× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 052a8cb2de2a8945e053f649356a6e77769f91556b51bd4492c9cee2f26d1bde
File name: vti-rescan
Detection ratio: 15 / 57
Analysis date: 2015-03-22 09:41:01 UTC ( 4 years ago ) View latest
Antivirus Result Update
Avast Win32:Trojan-gen 20150322
AVG Zbot.ZVV 20150322
Avira (no cloud) TR/Zbot.A.1709 20150322
Baidu-International Trojan.Win32.Zbot.ACB 20150322
Bkav HW32.Packed.5CD0 20150321
DrWeb Trojan.PWS.Panda.7708 20150322
ESET-NOD32 Win32/Spy.Zbot.ACB 20150322
McAfee Artemis!68124A0E5908 20150322
McAfee-GW-Edition Artemis!Trojan 20150322
Microsoft PWS:Win32/Zbot.gen!VM 20150322
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150321
Sophos AV Mal/Generic-S 20150322
Symantec WS.Reputation.1 20150322
TrendMicro TROJ_FORUCON.BMC 20150322
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150322
Ad-Aware 20150322
AegisLab 20150322
Yandex 20150322
AhnLab-V3 20150322
Alibaba 20150322
ALYac 20150322
Antiy-AVL 20150322
AVware 20150320
BitDefender 20150322
ByteHero 20150322
CAT-QuickHeal 20150321
ClamAV 20150322
CMC 20150317
Comodo 20150322
Cyren 20150322
Emsisoft 20150322
F-Prot 20150322
F-Secure 20150322
Fortinet 20150322
GData 20150322
Ikarus 20150322
Jiangmin 20150320
K7AntiVirus 20150322
K7GW 20150322
Kaspersky 20150322
Kingsoft 20150322
Malwarebytes 20150322
eScan 20150322
NANO-Antivirus 20150322
Norman 20150322
nProtect 20150320
Panda 20150318
Qihoo-360 20150322
SUPERAntiSpyware 20150321
Tencent 20150322
TheHacker 20150322
TotalDefense 20150321
VBA32 20150321
VIPRE 20150322
ViRobot 20150322
Zillya 20150322
Zoner 20150320
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
guidereach Guess languagebrightWild

Product On Stream
Original name provideSec.exe
Internal name On Stream
File version 10.8.8485.4352
Description On Stream
Comments brotherthat holdresult Science Broke figuretowardmain old Each Leavemillion
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-20 12:25:00
Entry Point 0x000015CF
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
FindFirstChangeNotificationA
GetFileAttributesA
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetVersionExA
VirtualProtect
GlobalUnlock
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
CreatePipe
GetDiskFreeSpaceA
GetStartupInfoW
GetEnvironmentStrings
GetFileType
GetLocaleInfoA
GetCurrentProcessId
SetHandleCount
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
GetFileTime
WideCharToMultiByte
GetModuleFileNameW
GetStringTypeA
GetModuleHandleA
DeleteCriticalSection
GlobalFree
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
VirtualFree
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
MoveFileExA
HeapDestroy
HeapAlloc
TerminateProcess
FindCloseChangeNotification
CreateProcessA
LCMapStringA
InitializeCriticalSection
HeapCreate
GlobalAlloc
GetStringTypeW
GetEnvironmentStringsW
TlsGetValue
Sleep
FindNextChangeNotification
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetStartupInfoA
SetLastError
LeaveCriticalSection
CheckBitmapBits
InstallColorProfileA
GetPS2ColorRenderingDictionary
ConvertColorNameToIndex
TranslateBitmapBits
CreateMultiProfileTransform
ConvertIndexToColorName
SelectCMM
CreateProfileFromLogColorSpaceA
SetColorProfileElement
CreateDeviceLinkProfile
GetColorDirectoryA
UninstallColorProfileA
DisassociateColorProfileFromDeviceA
GetStandardColorSpaceProfileA
GetPS2ColorSpaceArray
EnumColorProfilesA
OpenColorProfileA
RegisterCMMA
TranslateColors
CheckColors
GetPS2ColorRenderingIntent
GetColorProfileElement
SetColorProfileHeader
SetColorProfileElementReference
IsColorProfileTagPresent
CreateColorTransformA
CloseColorProfile
UnregisterCMMA
SetStandardColorSpaceProfileA
SetColorProfileElementSize
DeleteColorTransform
IsColorProfileValid
GetCMMInfo
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
problemexperiment Temperature school railcloud Cotton

SubsystemVersion
4.0

Comments
brotherthat holdresult Science Broke figuretowardmain old Each Leavemillion

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.8.8485.4352

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
On Stream

CharacterSet
Windows, Latin1

InitializedDataSize
125952

EntryPoint
0x15cf

OriginalFileName
provideSec.exe

MIMEType
application/octet-stream

LegalCopyright
guidereach Guess languagebrightWild

FileVersion
10.8.8485.4352

TimeStamp
2015:03:20 13:25:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
On Stream

ProductVersion
10.8.8485.4352

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Cradle Solution

CodeSize
154624

ProductName
On Stream

ProductVersionNumber
10.8.8485.4352

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 68124a0e590867d46bae70e3506da5d9
SHA1 ae7a197d315ab1ad2e3b669e4f3c5e5bfb6aec55
SHA256 052a8cb2de2a8945e053f649356a6e77769f91556b51bd4492c9cee2f26d1bde
ssdeep
3072:NBmbaX69OASUG+UYLgJtBZoz9uYajVZheKCkAy46A5aLoIm039Vi3EeBAVQt7NLP:NUbVUpUuYLWtBAILheKx3r8ImKVo1AV

authentihash 7bebabf01027f47cea566469c2fe50810b548dbc2b367637719ca9cca6fdb946
imphash bc97619318f5cf88983c7edf93e160e0
File size 235.0 KB ( 240640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-20 12:56:29 UTC ( 4 years ago )
Last submission 2016-06-12 00:03:53 UTC ( 2 years, 9 months ago )
File names On Stream
provideSec.exe
isheriff_68124a0e590867d46bae70e3506da5d9.bin
68124a0e590867d46bae70e3506da5d9.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.