× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2198eac80f19b224a9803acea697b72e5ab4bb31dc7b3f5debc77089ce0c112d
File name: Narrator.exe
Detection ratio: 40 / 55
Analysis date: 2017-02-03 06:48:35 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20454379 20170203
AegisLab Troj.Tobfy.Sm1!c 20170203
ALYac Trojan.Generic.20454379 20170203
Arcabit Trojan.Generic.D1381BEB 20170203
Avast Win32:Malware-gen 20170203
AVG Generic38.ALWR 20170202
Avira (no cloud) TR/Crypt.Xpack.mdyac 20170202
AVware Trojan.Win32.Injector.cdgy (v) 20170203
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170125
BitDefender Trojan.Generic.20454379 20170203
Bkav [Microsoft Visual C++] 20170203
CAT-QuickHeal Backdoor.Androm 20170202
ClamAV Win.Trojan.Agent-5744624-0 20170203
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.RIYE-1783 20170202
DrWeb Trojan.Nymaim.143 20170203
Emsisoft Trojan.Generic.20454379 (B) 20170203
ESET-NOD32 Win32/Spy.Zbot.ACM 20170203
F-Secure Trojan.Generic.20454379 20170203
Fortinet W32/Injector.DKMW!tr 20170203
GData Trojan.Generic.20454379 20170203
Ikarus Trojan.Win32.Injector 20170202
Invincea ddos.win32.nitol.b 20170111
K7AntiVirus Trojan ( 0050401f1 ) 20170203
K7GW Trojan ( 0050401f1 ) 20170203
Kaspersky Backdoor.Win32.Androm.mmdc 20170203
Malwarebytes Trojan.MalPack 20170203
McAfee RDN/Generic.grp 20170203
McAfee-GW-Edition BehavesLike.Win32.VirRansom.cc 20170203
Microsoft Ransom:Win32/Spora.A 20170203
eScan Trojan.Generic.20454379 20170203
NANO-Antivirus Trojan.Win32.DKNR.elcrmt 20170202
Panda Trj/GdSda.A 20170202
Rising Malware.Generic!GumzW5VXSoB@1 (thunder) 20170203
Sophos Mal/Generic-S 20170203
Symantec Infostealer.Limitail 20170202
TrendMicro TROJ_TOBFY.SM1 20170203
VIPRE Trojan.Win32.Injector.cdgy (v) 20170203
ViRobot Trojan.Win32.Agent.200824[h] 20170203
Yandex Backdoor.Androm!ULUSVg/UCKc 20170203
AhnLab-V3 20170202
Alibaba 20170122
Antiy-AVL 20170203
CMC 20170202
Comodo 20170203
F-Prot 20170203
Jiangmin 20170203
Kingsoft 20170203
nProtect 20170203
Qihoo-360 20170203
SUPERAntiSpyware 20170203
Tencent 20170203
TheHacker 20170202
Trustlook 20170203
VBA32 20170202
WhiteArmor 20170202
Zillya 20170201
Zoner 20170203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-13 18:36:28
Entry Point 0x00001904
Number of sections 4
PE sections
Overlays
MD5 dc78176de0ca821f7bed6da12157f2b4
File type data
Offset 200704
Size 120
Entropy 4.60
PE imports
CreateSolidBrush
CreateFileA
GetModuleFileNameA
GetStartupInfoW
GetModuleHandleW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(537)
Ord(6032)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(4240)
Ord(5257)
Ord(3733)
Ord(5727)
Ord(3744)
Ord(4470)
Ord(4616)
Ord(795)
Ord(815)
Ord(3257)
Ord(2546)
Ord(641)
Ord(4155)
Ord(3917)
Ord(2506)
Ord(2388)
Ord(3716)
Ord(567)
Ord(3076)
Ord(3142)
Ord(5285)
Ord(5008)
Ord(6195)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(2858)
Ord(4692)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(2294)
Ord(6048)
Ord(2047)
Ord(2504)
Ord(800)
Ord(656)
Ord(1569)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(538)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(5273)
Ord(5871)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5157)
Ord(5296)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(1131)
Ord(4435)
Ord(5303)
Ord(2717)
Ord(561)
Ord(1143)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(3397)
Ord(4370)
Ord(5286)
Ord(6370)
_except_handler3
__p__fmode
localtime
__CxxFrameHandler
_exit
_adjust_fdiv
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
_controlfp
exit
_XcptFilter
time
_initterm
_wcmdln
__p__commode
__set_app_type
SetTimer
AppendMenuA
SendMessageW
EnableWindow
LoadIconW
GetSystemMenu
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:07:13 19:36:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
805310464

LinkerVersion
6.1

EntryPoint
0x1904

InitializedDataSize
192512

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.3

UninitializedDataSize
0

File identification
MD5 ed355688605f4ebeb6a080e985f1f68e
SHA1 198891c49c719e5146836e4860fbbb095d7a2aa7
SHA256 2198eac80f19b224a9803acea697b72e5ab4bb31dc7b3f5debc77089ce0c112d
ssdeep
3072:KcBh/ij4d11PkVnmc23qEMtOMcuX9Au79kf0AetBsLrXqwh8nWr6fxFit:KWKj4hcVnu3MtOMcum72sX1br65Fit

authentihash 2d9c162c89aa68d529ae3359743ff037d29f69195c0ad0780a60f89f9540a337
imphash 5397f5c6fcf304dfeb0b27e3bb62d535
File size 196.1 KB ( 200824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-01-31 11:42:36 UTC ( 1 month, 3 weeks ago )
Last submission 2017-01-31 15:02:05 UTC ( 1 month, 3 weeks ago )
File names Narrator.exe
~WRO3358 -cpoy.tmp.exe
~WRO3358.tmp
~WRO3358.tmp
~WRO3358.tmp
MALWARE_RTF
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!