× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 004d29f5c227a4b1d4f64082308f43171610eb0ff88b86aecdae69f95936e640
File name: vti-rescan
Detection ratio: 33 / 54
Analysis date: 2015-05-03 14:02:21 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Delf.ATA 20150503
Avast Win32:Delf-DCE [Trj] 20150503
AVG BackDoor.Generic2.DJH 20150503
BitDefender Backdoor.Delf.ATA 20150503
Comodo UnclassifiedMalware 20150503
Cyren W32/Backdoor.XWJR-1857 20150503
DrWeb Program.RemoteAdmin.468 20150503
Emsisoft Backdoor.Delf.ATA (B) 20150503
ESET-NOD32 Win32/Delf.NN 20150503
F-Prot W32/BackdoorX.BXLO 20150503
F-Secure Backdoor.Delf.ATA 20150503
Fortinet W32/Delf.NN!tr.bdr 20150503
GData Backdoor.Delf.ATA 20150503
Ikarus not-a-virus:RemoteAdmin.Win32.WinVNC-based 20150503
K7AntiVirus Trojan ( 00000b9b1 ) 20150503
K7GW Trojan ( 00000b9b1 ) 20150503
Kaspersky Backdoor.Win32.Delf.nn 20150503
Kingsoft Win32.Hack.Undef.(kcloud) 20150504
Microsoft Backdoor:Win32/Delf 20150503
eScan Backdoor.Delf.ATA 20150503
NANO-Antivirus Trojan.Win32.Delf.mqwib 20150503
Norman Delf.FPJI 20150503
nProtect Backdoor.Delf.ATA 20150430
Panda Generic Malware 20150503
Qihoo-360 Trojan.Generic 20150504
Sophos AV Mal/Generic-S 20150503
Symantec WS.Reputation.1 20150503
Tencent Win32.Backdoor.Delf.Dvzo 20150504
TrendMicro TROJ_GEN.R047C0DC915 20150503
TrendMicro-HouseCall TROJ_GEN.R047C0DC915 20150503
VBA32 Backdoor.Delf 20150501
VIPRE Trojan.Win32.Generic!BT 20150503
ViRobot Backdoor.Win32.S.Delf.2276292[h] 20150503
AegisLab 20150503
Yandex 20150502
AhnLab-V3 20150503
Alibaba 20150503
ALYac 20150503
Antiy-AVL 20150503
Baidu-International 20150503
Bkav 20150425
ByteHero 20150504
CAT-QuickHeal 20150502
ClamAV 20150503
CMC 20150501
Jiangmin 20150430
McAfee 20150503
McAfee-GW-Edition 20150503
Rising 20150503
SUPERAntiSpyware 20150502
TheHacker 20150502
TotalDefense 20150430
Zillya 20150503
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
start

Description SuperLANadmin 安装
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-10-25 19:47:11
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 bc17e4ebbd05ed2b40ccb9dbebed2cd0
File type data
Offset 14848
Size 2261444
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
SuperLANadmin

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
5632

EntryPoint
0x21af

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2001:10:25 21:47:11+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
start

MachineType
Intel 386 or later, and compatibles

CompanyName
start

CodeSize
8704

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1174cf0b39869b17c22485062ba35929
SHA1 75cd15d0249e9b6a0e272f026debcd9a5952bcc3
SHA256 004d29f5c227a4b1d4f64082308f43171610eb0ff88b86aecdae69f95936e640
ssdeep
49152:fWGctWkTctYfZbzEGKf0aCgoi2T6HxNTYkiotIf:frceYfZHj2Cgoiu6fYL3f

authentihash 4d744075021a7eb31166bc93aa03076d4bbe8d07288e73ae78fc5166bc95412f
imphash e41c25ab7824b3df73334188c40518ae
File size 2.2 MB ( 2276292 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (91.3%)
Win64 Executable (generic) (5.3%)
Win32 Dynamic Link Library (generic) (1.2%)
Win32 Executable (generic) (0.8%)
OS/2 Executable (generic) (0.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2009-07-17 11:03:40 UTC ( 9 years, 8 months ago )
Last submission 2014-08-18 19:55:52 UTC ( 4 years, 7 months ago )
File names 75cd15d0249e9b6a0e272f026debcd9a5952bcc3.bin
1174cf0b39869b17c22485062ba35929
1812517
vti-rescan
output.1812517.txt
SuperLANadmin.exe
004d29f5c227a4b1d4f64082308f43171610eb0ff88b86aecdae69f95936e640
SuperLANadmin.exe
1174cf0b39869b17c22485062ba35929
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!