» nbot1.2.exe
Overview
Analysis
File Details
Downloads (3)

nbot1.2.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www35.zippyshare.com and multiple other hosts.

File name:

nbot1.2.exe

Version:

0, 0, 0, 0

MD5:

f829222c5c1d6857798fc6a53d2428e6

SHA-1:

689e1a144ea5c5ff38e6facd65e9c4475adc5602

SHA-256:

0312bd1c64a158279258f86990af0f6ee61cf9c0a78fb135335d606a7ad46622

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/27/2024 7:49:44 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Zusy

7.1.1

File size:

888.2 KB (909,499 bytes)

Product version:

0, 0, 0, 0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\nbot1.2.exe

File PE Metadata

Compilation timestamp:

6/16/2010 6:09:23 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:HDGpINoV/Ez72ce7HFJxTiMDwOzhZzmf0+:jieoVnHDxTQOzhZz80+

Entry address:

0x51311

Entry point:

E8, D9, 7F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 98, 86, 47, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 9C, 86, 47, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, E5, 0E, 00, 00, 85, C0, 75, 06, B8, 00, 88, 47, 00, C3, 83, C0, 08, C3, E8, D2, 0E, 00, 00, 85, C0, 75, 06, B8, 04, 88, 47, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08... 
[+]

Code size:

372.5 KB (381,440 bytes)

The file nbot1.2.exe has been seen being distributed by the following 3 URLs.

http://www35.zippyshare.com/d/16877877/.../NBot1.2.exe

Scan nbot1.2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.