× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd7334ca6a7c4fae4c49e6533e3aa139186368331e14a845a06e93d1b73a48f3
File name: ninite.exe
Detection ratio: 0 / 54
Analysis date: 2016-01-27 16:46:22 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160127
AegisLab 20160127
Yandex 20160126
AhnLab-V3 20160127
Alibaba 20160127
ALYac 20160127
Antiy-AVL 20160127
Arcabit 20160127
Avast 20160127
AVG 20160127
Avira (no cloud) 20160127
Baidu-International 20160127
BitDefender 20160127
Bkav 20160127
ByteHero 20160127
CAT-QuickHeal 20160127
ClamAV 20160127
CMC 20160111
Comodo 20160127
Cyren 20160127
DrWeb 20160127
Emsisoft 20160127
ESET-NOD32 20160127
F-Prot 20160127
F-Secure 20160127
Fortinet 20160127
GData 20160127
Ikarus 20160127
Jiangmin 20160127
K7AntiVirus 20160127
K7GW 20160127
Kaspersky 20160127
Malwarebytes 20160127
McAfee 20160127
McAfee-GW-Edition 20160127
Microsoft 20160127
eScan 20160127
NANO-Antivirus 20160127
nProtect 20160127
Panda 20160126
Qihoo-360 20160127
Rising 20160127
Sophos 20160127
SUPERAntiSpyware 20160127
Symantec 20160126
Tencent 20160127
TheHacker 20160124
TrendMicro 20160127
TrendMicro-HouseCall 20160127
VBA32 20160127
VIPRE 20160127
ViRobot 20160127
Zillya 20160127
Zoner 20160127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-04 06:02:25
Entry Point 0x0004658C
Number of sections 4
PE sections
PE imports
IsValidSid
DuplicateTokenEx
RevertToSelf
ImageList_GetIconSize
InitCommonControlsEx
ImageList_Destroy
ImageList_SetBkColor
ImageList_Draw
ImageList_Replace
ImageList_DragShowNolock
Ord(17)
ImageList_GetIcon
Ord(2)
GetEnhMetaFileA
GetTextCharsetInfo
GetCharABCWidthsW
DeleteEnhMetaFile
PathToRegion
GetWindowOrgEx
CreateMetaFileA
GetTextExtentPoint32W
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateEnhMetaFileW
CreateRectRgnIndirect
GetMetaRgn
GetWindowExtEx
RectInRegion
GetObjectType
CreateMetaFileW
PolyDraw
PlayEnhMetaFile
LineTo
GdiGetBatchLimit
RestoreDC
GetBitmapBits
CopyEnhMetaFileW
GetICMProfileA
CreateDiscardableBitmap
SetMetaFileBitsEx
FillPath
BitBlt
GetCharWidthA
CreateBitmapIndirect
GetICMProfileW
Ellipse
EnumICMProfilesW
ExtFloodFill
GetLogColorSpaceA
FillRgn
ExtCreatePen
CreateBitmap
CreateFontA
DeleteColorSpace
EqualRgn
GetPolyFillMode
AbortPath
GetOutlineTextMetricsW
GetGraphicsMode
ExtCreateRegion
SetTextCharacterExtra
ExtSelectClipRgn
GetDCOrgEx
CreateCompatibleDC
StrokeAndFillPath
StretchBlt
GetTextFaceA
SwapBuffers
CloseEnhMetaFile
ScaleViewportExtEx
ExtEscape
AbortDoc
SetPolyFillMode
UpdateICMRegKeyA
RealizePalette
GetViewportOrgEx
CancelDC
PtVisible
SetViewportExtEx
GetStockObject
Escape
SetWinMetaFileBits
PolyPolygon
DeleteObject
CreateCompatibleBitmap
CreatePenIndirect
GetNumberFormatA
GetUserDefaultLangID
GetStartupInfoA
FreeLibraryAndExitThread
GetModuleHandleA
FindResourceExW
CopyFileA
GetNamedPipeHandleStateW
__p__fmode
_chdrive
_acmdln
__p__commode
memcmp
__getmainargs
_utime
__setusermatherr
_j0
getwc
_initterm
_controlfp
_adjust_fdiv
__set_app_type
CreateErrorInfo
GetErrorInfo
SHGetFileInfoA
Ord(180)
ShellExecuteExA
SHGetDataFromIDListW
DuplicateIcon
DragFinish
SHChangeNotify
DoEnvironmentSubstA
FindExecutableA
DragAcceptFiles
SHGetInstanceExplorer
SHInvokePrinterCommandA
SHGetFileInfoW
SHFileOperationW
ExtractAssociatedIconA
SHGetPathFromIDListA
SHGetSpecialFolderPathW
SHFileOperationA
ShellExecuteA
Shell_NotifyIconA
SetUserObjectSecurity
PrintDlgA
GetOpenFileNameA
PrintDlgW
GetOpenFileNameW
GetFileTitleA
ChooseColorA
CommDlgExtendedError
ChooseFontA
GetFileTitleW
CoRegisterPSClsid
CoFileTimeNow
IIDFromString
OleCreateLinkEx
StgOpenStorageEx
PropStgNameToFmtId
StgGetIFillLockBytesOnFile
CoCreateGuid
HMENU_UserFree
RevokeDragDrop
OleDuplicateData
HPALETTE_UserFree
StgCreatePropSetStg
ReadFmtUserTypeStg
StgOpenStorage
HWND_UserFree
OleRegEnumFormatEtc
CoRevokeClassObject
SNB_UserUnmarshal
HMENU_UserSize
OleCreateMenuDescriptor
CoGetCurrentProcess
CoDisconnectObject
OleSetClipboard
CoBuildVersion
OleBuildVersion
HGLOBAL_UserFree
STGMEDIUM_UserSize
MonikerCommonPrefixWith
StgCreateDocfile
StgSetTimes
CoRegisterSurrogate
StringFromCLSID
CoIsOle1Class
StringFromIID
CoRegisterClassObject
OleNoteObjectVisible
HBITMAP_UserSize
OleLoadFromStream
OleRegEnumVerbs
OleConvertIStorageToOLESTREAMEx
HBITMAP_UserUnmarshal
CreateDataCache
OleQueryLinkFromData
CreateDataAdviseHolder
StgCreatePropStg
CoFreeAllLibraries
HPALETTE_UserMarshal
CoUninitialize
OleCreateFromData
OleTranslateAccelerator
FreePropVariantArray
FmtIdToPropStgName
GetConvertStg
MonikerRelativePathTo
OleCreateLinkToFile
CreateClassMoniker
CoAddRefServerProcess
IsAccelerator
OleRegGetMiscStatus
SetConvertStg
OleCreateStaticFromData
OleConvertOLESTREAMToIStorageEx
StgGetIFillLockBytesOnILockBytes
CoResumeClassObjects
HWND_UserUnmarshal
CLSIDFromString
ProgIDFromCLSID
SNB_UserMarshal
OleGetIconOfFile
GetClassFile
OleGetAutoConvert
OleMetafilePictFromIconAndLabel
CreateStdProgressIndicator
CLIPFORMAT_UserMarshal
StgIsStorageFile
CoUnmarshalInterface
WriteClassStm
GetRunningObjectTable
CoTaskMemRealloc
CreateBindCtx
CoDosDateTimeToFileTime
HWND_UserSize
OleSetMenuDescriptor
CoReleaseServerProcess
OleLockRunning
HMENU_UserUnmarshal
DoDragDrop
CoIsHandlerConnected
OleCreateLinkToFileEx
CoFreeLibrary
OleCreateLink
OleConvertOLESTREAMToIStorage
GetHGlobalFromILockBytes
CreateAntiMoniker
OleGetClipboard
CreateOleAdviseHolder
StgIsStorageILockBytes
StgCreateStorageEx
OleRegGetUserType
OleInitialize
STGMEDIUM_UserMarshal
OleCreateLinkFromDataEx
CoGetStandardMarshal
PropVariantCopy
CoCreateFreeThreadedMarshaler
OleCreateEmbeddingHelper
StgCreateDocfileOnILockBytes
CoFileTimeToDosDateTime
CLSIDFromProgID
WriteClassStg
OleSetContainedObject
CreateGenericComposite
Number of PE resources by type
RT_ICON 5
RT_MENU 5
RT_GROUP_ICON 5
RT_ACCELERATOR 2
RT_BITMAP 1
YSpq11 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 13
FRENCH BELGIAN 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
155648

ImageVersion
0.0

FileVersionNumber
0.121.32.234

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.0

FileTypeExtension
exe

OriginalFileName
Sequence.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
225, 204, 238, 112

TimeStamp
2006:11:04 07:02:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Totally

ProductVersion
121, 70, 117, 18

FileDescription
Resolution

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2010

MachineType
Intel 386 or later, and compatibles

CompanyName
zoneLINK

CodeSize
286720

FileSubtype
0

ProductVersionNumber
0.143.167.52

EntryPoint
0x4658c

ObjectFileType
Executable application

File identification
MD5 f93ff50b5f3401ea51b103319f9de0d7
SHA1 432bf8303982bfd1e7c7c3aa7c96955b8a646639
SHA256 bd7334ca6a7c4fae4c49e6533e3aa139186368331e14a845a06e93d1b73a48f3
ssdeep
6144:JyOgl/ukXLB8+0Q+icV5G96+1q9/CRMo2kzOjHACtmHCRrG:fglWkF81hicS9kgRMoRzOjHIiRK

authentihash 42b8a7766f8025ef2b6b028b0b0adab84e5d4aaf527916c44a503fd6dd1cd081
imphash e314650e4620ececcaed2e1dd6ffec34
File size 336.0 KB ( 344064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-27 16:35:39 UTC ( 1 year, 4 months ago )
Last submission 2016-06-10 06:34:27 UTC ( 1 year ago )
File names aa
120med.exe
dridex
FCGVJHads.exe
ninite.exe
f93ff50b5f3401ea51b103319f9de0d7.exe
120med.exe
(bd7334ca6a7c4fae4c49e6533e3aa139186368331e14a845a06e93d1b73a48f3) - 120med.exe
Win32.Trojan.Dridex@120med.exe
120med.exe
FCGVJHads.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications