home

ntowar.exe

Sistema operacional Microsoft Windows

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from download2112.mediafire.com.
Publisher:
Microsoft Corporation

Product:
Sistema operacional Microsoft® Windows®

Description:
Auto-extrator de arquivo de gabinete Win32

Version:
6.00.2900.5512 (xpsp.080413-2105)

MD5:
f681fc9423aec49493c7e5b650f02613

SHA-1:
be8bf3d2fa08601493897586609c4614fb045a62

SHA-256:
ac1d712cdc8fe40eddcf9bdc13e46ec33194bb9c475306e1d486ac2b73ab4da3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 7:30:34 PM UTC  (today)

File size:
17.5 MB (18,319,832 bytes)

Product version:
6.00.2900.5512

Copyright:
© Microsoft Corporation. Todos os direitos reservados.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\users\{user}\downloads\ntowar.exe

File PE Metadata
Compilation timestamp:
4/13/2008 3:32:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
393216:cYTbKLKoGUknXzx6ccWoImbz+RxDuwYAgIty7b:cYTbEKbUSXVtKzExVY9Y6b

Entry address:
0x1151000

Entry point:
90, 90, 68, 34, FF, 69, 01, 58, 90, 90, BE, 1E, 10, 15, 02, 90, BA, 98, 05, 00, 00, 90, 31, 04, 32, 4A, 83, EA, 03, 75, F7, 90, 90, 90, DC, 82, 68, 01, 34, FF, 69, 01, 34, FF, 69, 00, 68, 9B, 69, 01, 34, 2B, 7D, 00, EC, 26, 7D, 00, 34, 4F, 6B, 01, 34, FF, 69, 01, 78, EF, 69, 00, A6, 5E, 69, 00, AA, 5E, 69, 00, 6C, 6D, 69, 01, A4, 5E, 69, 01, A8, 5E, 69, 01, 78, FB, 69, 01, 8B, 66, E9, 7D, 29, 65, E9, 7D, 34, FF, 69, 01, 34, FF, 69, 01, 44, EF, 69, 00, 34, FF, 69, 01, 3C, EE, 69, 00, C5, 41, 6B, 49, 74, FF...
 
[+]

Code size:
38.5 KB (39,424 bytes)

The file ntowar.exe has been seen being distributed by the following URL.

http://download2112.mediafire.com/buupmaolv7rg/.../NtoWar.exe

Scan ntowar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.