× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eff391389d9b71d745f7e0632ecbf560590dc53da0f3429d40d4a7c11854e9c0
File name: iCWT nfo.exe
Detection ratio: 3 / 67
Analysis date: 2018-07-22 20:17:06 UTC ( 10 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dropper.Gen 20180722
Cylance Unsafe 20180722
Malwarebytes Trojan.Agent.CK 20180722
Ad-Aware 20180722
AegisLab 20180722
AhnLab-V3 20180721
Alibaba 20180713
ALYac 20180722
Antiy-AVL 20180722
Arcabit 20180722
Avast 20180722
Avast-Mobile 20180722
AVG 20180722
AVware 20180722
Babable 20180406
Baidu 20180717
BitDefender 20180722
Bkav 20180719
CAT-QuickHeal 20180722
ClamAV 20180722
CMC 20180722
Comodo 20180722
CrowdStrike Falcon (ML) 20180530
Cyren 20180722
DrWeb 20180722
eGambit 20180722
Emsisoft 20180722
Endgame 20180711
ESET-NOD32 20180722
F-Prot 20180722
F-Secure 20180722
Fortinet 20180722
GData 20180722
Ikarus 20180722
Sophos ML 20180717
Jiangmin 20180722
K7AntiVirus 20180722
K7GW 20180722
Kaspersky 20180722
Kingsoft 20180722
MAX 20180722
McAfee 20180722
McAfee-GW-Edition 20180722
Microsoft 20180722
eScan 20180722
NANO-Antivirus 20180722
Palo Alto Networks (Known Signatures) 20180722
Panda 20180722
Qihoo-360 20180722
Rising 20180722
SentinelOne (Static ML) 20180701
Sophos AV 20180722
SUPERAntiSpyware 20180722
Symantec 20180722
TACHYON 20180722
Tencent 20180722
TheHacker 20180722
TotalDefense 20180722
TrendMicro 20180722
TrendMicro-HouseCall 20180722
Trustlook 20180722
VBA32 20180720
VIPRE 20180722
ViRobot 20180722
Webroot 20180722
Yandex 20180720
Zillya 20180720
ZoneAlarm by Check Point 20180722
Zoner 20180721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Project1
Original name iCWT nfo.exe
Internal name iCWT nfo
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-31 15:00:24
Entry Point 0x000012CC
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(617)
EVENT_SINK_Release
EVENT_SINK_QueryInterface
_allmul
__vbaPutOwner3
__vbaErase
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
__vbaAryMove
_adj_fpatan
__vbaFreeObjList
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
_adj_fdivr_m32
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaVar2Vec
_adj_fdiv_r
Ord(571)
_adj_fdivr_m64
__vbaFreeVar
Ord(100)
__vbaObjSetAddref
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_CIcos
_adj_fptan
__vbaFileClose
__vbaObjSet
__vbaLineInputStr
__vbaVarMove
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
__vbaFpR4
__vbaStrCat
Ord(525)
_CItan
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
CUSTOM 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x12cc

OriginalFileName
iCWT nfo.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2009:12:31 16:00:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iCWT nfo

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
In Crack We Trust

CodeSize
16384

ProductName
Project1

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bb0729ead0f163ce190112bfcfb6c716
SHA1 316650308a1d3a18d7db3871b4fe01df61eb270e
SHA256 eff391389d9b71d745f7e0632ecbf560590dc53da0f3429d40d4a7c11854e9c0
ssdeep
384:4pRrM6hUZqOzwdUjdHb0600PqQDbutrM6hizxA3:2rMpvzWAHb060qbutrMbFA3

authentihash 913214a4b18db6a56fc413db4cc8f4591baab7ac2b395019c2dadf751b2e2349
imphash cf30915c56af6c8f837595172957f80f
File size 40.0 KB ( 40960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-22 20:17:06 UTC ( 10 months ago )
Last submission 2018-07-22 20:17:06 UTC ( 10 months ago )
File names iCWT nfo.exe
iCWT nfo.exe
iCWT nfo
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.