× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98ae68b1bc6e260a9dc58babb53594923b8020e94b0415526c145da1d5279132
File name: ntcdtmc2.exe
Detection ratio: 0 / 68
Analysis date: 2018-02-09 05:41:02 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180209
AegisLab 20180209
AhnLab-V3 20180208
Alibaba 20180208
ALYac 20180209
Antiy-AVL 20180209
Arcabit 20180209
Avast 20180209
Avast-Mobile 20180209
AVG 20180209
Avira (no cloud) 20180208
AVware 20180209
Baidu 20180208
BitDefender 20180209
Bkav 20180208
CAT-QuickHeal 20180209
ClamAV 20180209
CMC 20180209
Comodo 20180209
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180209
Cyren 20180209
DrWeb 20180209
eGambit 20180209
Emsisoft 20180209
Endgame 20171130
ESET-NOD32 20180209
F-Prot 20180209
F-Secure 20180209
Fortinet 20180209
GData 20180209
Ikarus 20180208
Sophos ML 20180121
Jiangmin 20180209
K7AntiVirus 20180208
K7GW 20180209
Kaspersky 20180209
Kingsoft 20180209
Malwarebytes 20180209
MAX 20180209
McAfee 20180209
McAfee-GW-Edition 20180209
Microsoft 20180209
eScan 20180209
NANO-Antivirus 20180209
nProtect 20180208
Palo Alto Networks (Known Signatures) 20180209
Panda 20180208
Qihoo-360 20180209
Rising 20180209
SentinelOne (Static ML) 20180115
Sophos AV 20180209
SUPERAntiSpyware 20180209
Symantec 20180209
Symantec Mobile Insight 20180209
Tencent 20180209
TheHacker 20180208
TotalDefense 20180208
TrendMicro 20180209
TrendMicro-HouseCall 20180209
Trustlook 20180209
VBA32 20180208
VIPRE 20180209
ViRobot 20180209
Webroot 20180209
WhiteArmor 20180205
Yandex 20180207
Zillya 20180208
ZoneAlarm by Check Point 20180209
Zoner 20180209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.2.2.0
Description Don't Touch My Computer Episode 2 Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000094E4
Number of sections 8
PE sections
Overlays
MD5 1d5fa9f21a6e0ca7bccf3209a7234813
File type data
Offset 51712
Size 2287086
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
IsDBCSLeadByte
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
1.2.2.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
16896

EntryPoint
0x94e4

MIMEType
application/octet-stream

FileVersion
1.2.2.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Don't Touch My Computer Episode 2 Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NetCent Communications

CodeSize
36352

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 fcf23bb9942f4008974321a954ba4655
SHA1 bb847f23c1587f82ef0572f813b31e6448dc24ab
SHA256 98ae68b1bc6e260a9dc58babb53594923b8020e94b0415526c145da1d5279132
ssdeep
49152:bbJhr0Bt6H42rP+9SvHy+XU+2h6ZAoH8KQ7NliRB680GuoHAzpRA01:3r0fA42a9AS+k36rH8KQ7NYdgoHkR7

authentihash 908e863ecaf882272a7ceb017f117f6409a27b9758c8a8e90e1b02a3990e83cd
imphash da86ff6d22d7419ae7f10724a403dffd
File size 2.2 MB ( 2338798 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe software-collection overlay

VirusTotal metadata
First submission 2009-05-03 11:59:52 UTC ( 9 years, 2 months ago )
Last submission 2018-07-11 08:23:37 UTC ( 5 days, 19 hours ago )
File names smona124134470054644535408
ntcdtmc2_2.exe
bb847f23c1587f82ef0572f813b31e6448dc24ab.bin
Don_t_Touch_My_Computer_Episode_2
ntcdtmc2.exe
408461
file
No_toques_mi_PC.exe
locking screen saver.exe
No Toques Mi Computadora.exe
smona132408269931156176531
Don_t_Touch_My_Computer_1.22_Epis
filename
14885620
ntcdtmc2.exe
octet-stream
output.14885620.txt
dont-touch-my-computer.exe
B00C3ED13094F6D315E4F9B0CDD277C8 - ntcdtmc2.exe
8B98308CEE5FA3EEAF2623D7B0A0B30045452435.exe
1345741922-ntcdtmc2.exe
ntcdtmc2.exe?token=1339294613_3baba824f75cad92b63913263ef76f7b
guitar_pro_6_0_keygen.exe
file
file-4587648_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!