× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d621196bb84ffd4ad6ce6c88034030186b2ebcd3ee7d315cac4300fe6321e7d
File name: vti-rescan
Detection ratio: 30 / 54
Analysis date: 2015-12-23 13:01:27 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2943501 20151223
ALYac Trojan.GenericKD.2943598 20151223
Antiy-AVL Trojan/Win32.Diple 20151223
Avast Win32:Malware-gen 20151223
AVG Crypt5.VSK 20151223
Avira (no cloud) TR/Crypt.Xpack.267554 20151223
AVware Trojan.Win32.Generic!BT 20151223
Baidu-International Trojan.Win32.Injector.COXH 20151223
BitDefender Trojan.GenericKD.2943501 20151223
Bkav HW32.Packed.99ED 20151223
Emsisoft Trojan.GenericKD.2943501 (B) 20151223
ESET-NOD32 a variant of Win32/Injector.COXH 20151223
F-Secure Trojan.GenericKD.2943501 20151223
GData Trojan.GenericKD.2943501 20151223
Ikarus Trojan.Win32.Injector 20151223
Jiangmin TrojanSpy.Zbot.eykb 20151223
K7GW Trojan ( 004da10b1 ) 20151223
Kaspersky Trojan.Win32.Diple.gkiq 20151223
Malwarebytes Trojan.Dridex 20151223
McAfee Generic.xy 20151223
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20151223
Microsoft Backdoor:Win32/Drixed 20151223
eScan Trojan.GenericKD.2943501 20151223
nProtect Trojan/W32.Inject.197634 20151223
Panda Generic Suspicious 20151222
Sophos AV Troj/Dridex-LR 20151223
Symantec Suspicious.Cloud.2 20151222
Tencent Win32.Trojan.Bp-apt.Pthw 20151223
TrendMicro TSPY_DRIDEX.YYSQB 20151223
TrendMicro-HouseCall TSPY_DRIDEX.YYSQB 20151223
AegisLab 20151223
Yandex 20151220
AhnLab-V3 20151223
Alibaba 20151208
Arcabit 20151223
ByteHero 20151223
CAT-QuickHeal 20151223
ClamAV 20151222
CMC 20151217
Comodo 20151223
Cyren 20151223
DrWeb 20151223
F-Prot 20151223
Fortinet 20151223
K7AntiVirus 20151223
NANO-Antivirus 20151223
Rising 20151223
SUPERAntiSpyware 20151223
TheHacker 20151223
VBA32 20151222
VIPRE 20151219
ViRobot 20151223
Zillya 20151223
Zoner 20151223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2011

Product TotalChaxun
Original name TotalChaxun.exe
Internal name TotalChaxun
File version 1, 0, 0, 1
Description TotalChaxun
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-21 16:42:22
Entry Point 0x0000285C
Number of sections 6
PE sections
Overlays
MD5 bc9711274d5e983a7a79183545c99dcd
File type data
Offset 61440
Size 136194
Entropy 8.00
PE imports
RegDeleteKeyA
TextOutA
GetObjectA
TextOutW
GetObjectW
GetStartupInfoA
GlobalMemoryStatus
CreateThread
GetModuleFileNameW
GetModuleHandleA
OpenProcess
ReadFile
VirtualQuery
SetEvent
GetCPInfo
ClearCommBreak
FindNextFileW
CreateFileW
DeleteFileW
Ord(1775)
Ord(2358)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(693)
Ord(6375)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(6366)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4402)
Ord(3640)
Ord(5199)
Ord(567)
Ord(1134)
Ord(4465)
Ord(609)
Ord(2863)
Ord(5300)
Ord(4425)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(2581)
Ord(5307)
Ord(4441)
Ord(4401)
Ord(4424)
Ord(540)
Ord(3639)
Ord(4078)
Ord(2554)
Ord(4376)
Ord(6376)
Ord(1727)
Ord(3370)
Ord(823)
Ord(2642)
Ord(2379)
Ord(2725)
Ord(1776)
Ord(4998)
Ord(5981)
Ord(4219)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2413)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2370)
Ord(1771)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(6052)
Ord(4160)
Ord(3574)
Ord(3402)
Ord(2582)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3092)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(2024)
Ord(692)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
_except_handler3
__p__fmode
fread
_XcptFilter
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
strcmp
_setmbcp
__dllonexit
_onexit
exit
free
__getmainargs
_initterm
_controlfp
fopen
_adjust_fdiv
__set_app_type
CreateDialogParamW
PeekMessageW
GetSystemMetrics
LoadIconA
EnableWindow
DefDlgProcA
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
SetDlgItemTextW
AppendMenuA
Number of PE resources by type
RT_ICON 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH CAN 1
GREEK DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Japanese

FileFlagsMask
0x003f

CharacterSet
Windows, Hebrew

InitializedDataSize
40960

EntryPoint
0x285c

OriginalFileName
TotalChaxun.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2011

FileVersion
1, 0, 0, 1

TimeStamp
2015:12:21 17:42:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TotalChaxun

ProductVersion
1, 0, 0, 1

FileDescription
TotalChaxun

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
16384

ProductName
TotalChaxun

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ee4b6faa3f6753814873d2ec82eb95e7
SHA1 a3f80c9603d7a93bb5c7750cf132e2dc627e020e
SHA256 0d621196bb84ffd4ad6ce6c88034030186b2ebcd3ee7d315cac4300fe6321e7d
ssdeep
3072:8NGn+KYkI+CQ/kb/88IRpCtp5aaYor06IfnMErAzr1JNTKhv:8NG+KJFC8yzC6p5a0+fWzTNTqv

authentihash d5755bff2b049d35133ac21c9dbb7c807c51c2daeaa0c45358d70f49b084f6c5
imphash 0b025ff39559839647e02add9264cbdb
File size 193.0 KB ( 197634 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-22 13:26:33 UTC ( 2 years, 6 months ago )
Last submission 2018-04-25 16:58:57 UTC ( 2 months, 3 weeks ago )
File names TotalChaxun.exe
gDKMnMBOnD.msi
VirusShare_ee4b6faa3f6753814873d2ec82eb95e7
ee4b6faa3f6753814873d2ec82eb95e7.exe
yourmom.exe
0d621196bb84ffd4ad6ce6c88034030186b2ebcd3ee7d315cac4300fe6321e7d.exe
VirusShare_ee4b6faa3f6753814873d2ec82eb95e7
tLYga2L.sys
filename
UXLqrD.bin
87t5fv.exe
87t5fv.exe
TotalChaxun
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs