× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7f40a02e3df18ec99e961efbb1032d9df2e6a9629842e1e2b9d9c376690ba4c
File name: Npdmk99zC6Fvi1sDVF.exe
Detection ratio: 9 / 68
Analysis date: 2018-06-14 17:16:53 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180614
Comodo TrojWare.Win32.Dovs.MO 20180614
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180530
Cylance Unsafe 20180614
Endgame malicious (high confidence) 20180612
Qihoo-360 HEUR/QVM20.1.D7A1.Malware.Gen 20180614
Symantec ML.Attribute.HighConfidence 20180614
TrendMicro TSPY_HPEMOTET.SMAL8 20180614
VBA32 BScope.Malware-Cryptor.Win32.Cb 20180614
Ad-Aware 20180614
AegisLab 20180614
AhnLab-V3 20180614
Alibaba 20180614
ALYac 20180614
Antiy-AVL 20180614
Arcabit 20180614
Avast 20180614
Avast-Mobile 20180613
AVG 20180614
Avira (no cloud) 20180614
AVware 20180614
Babable 20180406
BitDefender 20180614
Bkav 20180614
CAT-QuickHeal 20180614
ClamAV 20180614
CMC 20180614
Cybereason 20180225
Cyren 20180614
DrWeb 20180614
eGambit 20180614
Emsisoft 20180614
ESET-NOD32 20180614
F-Prot 20180614
F-Secure 20180614
Fortinet 20180614
GData 20180614
Ikarus 20180614
Sophos ML 20180601
Jiangmin 20180614
K7AntiVirus 20180614
K7GW 20180614
Kaspersky 20180614
Kingsoft 20180614
Malwarebytes 20180614
MAX 20180614
McAfee 20180614
McAfee-GW-Edition 20180613
Microsoft 20180614
eScan 20180614
NANO-Antivirus 20180614
Palo Alto Networks (Known Signatures) 20180614
Panda 20180614
Rising 20180614
SentinelOne (Static ML) 20180225
Sophos AV 20180614
SUPERAntiSpyware 20180614
Symantec Mobile Insight 20180614
TACHYON 20180614
Tencent 20180614
TheHacker 20180613
TotalDefense 20180614
TrendMicro-HouseCall 20180614
Trustlook 20180614
VIPRE 20180614
ViRobot 20180614
Webroot 20180614
Yandex 20180614
Zillya 20180614
ZoneAlarm by Check Point 20180614
Zoner 20180613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Pnp insta
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-15 00:12:48
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
ReadEventLogA
GetFileSecurityW
RegCloseKey
DuplicateToken
AddAuditAccessAceEx
LogonUserA
CertNameToStrA
CryptMemRealloc
CryptSIPLoad
CertGetSubjectCertificateFromStore
SetDCPenColor
ExtSelectClipRgn
ModifyWorldTransform
AddFontResourceA
GetTextCharset
GetNetworkParams
EnterCriticalSection
EnumSystemLocalesW
GetTempPathW
GetModuleFileNameA
FlsFree
GetBinaryTypeA
GetActiveObject
VarBstrFromBool
UnRegisterTypeLib
glBegin
glMultMatrixd
RasGetConnectStatusA
RasGetProjectionInfoA
PathSetDlgItemPathW
CharLowerBuffW
GetMessagePos
TrackPopupMenu
wsprintfA
GetInputState
GetDialogBaseUnits
DialogBoxParamW
GetMessageExtraInfo
MessageBeep
DrawCaption
FindNextPrinterChangeNotification
WSACleanup
SCardLocateCardsW
OleCreateStaticFromData
CLSIDFromString
OleCreateFromData
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Pnp insta

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
233472

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:15 02:12:48+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.7600.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
0

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 fbf8f1bddd754de64fe8bfd0b8555a04
SHA1 562859c5771f45be51f11b20a9fd50eb6b10d838
SHA256 f7f40a02e3df18ec99e961efbb1032d9df2e6a9629842e1e2b9d9c376690ba4c
ssdeep
3072:1S43feG+hXlZAWUlSsRi4IoCWJsLSBJqnmbZSnVAQwEI4iKYuXvNsQoFUbpO5QX:Gw74iPuXvj2E

authentihash f8261ac18af5a13d76b953c68838de96f5ae91261ba97cd7785e8b565130d513
imphash 31152196b694afb499d4d1ff8aad4a62
File size 323.0 KB ( 330752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-14 17:16:53 UTC ( 8 months, 1 week ago )
Last submission 2018-06-16 11:02:51 UTC ( 8 months, 1 week ago )
File names Npdmk99zC6Fvi1sDVF.exe
28216707977.exe
9641854315.exe
63615773370.exe
00104427.exe
24675626120.exe
18772763.exe
21753893.exe
08907588562.exe
01295627.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!