× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3301adf4823c7f4b5230e29a41277a2ebe3283696b820fff3590f4b84536a0a
File name: NXPowerLiteSetup70_3 (1).exe
Detection ratio: 4 / 57
Analysis date: 2016-03-23 06:24:08 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Yandex TrojanSpy.Agent!jOEZ/5gC3bA 20160316
McAfee Artemis!74A33716E24C 20160323
McAfee-GW-Edition Artemis 20160323
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160323
Ad-Aware 20160323
AegisLab 20160323
AhnLab-V3 20160323
Alibaba 20160323
ALYac 20160323
Antiy-AVL 20160323
Arcabit 20160323
Avast 20160323
AVG 20160322
Avira (no cloud) 20160323
AVware 20160323
Baidu 20160322
Baidu-International 20160322
BitDefender 20160323
Bkav 20160322
ByteHero 20160323
CAT-QuickHeal 20160323
ClamAV 20160319
CMC 20160322
Comodo 20160323
Cyren 20160323
DrWeb 20160323
Emsisoft 20160323
ESET-NOD32 20160323
F-Prot 20160323
F-Secure 20160323
Fortinet 20160323
GData 20160323
Ikarus 20160323
Jiangmin 20160323
K7AntiVirus 20160322
K7GW 20160323
Kaspersky 20160322
Malwarebytes 20160323
Microsoft 20160323
eScan 20160323
NANO-Antivirus 20160323
nProtect 20160322
Panda 20160322
Qihoo-360 20160323
Sophos AV 20160323
SUPERAntiSpyware 20160323
Symantec 20160323
Tencent 20160323
TheHacker 20160321
TotalDefense 20160323
TrendMicro 20160323
TrendMicro-HouseCall 20160323
VBA32 20160322
VIPRE 20160323
ViRobot 20160323
Zillya 20160322
Zoner 20160323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2016 Neuxpower Solutions Ltd

Product NXPowerLite Desktop 7
Original name NXPowerLiteSetup70_3.exe
Internal name NXPowerLiteSetup70_3
File version 7.0.3
Description NXPowerLite™ - Optimize Microsoft Office, PDF, JPEG and ZIP files
Signature verification Signed file, verified signature
Signing date 11:09 AM 2/19/2016
Signers
[+] Neuxpower Solutions Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 1/8/2016
Valid to 12:59 AM 1/12/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 6774E915A4A1570F7D688822D239FD133108BB6A
Serial number 13 D5 EB 14 E1 47 34 AB 7C E5 33 3F A3 D1 D7 94
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-08 15:06:53
Entry Point 0x00031E0F
Number of sections 7
PE sections
Overlays
MD5 b80aaa03d616d991f760785e8217c992
File type application/x-ms-dos-executable
Offset 444416
Size 24055160
Entropy 7.97
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ConnectNamedPipe
InterlockedPushEntrySList
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
LoadLibraryExA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateNamedPipeW
GetProcessHeap
GetTempFileNameW
RemoveDirectoryW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
FindFirstFileExW
GlobalLock
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
Process32NextW
VirtualFree
WaitForSingleObjectEx
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
SetStdHandle
GetCommandLineA
CopyFileExW
Process32FirstW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_DIALOG 12
RT_STRING 10
RT_ICON 5
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 36
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
144384

ImageVersion
0.0

ProductName
NXPowerLite Desktop 7

FileVersionNumber
7.0.3.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
NXPowerLiteSetup70_3.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.0.3

TimeStamp
2016:02:08 16:06:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NXPowerLiteSetup70_3

ProductVersion
7.0.3

FileDescription
NXPowerLite - Optimize Microsoft Office, PDF, JPEG and ZIP files

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (C) 2016 Neuxpower Solutions Ltd

MachineType
Intel 386 or later, and compatibles

CompanyName
Neuxpower Solutions Ltd

CodeSize
299008

FileSubtype
0

ProductVersionNumber
7.0.3.0

EntryPoint
0x31e0f

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 74a33716e24c9455d6a3c1501c26a8af
SHA1 5ca106c38e0e9aeca3688b7cd6b93600157a8758
SHA256 c3301adf4823c7f4b5230e29a41277a2ebe3283696b820fff3590f4b84536a0a
ssdeep
393216:dYNaHp0zFv8YMyWMgQXJQJGKmanT1xYSYPnTuCKnJsAepPIvysVp/CmUY+8kWGf/:qNWov8dMgQCGpfSY/TuFE9rP8Sf/

authentihash be3ef9384e5fbf975ed4394d6a2b6f9034169cfc443b2e2aab3ccedaa8e35a01
imphash 2d7ee12c718a0e3aadd7a3c763ac90d3
File size 23.4 MB ( 24499576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-02-23 18:01:39 UTC ( 3 years, 2 months ago )
Last submission 2018-05-02 00:21:14 UTC ( 1 year ago )
File names 806874
NXPowerLiteSetup70_3.exe
bit7227.tmp
NXPowerLiteSetup70_3 (1).exe
NXPowerLiteSetup70_3.exe
NXPowerLiteSetup70_3.exe
NXPowerLiteSetup70_3
bitfc78.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!