× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2198eac80f19b224a9803acea697b72e5ab4bb31dc7b3f5debc77089ce0c112d
File name: Narrator.exe
Detection ratio: 52 / 62
Analysis date: 2017-04-14 20:46:25 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20454379 20170414
AegisLab Troj.Ransom.W32.Spora.toa0 20170414
AhnLab-V3 Trojan/Win32.Nymaim.C1773948 20170414
ALYac Trojan.Generic.20454379 20170414
Arcabit Trojan.Generic.D1381BEB 20170414
Avast Win32:Malware-gen 20170414
AVG Generic38.ALWR 20170414
Avira (no cloud) TR/Crypt.Xpack.mdyac 20170414
AVware Trojan.Win32.Injector.cdgy (v) 20170410
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170414
BitDefender Trojan.Generic.20454379 20170414
Bkav W32.Clodd6e.Trojan.e791 20170414
CAT-QuickHeal Ransom.Spora.S239292 20170414
ClamAV Win.Trojan.Agent-5744624-0 20170414
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Trojan.RIYE-1783 20170414
DrWeb BackDoor.Siggen.60255 20170414
Emsisoft Trojan.Generic.20454379 (B) 20170414
Endgame malicious (high confidence) 20170413
ESET-NOD32 Win32/Spy.Zbot.ACM 20170414
F-Prot W32/Ransom.DQ.gen!Eldorado 20170414
F-Secure Trojan.Generic.20454379 20170414
Fortinet W32/Injector.DKMW!tr 20170414
GData Trojan.Generic.20454379 20170414
Ikarus Trojan.Win32.Injector 20170414
Invincea ddos.win32.nitol.b 20170413
Jiangmin TrojanSpy.Zbot.fipy 20170414
K7AntiVirus Trojan ( 0050401f1 ) 20170414
K7GW Trojan ( 0050401f1 ) 20170414
Kaspersky HEUR:Trojan.Win32.Generic 20170414
Malwarebytes Trojan.MalPack 20170414
McAfee RDN/Generic.grp 20170412
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20170414
Microsoft Ransom:Win32/Spora.A 20170414
eScan Trojan.Generic.20454379 20170414
NANO-Antivirus Trojan.Win32.DKNR.elcrmt 20170414
Palo Alto Networks (Known Signatures) generic.ml 20170414
Panda Trj/GdSda.A 20170414
Rising Malware.Generic.1!tfe (thunder:1:GumzW5VXSoB) 20170414
SentinelOne (Static ML) static engine - malicious 20170330
Sophos Mal/Generic-S 20170414
Symantec Infostealer.Limitail 20170414
Tencent Win32.Trojan.Generic.Alij 20170414
TrendMicro TROJ_TOBFY.SM1 20170414
TrendMicro-HouseCall TROJ_TOBFY.SM1 20170414
VBA32 Trojan.Nymaim 20170414
VIPRE Trojan.Win32.Injector.cdgy (v) 20170414
ViRobot Trojan.Win32.Agent.200824[h] 20170414
Webroot W32.Trojan.Gen 20170414
Yandex Backdoor.Androm!ULUSVg/UCKc 20170414
Zillya Backdoor.Androm.Win32.39983 20170414
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170414
Alibaba 20170414
Antiy-AVL 20170414
CMC 20170414
Comodo 20170414
Kingsoft 20170414
nProtect 20170414
Qihoo-360 20170414
SUPERAntiSpyware 20170414
Symantec Mobile Insight 20170414
TheHacker 20170412
TotalDefense 20170414
Trustlook 20170414
WhiteArmor 20170409
Zoner 20170414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-13 18:36:28
Entry Point 0x00001904
Number of sections 4
PE sections
Overlays
MD5 dc78176de0ca821f7bed6da12157f2b4
File type data
Offset 200704
Size 120
Entropy 4.60
PE imports
CreateSolidBrush
CreateFileA
GetModuleFileNameA
GetStartupInfoW
GetModuleHandleW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(537)
Ord(6032)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(4240)
Ord(5257)
Ord(3733)
Ord(5727)
Ord(3744)
Ord(4470)
Ord(4616)
Ord(795)
Ord(815)
Ord(3257)
Ord(2546)
Ord(641)
Ord(4155)
Ord(3917)
Ord(2506)
Ord(2388)
Ord(3716)
Ord(567)
Ord(3076)
Ord(3142)
Ord(5285)
Ord(5008)
Ord(6195)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(2858)
Ord(4692)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(2294)
Ord(6048)
Ord(2047)
Ord(2504)
Ord(800)
Ord(656)
Ord(1569)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(538)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(5273)
Ord(5871)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5157)
Ord(5296)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(1131)
Ord(4435)
Ord(5303)
Ord(2717)
Ord(561)
Ord(1143)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(3397)
Ord(4370)
Ord(5286)
Ord(6370)
_except_handler3
__p__fmode
localtime
__CxxFrameHandler
_exit
_adjust_fdiv
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
_controlfp
exit
_XcptFilter
time
_initterm
_wcmdln
__p__commode
__set_app_type
SetTimer
AppendMenuA
SendMessageW
EnableWindow
LoadIconW
GetSystemMenu
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:07:13 19:36:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
805310464

LinkerVersion
6.1

EntryPoint
0x1904

InitializedDataSize
192512

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.3

UninitializedDataSize
0

File identification
MD5 ed355688605f4ebeb6a080e985f1f68e
SHA1 198891c49c719e5146836e4860fbbb095d7a2aa7
SHA256 2198eac80f19b224a9803acea697b72e5ab4bb31dc7b3f5debc77089ce0c112d
ssdeep
3072:KcBh/ij4d11PkVnmc23qEMtOMcuX9Au79kf0AetBsLrXqwh8nWr6fxFit:KWKj4hcVnu3MtOMcum72sX1br65Fit

authentihash 2d9c162c89aa68d529ae3359743ff037d29f69195c0ad0780a60f89f9540a337
imphash 5397f5c6fcf304dfeb0b27e3bb62d535
File size 196.1 KB ( 200824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-01-31 11:42:36 UTC ( 4 months, 3 weeks ago )
Last submission 2017-01-31 15:02:05 UTC ( 4 months, 3 weeks ago )
File names Narrator.exe
~WRO3358 -cpoy.tmp.exe
~WRO3358.tmp
~WRO3358.tmp
~WRO3358.tmp
MALWARE_RTF
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!