× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e1d2408319fd7422edceef476038d7a74f0bda73418b2b534d59d1d2e2dbd392
File name: ntskdfdsokfnt.ex1
Detection ratio: 9 / 56
Analysis date: 2016-10-31 02:16:59 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161029
Bkav HW32.Packed.61C8 20161030
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Sophos ML generic.a 20161018
Kaspersky Trojan.Win32.Inject.abukt 20161031
McAfee Artemis!94A27F3A23FB 20161031
McAfee-GW-Edition BehavesLike.Win32.VBObfus.dc 20161031
Symantec Heur.AdvML.B 20161031
Tencent Win32.Trojan.Raasmd.Auto 20161031
Ad-Aware 20161031
AegisLab 20161031
AhnLab-V3 20161030
Alibaba 20161028
ALYac 20161031
Antiy-AVL 20161031
Arcabit 20161031
Avast 20161031
AVG 20161031
Avira (no cloud) 20161030
AVware 20161031
BitDefender 20161031
CAT-QuickHeal 20161029
ClamAV 20161031
CMC 20161030
Comodo 20161031
Cyren 20161031
DrWeb 20161031
Emsisoft 20161031
ESET-NOD32 20161030
F-Prot 20161031
F-Secure 20161031
Fortinet 20161031
GData 20161031
Ikarus 20161030
Jiangmin 20161031
K7AntiVirus 20161030
K7GW 20161031
Kingsoft 20161031
Malwarebytes 20161031
Microsoft 20161031
eScan 20161031
NANO-Antivirus 20161031
nProtect 20161028
Panda 20161030
Qihoo-360 20161031
Rising 20161031
Sophos AV 20161030
SUPERAntiSpyware 20161030
TheHacker 20161029
TrendMicro 20161031
TrendMicro-HouseCall 20161030
VBA32 20161029
VIPRE 20161031
ViRobot 20161030
Yandex 20161030
Zillya 20161028
Zoner 20161030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Bacillus anthracis that is important for endospore germination triggered by two distinct germination response ...

Product Bacillus anthracis that is important for endospore germination triggered by two distinct germination response ...
Original name opwgDrNK.exe
Internal name opwgDrNK
File version 2.11.0248
Description Bacillus anthracis that is important for endospore germination triggered by two distinct germination response ...
Comments Bacillus anthracis that is important for endospore germination triggered by two distinct germination response ...
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-30 17:42:12
Entry Point 0x00001158
Number of sections 3
PE sections
Overlays
MD5 46dff1023a31ddd9089c81b8a84e760e
File type data
Offset 73728
Size 202761
Entropy 8.00
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(648)
Ord(516)
Ord(616)
Ord(685)
Ord(594)
EVENT_SINK_AddRef
Ord(650)
Ord(300)
Ord(717)
Ord(600)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(608)
Ord(309)
Ord(100)
Ord(526)
Ord(573)
ProcCallEngine
Ord(606)
EVENT_SINK_Release
Ord(595)
Ord(303)
Ord(581)
Ord(716)
Ord(306)
Ord(617)
Ord(631)
Ord(598)
Ord(698)
Number of PE resources by type
RT_PLUGPLAY 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
61440

SubsystemVersion
4.0

Comments
Bacillus anthracis that is important for endospore germination triggered by two distinct germination response ...

InitializedDataSize
24576

ImageVersion
2.11

ProductName
Bacillus anthracis that is important for endospore germination triggered by two distinct germination response ...

FileVersionNumber
2.11.0.248

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
opwgDrNK.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.11.0248

TimeStamp
2016:10:30 18:42:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
opwgDrNK

ProductVersion
2.11.0248

FileDescription
Bacillus anthracis that is important for endospore germination triggered by two distinct germination response ...

OSVersion
4.0

FileOS
Win32

LegalCopyright
Bacillus anthracis that is important for endospore germination triggered by two distinct germination response ...

MachineType
Intel 386 or later, and compatibles

CompanyName
FLaSh acillus anthracis that is important for endospore germination triggered by two distinct germination response ...

LegalTrademarks
Bacillus anthracis that is important for endospore germination triggered by two distinct germination response ...

FileSubtype
0

ProductVersionNumber
2.11.0.248

EntryPoint
0x1158

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 94a27f3a23fbe407af27647d0a8a1766
SHA1 0e0872b73316134364286e27d8ca20c8d7134636
SHA256 e1d2408319fd7422edceef476038d7a74f0bda73418b2b534d59d1d2e2dbd392
ssdeep
6144:JT9p7W90t0wV9APCfoWy99ChwHfGXGPXM54QqyDs:7psk9AIoWw9hosoqyDs

authentihash 054a230510fea448f0c362f23376ffa6d13b49a27729c6115d461092349a2a2f
imphash f5f040c1fe3f6015fc186d3efde1f2e8
File size 270.0 KB ( 276489 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-30 23:38:06 UTC ( 2 years, 3 months ago )
Last submission 2016-11-02 12:18:37 UTC ( 2 years, 3 months ago )
File names artifact-e1d2408319fd7422edceef476038d7a74f0bda73418b2b534d59d1d2e2dbd392
38641.exe
opwgDrNK
aa
ntskdfdsokfnt.ex1
0e0872b73316134364286e27d8ca20c8d7134636
94a27f3a23fbe407af27647d0a8a1766.exe
VirusShare_94a27f3a23fbe407af27647d0a8a1766
ntskdfdsokfnt.exe
3KIVS.fon
0e0872b73316134364286e27d8ca20c8d7134636.exe
opwgDrNK.exe
b933026c575acafc39e85e68b8e7cb5acc09aa99
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications