× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98ae68b1bc6e260a9dc58babb53594923b8020e94b0415526c145da1d5279132
File name: ntcdtmc2.exe
Detection ratio: 0 / 66
Analysis date: 2018-06-09 16:17:03 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180609
AegisLab 20180609
AhnLab-V3 20180609
Alibaba 20180608
ALYac 20180609
Antiy-AVL 20180609
Arcabit 20180609
Avast 20180609
Avast-Mobile 20180609
AVG 20180609
Avira (no cloud) 20180609
AVware 20180609
Babable 20180406
Baidu 20180608
BitDefender 20180609
Bkav 20180609
CAT-QuickHeal 20180609
ClamAV 20180609
CMC 20180609
Comodo 20180609
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180609
Cyren 20180609
DrWeb 20180609
eGambit 20180609
Emsisoft 20180609
Endgame 20180507
ESET-NOD32 20180609
F-Prot 20180609
F-Secure 20180609
Fortinet 20180609
Ikarus 20180609
Sophos ML 20180601
Jiangmin 20180609
K7AntiVirus 20180609
K7GW 20180609
Kaspersky 20180609
Kingsoft 20180609
Malwarebytes 20180609
MAX 20180609
McAfee 20180609
McAfee-GW-Edition 20180609
Microsoft 20180609
eScan 20180609
NANO-Antivirus 20180609
Palo Alto Networks (Known Signatures) 20180609
Panda 20180609
Qihoo-360 20180609
Rising 20180609
SentinelOne (Static ML) 20180225
Sophos AV 20180609
SUPERAntiSpyware 20180609
Symantec 20180609
Symantec Mobile Insight 20180605
TACHYON 20180608
Tencent 20180609
TheHacker 20180608
TotalDefense 20180609
TrendMicro 20180609
TrendMicro-HouseCall 20180609
Trustlook 20180609
VBA32 20180608
VIPRE 20180609
ViRobot 20180609
Webroot 20180609
Yandex 20180609
ZoneAlarm by Check Point 20180609
Zoner 20180608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.2.2.0
Description Don't Touch My Computer Episode 2 Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000094E4
Number of sections 8
PE sections
Overlays
MD5 1d5fa9f21a6e0ca7bccf3209a7234813
File type data
Offset 51712
Size 2287086
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
IsDBCSLeadByte
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
1.2.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Don't Touch My Computer Episode 2 Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
16896

EntryPoint
0x94e4

MIMEType
application/octet-stream

FileVersion
1.2.2.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NetCent Communications

CodeSize
36352

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 fcf23bb9942f4008974321a954ba4655
SHA1 bb847f23c1587f82ef0572f813b31e6448dc24ab
SHA256 98ae68b1bc6e260a9dc58babb53594923b8020e94b0415526c145da1d5279132
ssdeep
49152:bbJhr0Bt6H42rP+9SvHy+XU+2h6ZAoH8KQ7NliRB680GuoHAzpRA01:3r0fA42a9AS+k36rH8KQ7NYdgoHkR7

authentihash 908e863ecaf882272a7ceb017f117f6409a27b9758c8a8e90e1b02a3990e83cd
imphash da86ff6d22d7419ae7f10724a403dffd
File size 2.2 MB ( 2338798 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe software-collection overlay

VirusTotal metadata
First submission 2009-05-03 11:59:52 UTC ( 9 years, 6 months ago )
Last submission 2018-07-11 08:23:37 UTC ( 4 months, 1 week ago )
File names smona124134470054644535408
ntcdtmc2_2.exe
bb847f23c1587f82ef0572f813b31e6448dc24ab.bin
Don_t_Touch_My_Computer_Episode_2
ntcdtmc2.exe
408461
file
No_toques_mi_PC.exe
locking screen saver.exe
No Toques Mi Computadora.exe
smona132408269931156176531
Don_t_Touch_My_Computer_1.22_Epis
filename
14885620
ntcdtmc2.exe
octet-stream
output.14885620.txt
dont-touch-my-computer.exe
B00C3ED13094F6D315E4F9B0CDD277C8 - ntcdtmc2.exe
8B98308CEE5FA3EEAF2623D7B0A0B30045452435.exe
1345741922-ntcdtmc2.exe
ntcdtmc2.exe?token=1339294613_3baba824f75cad92b63913263ef76f7b
guitar_pro_6_0_keygen.exe
file
file-4587648_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!