× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9665ca04ce176b6c446d12a3d0ea6ad0eede8afb87183870449781745a22cb5b
File name: nc_xored2.exe
Detection ratio: 13 / 43
Analysis date: 2011-08-08 21:46:30 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
AntiVir SPR/Tool.NetCat.B 20110808
ClamAV PUA.NetTool.NetCat-41 20110808
Comodo ApplicUnsaf.Win32.RemoteAdmin.NetCat.g 20110808
DrWeb Tool.Netcat 20110808
Emsisoft Riskware.RemoteAdmin.Win32.NetCat!IK 20110808
F-Secure Riskware:W32/NetCat 20110808
Ikarus not-a-virus:RemoteAdmin.Win32.NetCat 20110808
Kaspersky Virus.Win32.Suspic.gen 20110808
McAfee Tool-NetCat 20110808
McAfee-GW-Edition Tool-NetCat 20110808
NOD32 a variant of Win32/RemoteAdmin.NetCat.AA 20110808
TrendMicro PAK_Generic.001 20110808
TrendMicro-HouseCall PAK_Generic.001 20110808
AVG 20110808
AhnLab-V3 20110808
Antiy-AVL 20110808
Avast 20110808
Avast5 20110808
BitDefender 20110808
CAT-QuickHeal 20110808
Commtouch 20110808
F-Prot 20110808
Fortinet 20110808
GData 20110808
Jiangmin 20110808
K7AntiVirus 20110802
Microsoft 20110808
Norman 20110808
PCTools 20110808
Panda 20110808
Prevx 20110808
Rising 20110808
SUPERAntiSpyware 20110808
Sophos 20110808
Symantec 20110808
TheHacker 20110807
VBA32 20110808
VIPRE 20110808
ViRobot 20110808
VirusBuster 20110808
eSafe 20110808
eTrust-Vet 20110808
nProtect 20110808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 4
PE sections
PE imports
GetSystemTimeAsFileTime
CreateFileA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
SetStdHandle
SetFilePointer
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
GetCPInfo
MultiByteToWideChar
CompareStringA
VirtualQuery
InterlockedExchange
GetLastError
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
Sleep
ReadFile
PeekNamedPipe
WriteFile
CreatePipe
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
CreateThread
GetStdHandle
FreeConsole
ExitProcess
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
SetEndOfFile
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
26 more function(s) imported by ordinal)
File identification
MD5 084689d56c2a6c50b8b17d4637c72009
SHA1 27fbaf2247c41874c27e1764c23eb41e93d227b1
SHA256 9665ca04ce176b6c446d12a3d0ea6ad0eede8afb87183870449781745a22cb5b
ssdeep
1536:P0oPJAErTqlzG5qqh+ocjGlZxW6ev80hRADGRMlu:9PJPTVRcjaXWNHhRZMlu

File size 64.0 KB ( 65536 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
VirusTotal metadata
First submission 2011-08-08 21:46:30 UTC ( 2 years, 11 months ago )
Last submission 2011-09-13 04:46:40 UTC ( 2 years, 10 months ago )
File names 084689d56c2a6c50b8b17d4637c72009
nc_xored2.exe
084689D56C2A6C50B8B17D4637C72009
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!