× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f521925e13a453720402182e9bca1e17761bc85ccd4ce98764d48dbf586705e
File name: nc_xored.exe
Detection ratio: 19 / 43
Analysis date: 2011-08-07 23:36:07 UTC ( 2 years, 11 months ago )
Antivirus Result Update
AntiVir SPR/Tool.NetCat.B 20110807
ClamAV PUA.NetTool.NetCat-41 20110807
Commtouch W32/Netcat 20110808
Comodo ApplicUnsaf.Win32.RemoteAdmin.NetCat.g 20110807
DrWeb Tool.Netcat 20110808
Emsisoft Riskware.RemoteAdmin.Win32.NetCat!IK 20110807
F-Prot W32/Netcat 20110808
F-Secure Riskware:W32/NetCat 20110807
Ikarus not-a-virus:RemoteAdmin.Win32.NetCat 20110807
K7AntiVirus Unwanted-Program 20110802
Kaspersky Packed.Win32.PolyCrypt.b 20110807
McAfee Tool-NetCat 20110808
McAfee-GW-Edition Tool-NetCat 20110808
Microsoft Trojan:Win32/Anomaly.gen!A 20110807
NOD32 Win32/RemoteAdmin.NetCat 20110807
Panda Malicious Packer 20110807
Sophos Sus/UnkPacker 20110808
TrendMicro PAK_Generic.001 20110807
TrendMicro-HouseCall PAK_Generic.001 20110808
AVG 20110807
AhnLab-V3 20110807
Antiy-AVL 20110806
Avast 20110807
Avast5 20110807
BitDefender 20110808
CAT-QuickHeal 20110807
Fortinet 20110807
GData 20110807
Jiangmin 20110807
Norman 20110807
PCTools 20110808
Prevx 20110808
Rising 20110804
SUPERAntiSpyware 20110807
Symantec 20110808
TheHacker 20110807
VBA32 20110806
VIPRE 20110808
ViRobot 20110807
VirusBuster 20110807
eSafe 20110807
eTrust-Vet 20110805
nProtect 20110807
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Number of sections 4
PE sections
PE imports
GetSystemTimeAsFileTime
CreateFileA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
SetStdHandle
SetFilePointer
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
GetCPInfo
MultiByteToWideChar
CompareStringA
VirtualQuery
InterlockedExchange
GetLastError
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
Sleep
ReadFile
PeekNamedPipe
WriteFile
CreatePipe
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
CreateThread
GetStdHandle
FreeConsole
ExitProcess
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
SetEndOfFile
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
26 more function(s) imported by ordinal)
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:12:29 19:07:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
7.1

EntryPoint
0x10000

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 bac52d53a3e4a705e4b79cedf3f826ae
SHA1 0ca6caaaa0e698576b517084bf7787c70b33656d
SHA256 8f521925e13a453720402182e9bca1e17761bc85ccd4ce98764d48dbf586705e
ssdeep
1536:z0oPJAErTqlSG5qqh+ocjGlZxW6ev80hRADGRMlu:5PJPT4RcjaXWNHhRZMlu

File size 64.0 KB ( 65536 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
VirusTotal metadata
First submission 2011-08-07 23:36:07 UTC ( 2 years, 11 months ago )
Last submission 2011-08-07 23:36:07 UTC ( 2 years, 11 months ago )
File names nc_xored.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!