home

ntowar.exe

Sistema operacional Microsoft Windows

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from download2112.mediafire.com.
Publisher:
Microsoft Corporation

Product:
Sistema operacional Microsoft® Windows®

Description:
Auto-extrator de arquivo de gabinete Win32

Version:
6.00.2900.5512 (xpsp.080413-2105)

MD5:
a3e6cd5c731acc8afd210c9a4a04c12c

SHA-1:
29f8e5c7915359626980f0cef51fda96e8dbf476

SHA-256:
7db7d323879b4083912a69e726ecc4c0f4566fd1cdbba49bace4a9fd2ce8d6c8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 6:44:53 AM UTC  (today)

File size:
17.8 MB (18,675,158 bytes)

Product version:
6.00.2900.5512

Copyright:
© Microsoft Corporation. Todos os direitos reservados.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\users\{user}\downloads\ntowar.exe

File PE Metadata
Compilation timestamp:
4/13/2008 3:32:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
393216:AYTbKLKoGUknXzx6ccWoImbz+RxDuwYAgIty76/F:AYTbEKbUSXVtKzExVY9Y6W

Entry address:
0x1151000

Entry point:
90, 90, BB, 23, FA, 5F, 01, 68, 1C, 10, 15, 02, 5E, 90, 90, 68, 98, 05, 00, 00, 5A, 90, 31, 1C, 32, 90, 90, 83, EA, 04, 75, F6, CB, 87, 5E, 01, 23, FA, 5F, 01, 23, FA, 5F, 00, 7F, 9E, 5F, 01, 23, BA, 45, 00, F5, BF, 45, 00, 23, 4A, 5D, 01, 23, FA, 5F, 01, 6F, EA, 5F, 00, B1, 5B, 5F, 00, BD, 5B, 5F, 00, 7B, 68, 5F, 01, B3, 5B, 5F, 01, BF, 5B, 5F, 01, 6F, FE, 5F, 01, 9C, 63, DF, 7D, 3E, 60, DF, 7D, 23, FA, 5F, 01, 23, FA, 5F, 01, 53, EA, 5F, 00, 23, FA, 5F, 01, 2B, EB, 5F, 00, 23, FA, 5F, 01, 23, FA, 5F, 01...
 
[+]

Code size:
38.5 KB (39,424 bytes)

The file ntowar.exe has been seen being distributed by the following URL.

http://download2112.mediafire.com/buupmaolv7rg/.../NtoWar.exe

Scan ntowar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.