× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e044fb6d5973aabba1159bc83973eec78f590fd958b3f423829bc5399b231101
File name: NoREpls1.2.exe
Detection ratio: 1 / 63
Analysis date: 2017-07-20 10:51:58 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.MysticCompressor.cm 20170720
Ad-Aware 20170720
AegisLab 20170720
AhnLab-V3 20170720
Alibaba 20170720
ALYac 20170720
Antiy-AVL 20170720
Arcabit 20170720
Avast 20170720
AVG 20170720
Avira (no cloud) 20170720
AVware 20170720
Baidu 20170720
BitDefender 20170720
Bkav 20170720
CAT-QuickHeal 20170720
ClamAV 20170720
CMC 20170720
Comodo 20170720
CrowdStrike Falcon (ML) 20170710
Cylance 20170720
Cyren 20170720
DrWeb 20170720
Emsisoft 20170720
Endgame 20170713
ESET-NOD32 20170720
F-Prot 20170720
F-Secure 20170720
Fortinet 20170720
GData 20170720
Ikarus 20170720
Sophos ML 20170607
Jiangmin 20170720
K7AntiVirus 20170720
K7GW 20170720
Kaspersky 20170720
Kingsoft 20170720
Malwarebytes 20170720
MAX 20170720
McAfee 20170720
Microsoft 20170720
eScan 20170720
NANO-Antivirus 20170720
nProtect 20170720
Palo Alto Networks (Known Signatures) 20170720
Panda 20170719
Qihoo-360 20170720
Rising 20170720
SentinelOne (Static ML) 20170718
Sophos AV 20170720
SUPERAntiSpyware 20170720
Symantec 20170720
Symantec Mobile Insight 20170720
Tencent 20170720
TheHacker 20170719
TrendMicro 20170720
TrendMicro-HouseCall 20170720
Trustlook 20170720
VBA32 20170720
VIPRE 20170720
ViRobot 20170720
Webroot 20170720
WhiteArmor 20170713
Yandex 20170719
Zillya 20170720
ZoneAlarm by Check Point 20170720
Zoner 20170720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

Product Nothing Really Epic; Pretty Lousy Software
Original name NoREpls.exe
Internal name NoREpls.exe
File version 1.2.0.0
Description Crackme by dtm@0x00sec
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-20 10:50:36
Entry Point 0x00001F6E
Number of sections 6
PE sections
PE imports
ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
CreateFontIndirectW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
FindFirstFileExW
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetFileSize
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FindNextFileW
FreeLibrary
TerminateProcess
GetModuleHandleExW
IsValidCodePage
SetLastError
CreateFileW
FindClose
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
EndDialog
PostQuitMessage
KillTimer
GetMessageW
ShowWindow
MessageBoxW
GetMenu
EnableWindow
SetDlgItemTextA
MoveWindow
DialogBoxParamW
GetDlgItemTextA
TranslateMessage
GetDlgItemTextW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
SendMessageW
SetWindowTextW
GetDlgItem
EnableMenuItem
GetWindowTextLengthA
SetTimer
IsDialogMessageW
GetClientRect
GetWindowTextLengthW
wsprintfW
DestroyWindow
Number of PE resources by type
RT_DIALOG 4
AFX_DIALOG_LAYOUT 4
RT_ICON 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH AUS 12
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.0

UninitializedDataSize
0

LanguageCode
English (Australian)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
106496

EntryPoint
0x1f6e

OriginalFileName
NoREpls.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017

FileVersion
1.2.0.0

TimeStamp
2017:07:20 11:50:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NoREpls.exe

ProductVersion
1.2.0.0

FileDescription
Crackme by dtm@0x00sec

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
dtm@0x00sec

CodeSize
46080

ProductName
Nothing Really Epic; Pretty Lousy Software

ProductVersionNumber
1.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7a981d8763ca92cfba623c3b9314c523
SHA1 b2fa16a115dec73d4c3ee654460a36ee49093ea8
SHA256 e044fb6d5973aabba1159bc83973eec78f590fd958b3f423829bc5399b231101
ssdeep
3072:GDeh1h225oO/9t512w0G9uvqnHJYAZ8nfYMvC4:GD01cykqH/Z8nfF5

authentihash 6127fbc53aca44666a7e68065eedb5cf87eed2350cbd1263a8988cb93e233dad
imphash cf623beaf3ed1aa564f3406bf30598d7
File size 147.0 KB ( 150528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-20 10:51:58 UTC ( 1 year, 4 months ago )
Last submission 2017-07-20 10:51:58 UTC ( 1 year, 4 months ago )
File names NoREpls.exe
NoREpls1.2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
UDP communications