× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fcb472d6a2be79052d0c90375bc937109fc1c09d2c23ef9c200e053b206a6b07
File name: 96719919126b180002ee81a2be10aced914d88fc
Detection ratio: 32 / 55
Analysis date: 2014-09-14 10:49:57 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1857800 20140914
Yandex TrojanSpy.Zbot!KpaOYVeDjiI 20140913
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140914
Avast Win32:Dropper-gen [Drp] 20140914
AVG Luhe.Fiha.A 20140914
Avira (no cloud) TR/Crypt.ZPACK.97561 20140914
AVware Trojan.Win32.Generic!SB.0 20140914
Baidu-International Trojan.Win32.Kryptik.bCLBA 20140914
BitDefender Trojan.GenericKD.1857800 20140914
Cyren W32/Trojan.ELYC-3855 20140914
DrWeb Trojan.Siggen6.23392 20140914
Emsisoft Trojan.Win32.Injector (A) 20140914
ESET-NOD32 Win32/Spy.Zbot.ACB 20140914
F-Secure Trojan.GenericKD.1857800 20140914
GData Trojan.GenericKD.1857800 20140914
Ikarus Trojan.Win32.Crypt 20140914
Kaspersky Trojan-Spy.Win32.Zbot.ubdc 20140914
Kingsoft Win32.Troj.Zbot.UB.(kcloud) 20140914
Malwarebytes Trojan.Agent.ED 20140914
McAfee RDN/Generic PWS.y!bbb 20140914
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20140913
Microsoft Trojan:Win32/Malagent!gmb 20140914
eScan Trojan.GenericKD.1857800 20140914
nProtect Trojan.GenericKD.1857800 20140914
Panda Trj/Chgt.F 20140913
Qihoo-360 HEUR/Malware.QVM10.Gen 20140914
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140914
Sophos AV Troj/Agent-AIWE 20140914
Symantec WS.Reputation.1 20140914
Tencent Win32.Trojan-spy.Zbot.Amda 20140914
TrendMicro-HouseCall TROJ_GEN.R00JH08ID14 20140914
VIPRE Trojan.Win32.Generic!SB.0 20140914
AegisLab 20140914
AhnLab-V3 20140913
Bkav 20140913
ByteHero 20140914
CAT-QuickHeal 20140913
ClamAV 20140913
CMC 20140913
Comodo 20140914
F-Prot 20140913
Fortinet 20140914
Jiangmin 20140913
K7AntiVirus 20140912
K7GW 20140912
NANO-Antivirus 20140914
Norman 20140914
SUPERAntiSpyware 20140914
TheHacker 20140913
TotalDefense 20140914
TrendMicro 20140914
VBA32 20140911
ViRobot 20140914
Zillya 20140913
Zoner 20140912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) INCA Internet Inc. All rights reserved.

Product nProtect Mgr
Original name nProtect_mgr
Internal name nProtect Manager
File version 1.0.50.1
Description nProtect Manager
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-12 10:12:44
Entry Point 0x00004390
Number of sections 5
PE sections
PE imports
OpenProcessToken
GetObjectA
CreateDCA
GetDIBColorTable
CreateCompatibleDC
DeleteDC
CreateBitmap
GetStockObject
GetPixel
SelectObject
BitBlt
UpdateColors
DeleteObject
StretchBlt
CreateSolidBrush
ImmGetCompositionStringA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
SetCommState
LoadLibraryW
SetupComm
GetConsoleCP
GetVersionExW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeLibrary
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
lstrlenW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
lstrcatW
GetModuleHandleW
EncodePointer
IsBadReadPtr
SetStdHandle
WriteFile
lstrcpyW
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
lstrcpyA
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetCommTimeouts
GetProcessHeap
FormatMessageW
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
GetCommState
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
GetEnvironmentVariableW
WriteConsoleW
InterlockedIncrement
NetUserEnum
NetApiBufferFree
RegisterActiveObject
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconA
SHCreateStreamOnFileW
GetMessageA
UpdateWindow
BeginPaint
FindWindowW
KillTimer
DestroyMenu
PostQuitMessage
DefWindowProcA
FindWindowA
SetClassLongA
LoadBitmapA
EnumDisplayMonitors
EnableMenuItem
MessageBoxW
GetWindowRect
DispatchMessageA
EndPaint
PostMessageA
EnumChildWindows
MessageBoxA
TranslateMessage
GetDC
GetCursorPos
LoadMenuA
CheckMenuItem
GetMenu
GetWindowLongA
ShowWindow
SendMessageA
GetClientRect
GetDlgItem
IsWindow
IsIconic
RegisterClassA
EnumDisplaySettingsA
GetSubMenu
CreateWindowExA
LoadImageW
GetLayeredWindowAttributes
TrackPopupMenu
TranslateAcceleratorA
GetMenuState
LoadImageA
GetClassNameA
CreateWindowExW
LoadAcceleratorsW
SetForegroundWindow
ModifyMenuA
IsChild
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
WTSQuerySessionInformationA
WTSFreeMemory
CoUninitialize
CoGetInterfaceAndReleaseStream
CoInitialize
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
108032

ImageVersion
0.0

ProductName
nProtect Mgr

FileVersionNumber
1.0.50.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
nProtect Manager

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
nProtect_mgr

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.50.1

TimeStamp
2014:09:12 11:12:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nProtect Manager

ProductVersion
1.0.50.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
(C) INCA Internet Inc. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
INCA Internet Co., Ltd.

CodeSize
113664

FileSubtype
0

ProductVersionNumber
1.0.50.1

EntryPoint
0x4390

ObjectFileType
Executable application

File identification
MD5 7dced22c991e9d277e22df9e44a807e8
SHA1 28c4ca5170ed85c5aa88e54fba4aedc7c33ce77c
SHA256 fcb472d6a2be79052d0c90375bc937109fc1c09d2c23ef9c200e053b206a6b07
ssdeep
3072:4UZQk5bl7k6F/EBBr2UnyUvMMa2FJCWXKtqbHhKjyM5lSM596Srx9wyH8XxBT7g1:z5bm6F/E+UBrCWXdlKrFx9bHcT7AI5U

authentihash 50e5bd683cc6dad40cc03515eba9c3fbf613a9ad2163d7feeff3c77f98e5d107
imphash 1b26e85477045ab73f6e442674d360dc
File size 217.5 KB ( 222720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-12 12:23:59 UTC ( 4 years, 6 months ago )
Last submission 2015-02-03 09:23:47 UTC ( 4 years, 1 month ago )
File names nProtect_mgr
7dced22c991e9d277e22df9e44a807e8.exe
fcb472d6a2be79052d0c90375bc937109fc1c09d2c23ef9c200e053b206a6b07.exe
tmp1d941d5c.exe
7dced22c991e9d277e22df9e44a807e8
WL-dc040341554b92c59742e42101da0e47-0
96719919126b180002ee81a2be10aced914d88fc
winrar.exe
7dced22c991e9d277e22df9e44a807e8
7dced22c991e9d277e22df9e44a807e8
nProtect Manager
msiexec.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections