× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 197d71a2c0dd61cef90ad413892e935740d13074604921e9f95f6aee403dec3f
File name: vti-rescan
Detection ratio: 43 / 54
Analysis date: 2014-09-18 16:29:52 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.146314 20140918
Yandex TrojanSpy.Zbot!v3PqLXEgTW8 20140918
AhnLab-V3 Trojan/Win32.ZBot 20140918
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140918
Avast Win32:Malware-gen 20140918
AVG Zbot.LKD 20140918
Avira (no cloud) TR/Graftor.146314.1 20140918
AVware Trojan.Win32.Generic.pak!cobra 20140918
Baidu-International Trojan.Win32.Zbot.ADhw 20140918
BitDefender Gen:Variant.Graftor.146314 20140918
Bkav W32.HfsAutoA.2215 20140918
CAT-QuickHeal TrojanPWS.Zbot.LB6 20140918
Cyren W32/Trojan.RXPG-2098 20140918
DrWeb Trojan.PWS.Panda.7278 20140918
Emsisoft Gen:Variant.Graftor.146314 (B) 20140918
ESET-NOD32 a variant of Win32/Injector.BHNP 20140918
F-Prot W32/Trojan3.JDY 20140918
F-Secure Gen:Variant.Graftor.146314 20140918
Fortinet W32/Zbot.TKTI!tr 20140918
GData Gen:Variant.Graftor.146314 20140918
Ikarus Trojan-Spy.Win32.Zbot 20140918
K7AntiVirus Trojan ( 0049cfb01 ) 20140918
K7GW Trojan ( 0049cfb01 ) 20140918
Kaspersky Trojan-Spy.Win32.Zbot.tkti 20140918
Kingsoft Win32.Troj.Zbot.tk.(kcloud) 20140918
Malwarebytes Spyware.ZeuS 20140918
McAfee RDN/Generic PWS.y!b2h 20140918
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fc 20140917
Microsoft PWS:Win32/Zbot 20140918
eScan Gen:Variant.Graftor.146314 20140918
NANO-Antivirus Trojan.Win32.Zbot.dccoey 20140918
Norman Suspicious_Gen4.GSPNS 20140918
Panda Trj/CI.A 20140918
Qihoo-360 Win32/Trojan.Spy.422 20140918
Rising PE:Trojan.Win32.Generic.16FD3174!385692020 20140918
Sophos Mal/Generic-S 20140918
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140918
Symantec Trojan.Zbot 20140918
Tencent Win32.Trojan-spy.Zbot.Edoq 20140918
TrendMicro TROJ_GEN.R0CBC0DGD14 20140918
TrendMicro-HouseCall TROJ_GEN.R0CBC0DGD14 20140918
VBA32 TrojanSpy.Zbot 20140918
Zillya Trojan.Zbot.Win32.159873 20140917
AegisLab 20140918
ByteHero 20140918
ClamAV 20140918
CMC 20140918
Comodo 20140918
Jiangmin 20140917
nProtect 20140918
TheHacker 20140917
TotalDefense 20140918
ViRobot 20140918
Zoner 20140916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-30 19:02:15
Entry Point 0x00002400
Number of sections 4
PE sections
PE imports
DeleteObject
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetFileSize
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
GetModuleHandleA
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
WriteFile
GetCurrentProcess
FindFirstFileA
GetTempFileNameA
GetACP
HeapReAlloc
GetStringTypeW
MoveFileA
TerminateProcess
HeapCreate
VirtualFree
GetFileType
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
CloseHandle
PathFindFileNameA
PathFindExtensionA
LoadIconA
EnableWindow
EndDialog
GetDlgItemTextA
SendMessageA
MessageBoxA
GetDlgItem
DialogBoxParamA
ShowWindow
LoadBitmapA
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 4
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:30 20:02:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileAccessDate
2014:07:09 13:09:48+01:00

EntryPoint
0x2400

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:07:09 13:09:48+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1fd8e65503847028ff9f9f2ddc3ea950
SHA1 d4a6d0115a47327ec4fc3ea622cdccce2d37af72
SHA256 197d71a2c0dd61cef90ad413892e935740d13074604921e9f95f6aee403dec3f
ssdeep
6144:uTfHBy1KkjGMCALTRDr3XMXb9ooxkuHJNq+jPq5SK0QKgGtGm248:uTfHB0LrHrqaoxkupEMQjh6tGP9

authentihash 5ebdd38a05345dbcb38c612d049a99af8048c539fe1479f20328db11c5d7ce70
imphash 3c2d763f239015ec2a65ffd5072210d2
File size 326.8 KB ( 334656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-09 12:16:07 UTC ( 2 years, 8 months ago )
Last submission 2014-09-18 16:29:52 UTC ( 2 years, 6 months ago )
File names vti-rescan
REVISED-QUOTATION.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs