× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c74e954440c86202e972b9ab94071d4b9fa8dd45c502e4e683a2d0b3a78717e
File name: vti-rescan
Detection ratio: 36 / 57
Analysis date: 2015-03-09 09:19:43 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1805403 20150309
AhnLab-V3 Win-Trojan/Agent.177544 20150308
ALYac Trojan.GenericKD.1805403 20150309
Antiy-AVL Trojan/Win32.Agent 20150309
Avast Win32:Malware-gen 20150309
AVG Agent4.CAHY 20150309
Avira (no cloud) BDS/Plugx.K.7 20150309
AVware Trojan.Win32.Generic!BT 20150309
BitDefender Trojan.GenericKD.1805403 20150309
CAT-QuickHeal Trojan.Agen.r5 20150309
ClamAV Win.Trojan.PlugX-94 20150309
Comodo UnclassifiedMalware 20150309
Cyren W32/Trojan.MXRI-2375 20150309
Emsisoft Trojan.GenericKD.1805403 (B) 20150309
ESET-NOD32 a variant of Win32/Korplug.CH 20150309
F-Secure Trojan.GenericKD.1805403 20150308
Fortinet W32/Korplug.CH!tr 20150309
GData Trojan.GenericKD.1805403 20150309
Ikarus Trojan.Win32.Korplug 20150309
K7AntiVirus Trojan ( 0049fc6f1 ) 20150309
K7GW Trojan ( 0049fc6f1 ) 20150308
Kaspersky Trojan.Win32.Agent.idav 20150309
Kingsoft Win32.Troj.Agent.id.(kcloud) 20150309
McAfee BackDoor-PlugX!7E6C8992026A 20150309
McAfee-GW-Edition BackDoor-PlugX!7E6C8992026A 20150309
Microsoft Backdoor:Win32/Plugx.K!dha 20150309
eScan Trojan.GenericKD.1805403 20150309
nProtect Trojan.GenericKD.1805403 20150306
Panda Generic Suspicious 20150308
Sophos AV Mal/Generic-S 20150309
Symantec Trojan.Naid 20150309
Tencent Win32.Trojan.Agent.Akfs 20150309
TrendMicro TROJ_SPNV.05HE14 20150309
TrendMicro-HouseCall TROJ_SPNV.05HE14 20150309
VIPRE Trojan.Win32.Generic!BT 20150309
Zillya Trojan.Agent.Win32.483403 20150308
AegisLab 20150309
Yandex 20150308
Alibaba 20150309
Baidu-International 20150309
Bkav 20150306
ByteHero 20150309
CMC 20150304
DrWeb 20150309
F-Prot 20150309
Jiangmin 20150306
Malwarebytes 20150309
NANO-Antivirus 20150309
Norman 20150309
Qihoo-360 20150309
Rising 20150307
SUPERAntiSpyware 20150308
TheHacker 20150309
TotalDefense 20150308
VBA32 20150309
ViRobot 20150309
Zoner 20150309
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corp. 2003-2011

Product Microsoft (R) Windows
Original name Credentials.dll
Internal name Credentials.dll
File version 4, 1, 0, 9280
Description Credentials.dll Shared Library - Retail Version
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] MOCOMSYS INC,
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 7/20/2012
Valid to 12:59 AM 7/21/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9C5F2018390F38FD1CEFD5E0B3A17A4875556DD9
Serial number 03 E5 A0 10 B0 5C 92 87 F8 23 C2 58 5F 54 7B 80
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-01 05:31:18
Entry Point 0x00001E52
Number of sections 5
PE sections
Overlays
MD5 14bfe2fe6cf6315a66441964c7f1aeab
File type data
Offset 172032
Size 5512
Entropy 7.26
PE imports
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetCPInfo
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
GetStringTypeA
SetStdHandle
CloseHandle
CreateThread
TlsFree
SetFilePointer
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
ReadFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetConsoleCP
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
FindClose
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SpecialBuild
4.1.0.9280

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.0.9280

LanguageCode
English (U.S.)

FileFlagsMask
0x0037

FileDescription
Credentials.dll Shared Library - Retail Version

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
130560

EntryPoint
0x1e52

OriginalFileName
Credentials.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Microsoft Corp. 2003-2011

FileVersion
4, 1, 0, 9280

TimeStamp
2013:11:01 06:31:18+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Credentials.dll

ProductVersion
4.1.0.9280

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
40448

ProductName
Microsoft (R) Windows

ProductVersionNumber
4.1.0.9280

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 7e6c8992026a79c080f88103f6a69d2c
SHA1 20a43ce2e2ad9e2497411416ebb551edb23826ca
SHA256 0c74e954440c86202e972b9ab94071d4b9fa8dd45c502e4e683a2d0b3a78717e
ssdeep
3072:hBbOfk5rAaK1xnJO+Wg3t4vRiRpU1wYhUVux:/vK1K+WGt4p4k/

authentihash 3a3798231833fb5d96644f134225feaa2956637a74a8999eb2bf7ff16e5966f1
imphash f749528b1db6fe5aee61970813c7bc18
File size 173.4 KB ( 177544 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
revoked-cert pedll signed overlay

VirusTotal metadata
First submission 2013-11-24 09:59:45 UTC ( 5 years, 3 months ago )
Last submission 2018-04-27 21:15:02 UTC ( 10 months, 3 weeks ago )
File names vti-rescan
Credentials.dll
Korplug
malware (2)
0c74e954440c86202e972b9ab94071d4b9fa8dd45c502e4e683a2d0b3a78717e
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!