× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0eb7590c2188d995fb3f8394ee10db5856542cfac3a62fd3c8e54236f5ffd428
File name: vti-rescan
Detection ratio: 39 / 47
Analysis date: 2013-05-30 23:21:32 UTC ( 10 months, 3 weeks ago )
Antivirus Result Update
AVG Dropper.Generic6.WOT 20130531
Agnitum Backdoor.Dalbot!11tlJUIahBo 20130530
AhnLab-V3 Win-Trojan/Dalbot.167936 20130530
AntiVir TR/Dropper.Gen2 20130530
Antiy-AVL Trojan/Win32.Agent.gen 20130530
Avast Win32:Trojan-gen 20130531
BitDefender Trojan.Generic.KDV.644563 20130531
CAT-QuickHeal TrojanDownloader.Agent.vzac 20130530
Comodo UnclassifiedMalware 20130530
DrWeb Trojan.DownLoad3.22367 20130531
ESET-NOD32 Win32/Agent.PCW 20130530
Emsisoft Trojan.Generic.KDV.644563 (B) 20130531
F-Secure Trojan.Generic.KDV.644563 20130531
Fortinet W32/Agent.VZAC!tr.dldr 20130530
GData Trojan.Generic.KDV.644563 20130531
Ikarus Trojan-Dropper.Agent 20130530
Jiangmin TrojanDownloader.Agent.emki 20130530
K7AntiVirus Riskware 20130530
K7GW Riskware 20130530
Kaspersky Trojan-Downloader.Win32.Agent.vzac 20130530
Kingsoft Win32.TrojDownloader.Agent.(kcloud) 20130506
McAfee Generic BackDoor!1tx 20130531
McAfee-GW-Edition Generic BackDoor!1tx 20130530
MicroWorld-eScan Trojan.Generic.KDV.644563 20130531
Microsoft Backdoor:Win32/Dalbot.gen 20130531
NANO-Antivirus Trojan.Win32.Agent2.tbibs 20130530
Norman Suspicious_Gen4.AIHCF 20130530
PCTools Trojan.Generic 20130521
Panda Trj/CI.A 20130530
Rising Trojan.Win32.Generic.12D86611 20130530
Sophos Troj/Mdrop-EHC 20130530
Symantec Trojan Horse 20130531
TrendMicro BKDR_AGENT.ERO 20130531
TrendMicro-HouseCall BKDR_AGENT.ERO 20130531
VBA32 suspected of Trojan.Downloader.gen.h 20130530
VIPRE Trojan.Win32.Generic!BT 20130530
ViRobot Trojan.Win32.A.Downloader.167936.QZ 20130530
eSafe Win32.TRDropper 20130530
nProtect Trojan/W32.Agent.167936.AQB 20130530
ByteHero 20130529
ClamAV 20130530
Commtouch 20130530
F-Prot 20130531
Malwarebytes 20130530
SUPERAntiSpyware 20130530
TheHacker 20130528
TotalDefense 20130530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-17 07:24:52
Entry Point 0x0000EA96
Number of sections 4
PE sections
PE imports
GetSystemTime
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetShortPathNameA
FreeEnvironmentStringsA
CreatePipe
GetStartupInfoA
SizeofResource
GetFileType
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
GetLocalTime
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
CompareStringW
RaiseException
CreateThread
GetStringTypeA
SetFilePointer
ReadFile
IsBadCodePtr
WriteFile
GetCurrentProcess
CompareStringA
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
TerminateProcess
GetEnvironmentStrings
SetUnhandledExceptionFilter
GetTimeZoneInformation
LoadResource
CreateFileW
VirtualFree
Sleep
IsBadReadPtr
SetEndOfFile
CreateFileA
HeapAlloc
GetVersion
FindResourceA
VirtualAlloc
HeapCreate
GetModuleHandleA
CloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
InternetConnectW
InternetWriteFile
InternetReadFile
HttpSendRequestExW
InternetCrackUrlW
InternetSetCookieW
InternetSetOptionW
InternetCloseHandle
InternetOpenW
HttpEndRequestA
HttpOpenRequestW
HttpAddRequestHeadersW
Ord(115)
Ord(57)
Number of PE resources by type
EXE 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:04:17 08:24:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98304

LinkerVersion
6.0

FileAccessDate
2013:05:31 00:21:26+01:00

EntryPoint
0xea96

InitializedDataSize
69632

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2013:05:31 00:21:26+01:00

UninitializedDataSize
0

File identification
MD5 9b6692295fadf24b512d5f63e4f74d15
SHA1 8dce6b56ff4b1ab2c9bd68a65dd5c1160efcfc6a
SHA256 0eb7590c2188d995fb3f8394ee10db5856542cfac3a62fd3c8e54236f5ffd428
ssdeep
3072:TG9WRwqzbSLPE8Uf9cWpiELFs88taiiC1ewguZlAOiqDx4qf:k5qQC93pnC1ebOZy

File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (13.4%)
Generic Win/DOS Executable (4.1%)
DOS Executable Generic (4.1%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-06-08 11:17:24 UTC ( 1 year, 10 months ago )
Last submission 2013-05-30 23:21:32 UTC ( 10 months, 3 weeks ago )
File names file-4074159_
vti-rescan
9B6692295FADF24B512D5F63E4F74D15.bin
9b6692295fadf24b512d5f63e4f74d15
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!