× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94a4c7a63326fe76d59f4853f0545f3dcc400d09582cdc8b3d53aff799c62a6f
File name: vt-upload-WIYO8
Detection ratio: 18 / 50
Analysis date: 2014-04-19 20:12:01 UTC ( 4 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.368731 20140420
AVG Crypt3.KAC 20140419
Baidu-International Trojan.Win32.Kryptik.CACD 20140419
BitDefender Gen:Variant.Kazy.368731 20140420
Bkav HW32.Pedka.jeie 20140418
Emsisoft Gen:Variant.Kazy.368731 (B) 20140420
ESET-NOD32 a variant of Win32/Kryptik.CACD 20140419
F-Secure Gen:Variant.Kazy.368731 20140419
Fortinet W32/Caphaw.ACF!tr.bdr 20140419
GData Gen:Variant.Kazy.368731 20140420
Kaspersky Backdoor.Win32.Caphaw.acf 20140420
Malwarebytes Backdoor.Bot 20140420
McAfee Artemis!E1CC19F88E8C 20140420
McAfee-GW-Edition Artemis!E1CC19F88E8C 20140420
eScan Gen:Variant.Kazy.368731 20140420
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140419
Symantec WS.Reputation.1 20140420
VIPRE Trojan.Win32.Generic!BT 20140420
AegisLab 20140420
Yandex 20140419
AhnLab-V3 20140419
AntiVir 20140419
Antiy-AVL 20140419
Avast 20140420
ByteHero 20140420
CAT-QuickHeal 20140418
ClamAV 20140420
CMC 20140417
Commtouch 20140420
Comodo 20140419
DrWeb 20140420
F-Prot 20140420
Ikarus 20140419
Jiangmin 20140419
K7AntiVirus 20140418
K7GW 20140418
Kingsoft 20140420
Microsoft 20140420
NANO-Antivirus 20140420
Norman 20140419
nProtect 20140418
Panda 20140419
Qihoo-360 20140411
Sophos AV 20140419
SUPERAntiSpyware 20140419
TheHacker 20140419
TotalDefense 20140419
TrendMicro 20140420
TrendMicro-HouseCall 20140420
VBA32 20140418
ViRobot 20140419
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
NeoLogic Inc.

Product Help Tool
Original name nltool.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-03 10:09:24
Entry Point 0x00004580
Number of sections 5
PE sections
PE imports
RegOpenKeyA
RegCloseKey
RegSetValueA
RegSetValueExA
OpenEventLogA
RegOpenKeyExA
GetClipBox
LoadResource
HeapFree
GetPrivateProfileStructA
VirtualAllocEx
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
HeapAlloc
VirtualProtect
LoadLibraryA
GetStartupInfoA
GetProcessHeaps
HeapSize
GetCommandLineA
GetProcAddress
GetProcessHeap
lstrcpyW
QueryPerformanceFrequency
GetModuleHandleA
GetComputerNameA
ExitThread
ResumeThread
HeapCreate
Sleep
ExitProcess
GetCurrentThreadId
VirtualAlloc
CharLowerA
TranslateAcceleratorA
MessageBoxA
GetSystemMetrics
GetClientRect
PostQuitMessage
DefWindowProcA
FindWindowA
MessageBeep
CharUpperA
Ord(22)
WSACleanup
OleIsRunning
Number of PE resources by type
RT_RCDATA 3
RT_ACCELERATOR 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
425984

ImageVersion
1.0

ProductName
Help Tool

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2014:04:03 11:09:24+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:04:20 04:05:56+01:00

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
5.0

FileCreateDate
2014:04:20 04:05:56+01:00

OriginalFilename
nltool.exe

LegalCopyright
NeoLogic Inc.

MachineType
Intel 386 or later, and compatibles

CodeSize
278528

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x4580

ObjectFileType
Executable application

File identification
MD5 e1cc19f88e8cac0a2dca2626f84af533
SHA1 4e88ec91d1331b970b746d3f35daf315776ad5f5
SHA256 94a4c7a63326fe76d59f4853f0545f3dcc400d09582cdc8b3d53aff799c62a6f
ssdeep
6144:idvexi6JtsAvGzqUNcBF21e5e0diZUhT2oxtfIXb7lQToLOAkju:NsAvs2w0diCgCtfIr7lmeAu

imphash 776468636cf17f75204a25c1a9e6c408
File size 292.0 KB ( 299008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-19 20:12:01 UTC ( 4 years, 11 months ago )
Last submission 2014-04-19 20:12:01 UTC ( 4 years, 11 months ago )
File names vt-upload-WIYO8
nltool.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications