× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 89c2b32bbe6cb2f5e8386de54d8013ee1c07e2583df088b677a9a6fdfa8579be
File name: _output2052D40_MD.exe
Detection ratio: 7 / 67
Analysis date: 2018-10-25 08:07:43 UTC ( 6 months, 4 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Injector.R240894 20181025
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cylance Unsafe 20181025
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.EBFS 20181025
Sophos ML heuristic 20180717
Qihoo-360 HEUR/QVM03.0.C1D3.Malware.Gen 20181025
Ad-Aware 20181024
AegisLab 20181025
Alibaba 20180921
ALYac 20181025
Antiy-AVL 20181023
Arcabit 20181025
Avast 20181025
Avast-Mobile 20181025
AVG 20181025
Avira (no cloud) 20181025
Babable 20180918
Baidu 20181024
BitDefender 20181025
Bkav 20181024
CAT-QuickHeal 20181024
ClamAV 20181024
CMC 20181024
Cybereason 20180225
Cyren 20181025
DrWeb 20181025
eGambit 20181025
Emsisoft 20181025
F-Prot 20181025
F-Secure 20181025
Fortinet 20181025
GData 20181025
Ikarus 20181024
Jiangmin 20181025
K7AntiVirus 20181025
K7GW 20181025
Kaspersky 20181024
Kingsoft 20181025
MAX 20181025
McAfee 20181025
McAfee-GW-Edition 20181025
Microsoft 20181025
eScan 20181025
NANO-Antivirus 20181025
Palo Alto Networks (Known Signatures) 20181025
Panda 20181024
Rising 20181025
SentinelOne (Static ML) 20181011
Sophos AV 20181025
SUPERAntiSpyware 20181022
Symantec 20181025
Symantec Mobile Insight 20181001
TACHYON 20181025
Tencent 20181025
TheHacker 20181024
TotalDefense 20181025
TrendMicro 20181025
TrendMicro-HouseCall 20181025
Trustlook 20181025
VBA32 20181024
VIPRE 20181024
ViRobot 20181025
Webroot 20181025
Yandex 20181025
Zillya 20181024
ZoneAlarm by Check Point 20181025
Zoner 20181024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
SUPERMAGNIFICENTLY

Product Montini3
Original name Nortonville.exe
Internal name Nortonville
File version 1.09.0003
Comments galtonian1
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 12:08 AM 2/14/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-10-14 12:15:00
Entry Point 0x00001334
Number of sections 3
PE sections
Overlays
MD5 816a41a58497e4917249bf73c6a36294
File type data
Offset 1269760
Size 2328
Entropy 7.66
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
EVENT_SINK_QueryInterface
_allmul
__vbaR4ErrVar
_adj_fprem
Ord(617)
__vbaR4Var
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
Ord(714)
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
_adj_fdivr_m32
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
EVENT_SINK_Release
_adj_fdiv_r
Ord(100)
_adj_fdivr_m64
__vbaFreeVar
__vbaObjSetAddref
Ord(619)
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaInStrVarB
Ord(616)
__vbaVarTstEq
_adj_fptan
__vbaVarDup
__vbaR8Var
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
__vbaFpR4
__vbaStrCat
__vbaFreeStrList
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
duran

UninitializedDataSize
0

Comments
galtonian1

InitializedDataSize
20480

ImageVersion
1.9

ProductName
Montini3

FileVersionNumber
1.9.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Nortonville.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.09.0003

TimeStamp
2004:10:14 05:15:00-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Nortonville

ProductVersion
1.09.0003

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
SUPERMAGNIFICENTLY

MachineType
Intel 386 or later, and compatibles

CodeSize
1245184

FileSubtype
0

ProductVersionNumber
1.9.0.3

EntryPoint
0x1334

ObjectFileType
Executable application

Execution parents
File identification
MD5 92045aa656137ace7e5ba4ea0f227a0b
SHA1 d3097b943e867cf8c30ce323a3e557d35482c79a
SHA256 89c2b32bbe6cb2f5e8386de54d8013ee1c07e2583df088b677a9a6fdfa8579be
ssdeep
6144:6BgDF4FcMTSqgSRGvuHLn+Te6xbjpHmk1U1IfF/avQw6SjAxnWD2IcR75jB9sndP:6uC9ITSdyElDdwMIjshRDr

authentihash d6121e73eda1823782265662fbac8c9289918de1900caef53e226ca712b44790
imphash eabe49d31268a5ea8e79dd84bde297d3
File size 1.2 MB ( 1272088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-25 08:07:43 UTC ( 6 months, 4 weeks ago )
Last submission 2018-11-07 04:11:12 UTC ( 6 months, 2 weeks ago )
File names Nortonville
_output2052d40_md[1].exe
Nortonville.exe
92045aa656137ace7e5ba4ea0f227a0b
_output2052d40_MD.exe
_output2052D40_MD.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.