× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01ddbd5d3fd18fdae44b82f2d53869c01e99759138852467adfff3f902e1a6ec
File name: vti-rescan
Detection ratio: 7 / 55
Analysis date: 2015-07-02 08:14:43 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150702
AVG Crypt4.BDEG 20150702
Avira (no cloud) TR/Spy.ZBot.385024.1 20150702
ESET-NOD32 Win32/Spy.Zbot.ACB 20150702
Symantec Trojan.Zbot 20150702
TrendMicro TSPY_ZBOT.AEV 20150702
TrendMicro-HouseCall TSPY_ZBOT.AEV 20150702
Ad-Aware 20150702
AegisLab 20150702
Yandex 20150630
AhnLab-V3 20150701
Alibaba 20150630
ALYac 20150702
Antiy-AVL 20150702
Arcabit 20150630
AVware 20150702
Baidu-International 20150701
BitDefender 20150702
Bkav 20150701
ByteHero 20150702
CAT-QuickHeal 20150701
ClamAV 20150702
Comodo 20150702
Cyren 20150702
DrWeb 20150702
Emsisoft 20150702
F-Prot 20150702
F-Secure 20150702
Fortinet 20150702
GData 20150702
Ikarus 20150702
Jiangmin 20150701
K7AntiVirus 20150702
K7GW 20150702
Kaspersky 20150702
Kingsoft 20150702
Malwarebytes 20150702
McAfee 20150702
McAfee-GW-Edition 20150701
Microsoft 20150702
eScan 20150702
NANO-Antivirus 20150702
nProtect 20150701
Panda 20150701
Qihoo-360 20150702
Rising 20150701
Sophos AV 20150702
SUPERAntiSpyware 20150702
Tencent 20150702
TheHacker 20150701
VBA32 20150701
VIPRE 20150702
ViRobot 20150702
Zillya 20150702
Zoner 20150702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008-2012 Retail Solutions

Product WhatRest
Original name doesonce.exe
Internal name WhatRest
Description WhatRest
Comments WhatRest
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-30 18:21:54
Entry Point 0x0000BAA6
Number of sections 4
PE sections
PE imports
CertOpenStore
CertAddEncodedCertificateToStore
CertFreeCertificateContext
CertDeleteCertificateFromStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptImportPublicKeyInfo
CertGetCertificateChain
CertCreateCertificateContext
CryptDecodeObject
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
DeleteObject
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetUserDefaultLCID
SetSystemTimeAdjustment
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
IsValidLocale
lstrcmpW
GlobalLock
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantInit
VariantClear
MapWindowPoints
GetMessagePos
GetParent
EnableWindow
ReleaseDC
SetPropA
SetMenuItemBitmaps
PostQuitMessage
GetCapture
GetMenuState
GetClassInfoExA
DestroyMenu
RegisterWindowMessageA
DefWindowProcA
SetWindowTextA
IsWindowEnabled
GetPropA
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
DispatchMessageA
ClientToScreen
UnhookWindowsHookEx
GetWindowLongA
PostMessageA
ModifyMenuA
GrayStringA
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
GetMessageTime
GetWindow
GetSysColor
GetDC
GetKeyState
SystemParametersInfoA
GetDlgCtrlID
GetClassInfoA
CheckMenuItem
GetMenu
UnregisterClassA
GetLastActivePopup
GetForegroundWindow
GetWindowPlacement
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
GetMenuCheckMarkDimensions
DrawTextExA
WinHelpA
RemovePropA
IsIconic
RegisterClassA
GetClassLongA
CallNextHookEx
TabbedTextOutA
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
SetWindowsHookExA
GetTopWindow
CopyRect
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
GetMenuItemID
GetMenuItemCount
SetForegroundWindow
PtInRect
DestroyWindow
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
WhatRest

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.8.4607.2378

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
262144

EntryPoint
0xbaa6

OriginalFileName
doesonce.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2012 Retail Solutions

TimeStamp
2015:06:30 19:21:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WhatRest

SubsystemVersion
4.0

ProductVersion
8.8.4607.2378

FileDescription
WhatRest

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Retail Solutions

CodeSize
204800

ProductName
WhatRest

ProductVersionNumber
8.8.4607.2378

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b0009457ffc2b4d8f562b724385342fc
SHA1 e79795e2f26f33bc08b70f79cdbfc549d3b68223
SHA256 01ddbd5d3fd18fdae44b82f2d53869c01e99759138852467adfff3f902e1a6ec
ssdeep
6144:v84nJlcfthW2rSMjkHN4KyYCiaJRP15gvtqLO5NRN:UsGhWoaHNeD1Wg8

authentihash 3d29214a534b7d1c1659cab2b1b293cfe4eb38937c1e090ecf8d1f7cd908a843
imphash bb15b697acbb8ca2816fc0daf78e442e
File size 376.0 KB ( 385024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-02 01:06:57 UTC ( 3 years, 8 months ago )
Last submission 2015-07-09 14:17:48 UTC ( 3 years, 8 months ago )
File names WhatRest
doesonce.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs