× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9ecef752d40f1ee38d118485aa50421a66d007b418345e6eec8ef6849950a524
File name: machineupdate32.exe
Detection ratio: 36 / 42
Analysis date: 2012-04-25 17:46:21 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20120424
AntiVir TR/Crypt.ULPM.Gen 20120425
Antiy-AVL Trojan/Win32.Zbot.gen 20120425
Avast Win32:MalOb-JE [Cryp] 20120425
AVG Win32/Cryptor 20120425
BitDefender Trojan.Injector.XK 20120425
CAT-QuickHeal TrojanPWS.Zbot.Y 20120425
ClamAV Trojan.Zbot-16696 20120425
Comodo Heur.Suspicious 20120425
DrWeb Trojan.PWS.Turist.1 20120425
Emsisoft Trojan-Spy.Win32.Zbot!IK 20120425
eSafe Win32.PWS.Zbot.Px 20120424
eTrust-Vet Win32/Zbot.AB!generic 20120425
F-Secure Trojan.Injector.XK 20120425
Fortinet W32/Zbot.EZ 20120425
GData Trojan.Injector.XK 20120425
Ikarus Trojan-Spy.Win32.Zbot 20120425
Jiangmin TrojanSpy.Zbot.army 20120425
K7AntiVirus Riskware 20120425
Kaspersky Trojan-Spy.Win32.Zbot.dgks 20120425
McAfee PWS-Zbot.gen.qr 20120425
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C!88 20120425
Microsoft TrojanSpy:Win32/Ranbyus.G 20120425
NOD32 a variant of Win32/Kryptik.ZFQ 20120425
Norman W32/Suspicious_Gen4.BUZJ 20120425
nProtect Trojan.Injector.XK 20120425
Panda Generic Trojan 20120425
Rising Trojan.Win32.Generic.12B0DAD6 20120425
SUPERAntiSpyware Trojan.Agent/Gen-Fake[Plus] 20120402
Symantec Packed.Generic.350 20120425
TheHacker Trojan/Spy.Zbot.dgks 20120425
TrendMicro TROJ_RANBYUS.AL 20120425
TrendMicro-HouseCall TROJ_RANBYUS.AL 20120425
VBA32 TrojanSpy.Zbot.dgks 20120425
VIPRE Trojan.Win32.Generic!BT 20120425
VirusBuster TrojanSpy.Zbot!l21W9YYkvKY 20120425
ByteHero 20120424
Commtouch 20120425
F-Prot 20120425
PCTools 20120424
Sophos AV 20120425
ViRobot 20120425
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyleft 1998-2006 by Don HO

Product Notepad++
Original name Notepad++.exe
Internal name npp.exe
File version 5.7
Description Notepad++ : a free (GNU) source code editor
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-25 22:15:02
Entry Point 0x00042A60
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
BitBlt
VerQueryValueA
Number of PE resources by type
RT_BITMAP 36
RT_VERSION 1
Number of PE resources by language
ENGLISH US 37
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
9.0

ImageVersion
9.3

FileSubtype
0

FileVersionNumber
5.7.0.0

UninitializedDataSize
118784

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x42a60

OriginalFileName
Notepad++.exe

MIMEType
application/octet-stream

LegalCopyright
Copyleft 1998-2006 by Don HO

FileVersion
5.7

TimeStamp
2011:05:25 23:15:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
npp.exe

ProductVersion
5.7

FileDescription
Notepad++ : a free (GNU) source code editor

OSVersion
10.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Don HO don.h@free.fr

CodeSize
155648

ProductName
Notepad++

ProductVersionNumber
5.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 670a934f4f9c7996b5efb82af3cc8798
SHA1 063470517edf6e3a2af48cfa10c4f4c95faf59a8
SHA256 9ecef752d40f1ee38d118485aa50421a66d007b418345e6eec8ef6849950a524
ssdeep
3072:xfziLYly7mucPm98Ka5eKqgch9lKuKeGaXqu1aanI61m3agC0wTvvfYblK8OoutS:xc7P5kg+cTlKVuvI6QaBclFOoS

authentihash 09862c1a19802ea9cfb36496e6356ffc60aa68722c1cc8d04ac1a31079fd5a47
imphash 98405d68a3880c4d00af1750ea8e933d
File size 153.5 KB ( 157184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-01-17 08:01:13 UTC ( 6 years, 9 months ago )
Last submission 2012-04-25 17:46:21 UTC ( 6 years, 5 months ago )
File names 670a934f4f9c7996b5efb82af3cc8798
YbjLjun.js
aa
Notepad++.exe
lrosu.exe
XLLPtSs5MS.tiff
machineupdate32.exe
npp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!