× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a4bca1af543ba981c6425031f2d64f2a7c8b495915c6c63a2846e20c58a7e09
File name: NoREpls1.1.exe
Detection ratio: 1 / 63
Analysis date: 2017-07-19 12:10:17 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170710
Ad-Aware 20170719
AegisLab 20170719
AhnLab-V3 20170719
Alibaba 20170719
ALYac 20170719
Antiy-AVL 20170719
Arcabit 20170719
Avast 20170719
AVG 20170719
Avira (no cloud) 20170719
AVware 20170719
Baidu 20170719
BitDefender 20170719
Bkav 20170719
CAT-QuickHeal 20170719
ClamAV 20170719
CMC 20170719
Comodo 20170719
Cylance 20170719
Cyren 20170719
DrWeb 20170719
Emsisoft 20170719
Endgame 20170713
ESET-NOD32 20170719
F-Prot 20170719
F-Secure 20170719
Fortinet 20170719
GData 20170719
Ikarus 20170719
Sophos ML 20170607
Jiangmin 20170719
K7AntiVirus 20170719
K7GW 20170719
Kaspersky 20170719
Kingsoft 20170719
Malwarebytes 20170719
MAX 20170719
McAfee 20170719
McAfee-GW-Edition 20170719
Microsoft 20170719
eScan 20170719
NANO-Antivirus 20170719
nProtect 20170719
Palo Alto Networks (Known Signatures) 20170719
Panda 20170719
Qihoo-360 20170719
Rising 20170719
SentinelOne (Static ML) 20170718
Sophos AV 20170719
SUPERAntiSpyware 20170719
Symantec 20170719
Symantec Mobile Insight 20170719
Tencent 20170719
TheHacker 20170719
TrendMicro 20170719
TrendMicro-HouseCall 20170719
Trustlook 20170719
VBA32 20170718
VIPRE 20170719
ViRobot 20170719
Webroot 20170719
WhiteArmor 20170713
Yandex 20170719
Zillya 20170719
ZoneAlarm by Check Point 20170719
Zoner 20170719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

Product Nothing Really Epic; Pretty Lousy Software
Original name NoREpls.exe
Internal name NoREpls.exe
File version 1.1.0.0
Description Crackme by dtm@0x00sec
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-19 10:23:18
Entry Point 0x000019B1
Number of sections 6
PE sections
PE imports
GetSaveFileNameW
GetOpenFileNameW
CryptBinaryToStringA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
RtlUnwind
FindFirstFileExW
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetFileSize
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FindNextFileW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
SetLastError
CreateFileW
FindClose
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
CreateDialogParamW
SetDlgItemTextA
MessageBoxW
SendMessageW
GetMenu
IsDialogMessageW
EnableWindow
EndDialog
TranslateMessage
DialogBoxParamW
GetDlgItemTextA
SetWindowTextW
PostQuitMessage
GetWindowTextLengthW
GetMessageW
GetDlgItem
ShowWindow
EnableMenuItem
SetDlgItemTextW
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_DIALOG 3
AFX_DIALOG_LAYOUT 3
RT_ICON 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH AUS 10
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
104960

ImageVersion
0.0

ProductName
Nothing Really Epic; Pretty Lousy Software

FileVersionNumber
1.1.0.0

LanguageCode
English (Australian)

FileFlagsMask
0x003f

FileDescription
Crackme by dtm@0x00sec

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
NoREpls.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.1.0.0

TimeStamp
2017:07:19 11:23:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NoREpls.exe

ProductVersion
1.1.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017

MachineType
Intel 386 or later, and compatibles

CompanyName
dtm@0x00sec

CodeSize
44544

FileSubtype
0

ProductVersionNumber
1.1.0.0

EntryPoint
0x19b1

ObjectFileType
Executable application

File identification
MD5 f8c2c731eac4ad38dd6eaccc6361749b
SHA1 147d935ee4c0d66651f518e47a61570cbcd8d592
SHA256 9a4bca1af543ba981c6425031f2d64f2a7c8b495915c6c63a2846e20c58a7e09
ssdeep
3072:kvFv3N7tGyhR/Hmpw+4ALPlIRJYAZ8nfYMvmrP:sv3OS2l2/Z8nfFC

authentihash 32c71c204d427bb189adedb0dc10b03cdd195f52e7988c9f9b27dc095de36c4e
imphash f93fe4ca9407eff9215c2bf80dfbb516
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-19 12:09:29 UTC ( 1 year, 4 months ago )
Last submission 2017-07-29 12:30:09 UTC ( 1 year, 4 months ago )
File names NoREpls1.1.exe
NoREpls.exe
NoREpls1.1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests