× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 04d437b0308bb6a8333035259c003cb1f354c1ac80917df44d038e0438077d41
File name: vti-rescan
Detection ratio: 27 / 50
Analysis date: 2014-03-10 19:26:10 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AVG Inject2.VMC 20140309
Ad-Aware Gen:Variant.Zusy.85089 20140310
AntiVir TR/Lecpetex.A.11 20140310
Avast Win32:Malware-gen 20140310
Baidu-International Trojan.Win32.Injector.AZFL 20140310
BitDefender Gen:Variant.Zusy.85089 20140310
ESET-NOD32 a variant of Win32/Injector.AZFL 20140310
Emsisoft Gen:Variant.Zusy.85089 (B) 20140310
F-Secure Gen:Variant.Zusy.85089 20140310
Fortinet W32/Injector.AZFL!tr 20140310
GData Gen:Variant.Zusy.85089 20140310
Ikarus Trojan.Win32.Lecpetex 20140310
K7AntiVirus Trojan ( 004967081 ) 20140310
K7GW Trojan ( 004967081 ) 20140310
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140310
Malwarebytes Trojan.Agent 20140310
McAfee Artemis!2D10FCC938C2 20140310
McAfee-GW-Edition Artemis!2D10FCC938C2 20140310
MicroWorld-eScan Gen:Variant.Zusy.85089 20140310
Microsoft Trojan:Win32/Lecpetex.A 20140310
Norman Troj_Generic.SXCYF 20140310
Panda Trj/CI.A 20140310
Qihoo-360 Win32/Trojan.629 20140310
Sophos Troj/Agent-AGHS 20140310
Symantec Trojan.Gen.2 20140310
TrendMicro-HouseCall TROJ_GEN.R0CBH01C814 20140310
VIPRE Trojan.Win32.Generic!BT 20140310
Agnitum 20140310
AhnLab-V3 20140310
Antiy-AVL 20140310
Bkav 20140310
ByteHero 20140310
CAT-QuickHeal 20140310
CMC 20140307
ClamAV 20140310
Commtouch 20140310
Comodo 20140310
DrWeb 20140310
F-Prot 20140310
Jiangmin 20140310
Kaspersky 20140310
NANO-Antivirus 20140310
Rising 20140310
SUPERAntiSpyware 20140310
TheHacker 20140309
TotalDefense 20140310
TrendMicro 20140310
VBA32 20140310
ViRobot 20140310
nProtect 20140310
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-06 17:14:24
Link date 6:14 PM 3/6/2014
Entry Point 0x000029EF
Number of sections 3
PE sections
PE imports
CryptDeriveKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
WriteProcessMemory
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
FlsGetValue
FlushFileBuffers
GetEnvironmentStringsW
FlsSetValue
LoadLibraryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetVolumeInformationA
GetConsoleMode
HeapSize
WriteConsoleW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
FlsAlloc
GetCommandLineA
GetProcAddress
FlsFree
EncodePointer
GetProcessHeap
GetTickCount64
SetStdHandle
CreateMutexA
WideCharToMultiByte
LoadLibraryW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetThreadContext
TerminateProcess
ResumeThread
LCMapStringEx
GetModuleHandleExW
InitOnceExecuteOnce
OutputDebugStringW
CreateFileW
GetStringTypeW
InterlockedDecrement
Sleep
GetFileType
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:06 18:14:24+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
29184

LinkerVersion
11.0

EntryPoint
0x29ef

InitializedDataSize
187904

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 2d10fcc938c25df1df8df4c1ffc07568
SHA1 9643f12cbad8e33c562408acdbc73f60d09efb9c
SHA256 04d437b0308bb6a8333035259c003cb1f354c1ac80917df44d038e0438077d41
ssdeep
3072:gTOuRrLE7fLTGCl9VtMX4GbQjmALeYGTGLqgh809:9YG1/tKUCALeYeGLhh9

authentihash 47f6eea0b0100bc7c7c1af3c3b7c5a4699a762c6505583837c1b3ddc5342c4dc
imphash d9b37e72a8c1fddfe70d273fcc001cbb
File size 205.5 KB ( 210432 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-03-06 20:07:53 UTC ( 1 year, 1 month ago )
Last submission 2014-06-23 11:24:21 UTC ( 10 months, 1 week ago )
File names 91b336d987aea3bd608fe6152cb9762c7600c600
module.dat
22233987
vti-rescan
output.22233987.txt
goofy.dat
bitcoin.exe
2d10fcc938c25df1df8df4c1ffc07568.malware
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!