32/Trojan.984 20190219
Rising Trojan.Injector!1.B459 (CLOUD) 20190219
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/FareitVB-N 20190219
Symantec Trojan.Gen.2 20190218
Tencent Win32.Trojan-qqpass.Qqrob.Hfl 20190219
Trapmine malicious.moderate.ml.score 20190123
VBA32 TrojanPSW.Azorult 20190218
ViRobot Trojan.Win32.Agent.610304.AO 20190218
Webroot W32.Malware.Gen 20190219
Yandex Trojan.PWS.Azorult! 20190215
ZoneAlarm by Check Point Trojan-PSW.Win32.Azorult.gbh 20190218
AegisLab 20190218
AhnLab-V3 20190218
Alibaba 20180921
Avast-Mobile 20190218
Babable 20180918
Baidu 20190215
CMC 20190218
Jiangmin 20190219
Kingsoft 20190219
MAX 20190219
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190207
TACHYON 20190218
TheHacker 20190217
TotalDefense 20190218
Trustlook 20190219
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product linchet9
Original name nanoparticle.exe
Internal name nanoparticle
File version 61.75.0058
Description laugh*stick*main*rule*reached*october^
Comments very~block~halt~front~less~look.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-04-23 15:23:55
Entry Point 0x000010E0
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(616)
Ord(583)
__vbaExceptHandler
Ord(673)
Ord(713)
Ord(517)
MethCallEngine
DllFunctionCall
Ord(619)
ProcCallEngine
Ord(617)
Ord(596)
Ord(100)
Ord(588)
EVENT_SINK_Release
Ord(595)
EVENT_SINK_AddRef
Ord(650)
Ord(608)
Ord(698)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
very~block~halt~front~less~look.

LinkerVersion
6.0

ImageVersion
61.75

FileSubtype
0

FileVersionNumber
61.75.0.58

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
laugh*stick*main*rule*reached*october^

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
73728

EntryPoint
0x10e0

OriginalFileName
nanoparticle.exe

MIMEType
application/octet-stream

FileVersion
61.75.0058

TimeStamp
2009:04:23 17:23:55+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
nanoparticle

ProductVersion
61.75.0058

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
fool/prepared/wheels/school/wonder/took:

CodeSize
536576

ProductName
linchet9

ProductVersionNumber
61.75.0.58

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0b89c90f91c071bf78be164a87fc30ef
SHA1 3320d51ca2010e0f1c943826ab5c7b935fffa505
SHA256 86f5ce429067a851ab5c132a668ee2fdf6372f2311d8b30a85069d42321081e0
ssdeep
6144:Azhqh9juAt2vtEtg02vmSltipbuJ2Z4iO3WqdINx4aMg9aaTEjp6yX250Fc99:KwjUtwHMwpbWKSp6yGYcX

authentihash 15c20a7379e2c31b1c395296a7cafb38b9d40940ed06fbfb4ca841b802efb024
imphash 12890cde80592cb94674e83694658476
File size 596.0 KB ( 610304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-24 16:33:26 UTC ( 1 month ago )
Last submission 2019-02-08 01:00:45 UTC ( 2 weeks, 1 day ago )
File names 1 (1).exe
nanoparticle.exe
nanoparticle
1.exe
output.115122697.txt
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.