× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b420c33c411b4c988bd803fbbe376a9ea29e3a6ae33a1901698f87e85522bea0
File name: nwppvcdmcr.exe
Detection ratio: 24 / 60
Analysis date: 2017-04-27 16:55:40 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.234555 20170427
AhnLab-V3 Trojan/Win32.Scarsi.R199259 20170427
Antiy-AVL Trojan/Win32.TSGeneric 20170427
Arcabit Trojan.Zusy.D3943B 20170427
Avast Win32:Rootkit-gen [Rtk] 20170427
BitDefender Gen:Variant.Zusy.234555 20170427
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb Trojan.Inject2.53145 20170427
Emsisoft Gen:Variant.Zusy.234555 (B) 20170427
Endgame malicious (high confidence) 20170419
ESET-NOD32 a variant of Win32/Kryptik.FROS 20170427
F-Secure Gen:Variant.Zusy.234555 20170427
Fortinet W32/GenKryptik.ADEL!tr 20170427
GData Gen:Variant.Zusy.234555 20170427
Sophos ML trojanspy.win32.nivdort.dd 20170413
K7AntiVirus Trojan ( 0050c1b31 ) 20170427
K7GW Trojan ( 0050c1b31 ) 20170426
Kaspersky Backdoor.Win32.Androm.ndfl 20170427
McAfee GenericR-JQT!41AC9993106A 20170427
eScan Gen:Variant.Zusy.234555 20170427
Panda Trj/GdSda.A 20170427
Qihoo-360 HEUR/QVM10.1.C348.Malware.Gen 20170427
Yandex Trojan.Kryptik!QzawmrbLyvU 20170427
ZoneAlarm by Check Point Backdoor.Win32.Androm.ndfl 20170427
AegisLab 20170427
Alibaba 20170427
AVG 20170427
Avira (no cloud) 20170427
AVware 20170427
Baidu 20170427
Bkav None
CAT-QuickHeal 20170426
ClamAV 20170427
CMC 20170427
Comodo 20170427
Cyren 20170427
F-Prot 20170427
Ikarus 20170427
Jiangmin 20170427
Kingsoft 20170427
Malwarebytes 20170427
McAfee-GW-Edition 20170427
Microsoft 20170427
NANO-Antivirus 20170427
nProtect 20170427
Palo Alto Networks (Known Signatures) 20170427
Rising None
SentinelOne (Static ML) 20170330
Sophos AV 20170427
SUPERAntiSpyware 20170427
Symantec 20170427
Symantec Mobile Insight 20170427
Tencent 20170427
TheHacker 20170424
TotalDefense 20170426
TrendMicro 20170427
TrendMicro-HouseCall 20170427
Trustlook 20170427
VBA32 20170427
VIPRE 20170427
ViRobot 20170427
Webroot 20170427
WhiteArmor 20170409
Zillya 20170427
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-26 05:42:38
Entry Point 0x000033CF
Number of sections 5
PE sections
PE imports
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InterlockedPushEntrySList
OutputDebugStringW
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetConsoleCtrlHandler
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetEnvironmentVariableW
InterlockedFlushSList
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetVersion
GetModuleHandleExW
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetDateFormatW
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
FindFirstFileExA
FindNextFileW
lstrcpyA
CreateTimerQueueTimer
FindNextFileA
IsValidLocale
FindFirstFileExW
GetProcAddress
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
WaitForSingleObjectEx
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
VirtualAlloc
MessageBoxA
GetMessageW
DispatchMessageW
TranslateMessage
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:04:26 06:42:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
218112

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
285184

SubsystemVersion
5.1

EntryPoint
0x33cf

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 41ac9993106a53065e09523c4ebc8dae
SHA1 97ab770a31aae167ac1164bf40225403799a55d4
SHA256 b420c33c411b4c988bd803fbbe376a9ea29e3a6ae33a1901698f87e85522bea0
ssdeep
12288:+7CGQ3CelkhbFwSeru/8IIQn1blalQlXO:9GQI/8IpXaWhO

authentihash dec80c09c956bb97a1cd18d41dd5b6146844fedb4b1d9bf2f2532272853a6043
imphash ac18114ad8f3149e74367813b99d1f54
File size 492.5 KB ( 504320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-27 16:55:40 UTC ( 2 years ago )
Last submission 2017-04-27 16:55:40 UTC ( 2 years ago )
File names nwppvcdmcr.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!