× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e32a17c4de330fa8d476b4e06d0d983328b686f22d123ba3f383d0cceb5bed2
File name: NP_files-load3.exe_
Detection ratio: 4 / 46
Analysis date: 2013-01-14 20:31:41 UTC ( 5 years, 11 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Injector.ABHJ 20130114
Norman W32/Kryptik.GWK 20130114
TrendMicro PAK_Generic.001 20130114
TrendMicro-HouseCall PAK_Generic.001 20130114
Yandex 20130114
AhnLab-V3 20130114
AntiVir 20130114
Antiy-AVL 20130114
Avast 20130114
AVG 20130114
BitDefender 20130114
ByteHero 20130110
CAT-QuickHeal 20130114
ClamAV 20130114
Commtouch 20130114
Comodo 20130114
DrWeb 20130114
Emsisoft 20130114
eSafe 20130113
F-Prot 20130114
F-Secure 20130114
Fortinet 20130113
GData 20130114
Ikarus 20130114
Jiangmin 20121221
K7AntiVirus 20130114
Kaspersky 20130114
Kingsoft 20130107
Malwarebytes 20130114
McAfee 20130114
McAfee-GW-Edition 20130114
Microsoft 20130114
eScan 20130114
NANO-Antivirus 20130114
nProtect 20130114
Panda 20130114
PCTools 20130114
Rising 20130114
Sophos AV 20130114
SUPERAntiSpyware 20130114
Symantec 20130114
TheHacker 20130114
TotalDefense 20130114
VBA32 20130114
VIPRE 20130114
ViRobot 20130114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-14 11:08:21
Entry Point 0x00001240
Number of sections 6
PE sections
PE imports
InitCommonControls
GetAtomNameA
AddAtomA
SetUnhandledExceptionFilter
FindAtomA
ExitProcess
GetModuleHandleA
_cexit
__p__fmode
malloc
__p__environ
signal
setlocale
free
_onexit
atexit
abort
_setmode
__getmainargs
fprintf
fflush
_iob
setvbuf
__set_app_type
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
2.16

ImageVersion
1.0

FileVersionNumber
2.2.2.2

LanguageCode
Albanian

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
27648

MIMEType
application/octet-stream

TimeStamp
2013:01:14 12:08:21+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:04:11 05:52:37+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:04:11 05:52:37+01:00

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
11264

FileSubtype
0

ProductVersionNumber
2.2.2.2

EntryPoint
0x1240

ObjectFileType
Executable application

File identification
MD5 61d1985915800ac7bc36329d669f2f17
SHA1 819826dc2257be8d9807772bd83500610a1012a0
SHA256 9e32a17c4de330fa8d476b4e06d0d983328b686f22d123ba3f383d0cceb5bed2
ssdeep
768:uBl0vMiPz+4rfMxgaDSXmRUrB9dxqHOA5+uh6bwC2i0KjKDcZ:85iPzlP92E9dxqHk7XV0KjK8

imphash aa9a78da7e92ed9dac9923bffe86ec3b
File size 57.5 KB ( 58880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-01-14 20:31:41 UTC ( 5 years, 11 months ago )
Last submission 2014-04-11 04:53:09 UTC ( 4 years, 8 months ago )
File names XrGMJ.scr
vti-rescan
NP_files-load3.exe_
61d1985915800ac7bc36329d669f2f17
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications