× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5d2abb1bca5de7704c1a758c675c922fe1a1e321b8e4f81d4010787439c3b1a
File name: www.mcts_qatar.com_wp_includes_SimplePie__nbiree.exe
Detection ratio: 15 / 68
Analysis date: 2018-03-10 00:02:29 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20180309
Avira (no cloud) DR/Delphi.ynhgm 20180309
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20170201
Cylance Unsafe 20180310
Endgame malicious (moderate confidence) 20180308
ESET-NOD32 a variant of Generik.CNITKQP 20180310
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180309
McAfee Artemis!8EC69D98F91B 20180309
McAfee-GW-Edition BehavesLike.Win32.BadFile.tz 20180309
Rising Spyware.Noon!8.E7C9 (TFE:3:hpy4jK8a3EP) 20180309
TrendMicro TSPY_HPLOKI.SM1 20180309
TrendMicro-HouseCall TSPY_HPLOKI.SM1 20180309
VBA32 BScope.Trojan-Dropper.Injector 20180307
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180309
Ad-Aware 20180309
AhnLab-V3 20180309
Alibaba 20180309
ALYac 20180309
Antiy-AVL 20180310
Arcabit 20180309
Avast 20180309
Avast-Mobile 20180309
AVG 20180309
AVware 20180309
Baidu 20180309
BitDefender 20180309
Bkav 20180309
CAT-QuickHeal 20180309
ClamAV 20180309
CMC 20180309
Comodo 20180310
Cybereason 20180225
Cyren 20180309
DrWeb 20180309
eGambit 20180310
Emsisoft 20180309
F-Prot 20180309
F-Secure 20180309
Fortinet 20180309
GData 20180309
Ikarus 20180309
Jiangmin 20180309
K7AntiVirus 20180309
K7GW 20180310
Kingsoft 20180310
Malwarebytes 20180309
MAX 20180310
Microsoft 20180309
eScan 20180309
NANO-Antivirus 20180309
nProtect 20180309
Palo Alto Networks (Known Signatures) 20180310
Panda 20180309
Qihoo-360 20180310
SentinelOne (Static ML) 20180225
Sophos AV 20180310
SUPERAntiSpyware 20180309
Symantec 20180309
Symantec Mobile Insight 20180306
Tencent 20180310
TheHacker 20180307
TotalDefense 20180309
Trustlook 20180310
VIPRE 20180309
ViRobot 20180309
Webroot 20180310
WhiteArmor 20180223
Yandex 20180308
Zillya 20180309
Zoner 20180309
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0023F550
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
GetSaveFileNameA
SaveDC
VariantCopy
SHGetFileInfoA
SHGetFolderPathA
VerQueryValueA
OpenPrinterA
Number of PE resources by type
RT_STRING 18
RT_ICON 10
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 36
FRENCH 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
430080

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
1273856

SubsystemVersion
4.0

EntryPoint
0x23f550

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
1925120

Execution parents
File identification
MD5 8ec69d98f91b80cdf0bb420d9e39c008
SHA1 4fe0ef356020cbe8d0252342ed9a99a58c52b886
SHA256 f5d2abb1bca5de7704c1a758c675c922fe1a1e321b8e4f81d4010787439c3b1a
ssdeep
6144:IN8/qmaIvSbuCvpFyU1AJucn9jrTmg8fc/5bd24V38Nf8/iyjHL3mQTEYTDlCE4b:6SaaSSCvp3AJ3ZmZuzVDiyj0YTBCE4

authentihash c63f9cd999d04dde2d9414e9b9f2751cc9ec7473c77487fbf0670399af625d21
imphash 1a0202fdb3f38d1940d3b2081296e3cf
File size 1.6 MB ( 1701888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (40.8%)
Win32 EXE Yoda's Crypter (40.1%)
Win32 Executable (generic) (6.8%)
Win16/32 Executable Delphi generic (3.1%)
OS/2 Executable (generic) (3.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-03-09 20:57:07 UTC ( 11 months, 1 week ago )
Last submission 2018-03-12 06:29:23 UTC ( 11 months, 1 week ago )
File names 806nbiree.exe
www.mcts_qatar.com_wp_includes_SimplePie__nbiree.exe
nbiree.exe
nbirs.exe
827a0dfe6b9790c9d0cf9798c31b3b17bdbbd1c6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs