× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a1037f7992ca8c17be349bb98c334ac6b6ab082d7b47a020df72177fdaf8904
File name: vti-rescan
Detection ratio: 45 / 57
Analysis date: 2015-09-01 10:01:32 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2637566 20150901
Yandex Trojan.Agent!r9UsHY6xxvo 20150831
AhnLab-V3 Trojan/Win32.Dridex 20150831
ALYac Trojan.GenericKD.2637566 20150901
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20150901
Arcabit Trojan.Generic.D283EFE 20150901
Avast Win32:Malware-gen 20150901
AVG Crypt4.BUTI 20150901
Avira (no cloud) TR/Crypt.ZPACK.136891 20150901
AVware Trojan.Win32.Generic!BT 20150901
Baidu-International Adware.Win32.iBryte.DTCD 20150901
BitDefender Trojan.GenericKD.2637566 20150901
CAT-QuickHeal Backdoor.Drixed.r4 20150901
Comodo UnclassifiedMalware 20150901
Cyren W32/Trojan.KOJK-9320 20150901
DrWeb Trojan.Inject2.588 20150901
Emsisoft Trojan.Win32.MalPack (A) 20150901
ESET-NOD32 a variant of Win32/Kryptik.DTCD 20150901
F-Secure Trojan.GenericKD.2637566 20150901
Fortinet W32/Generic.AOHW!tr 20150901
GData Trojan.GenericKD.2637566 20150901
Ikarus Trojan.Win32.Crypt 20150901
Jiangmin Trojan/Generic.bzijj 20150831
K7AntiVirus Trojan ( 004ccd651 ) 20150901
K7GW Trojan ( 004ccd651 ) 20150901
Kaspersky HEUR:Trojan.Win32.Generic 20150901
Malwarebytes Trojan.Dridex 20150901
McAfee RDN/Generic.grp 20150901
McAfee-GW-Edition RDN/Generic.grp 20150901
Microsoft Backdoor:Win32/Drixed 20150901
eScan Trojan.GenericKD.2637566 20150901
NANO-Antivirus Trojan.Win32.Kryptik.dvblmw 20150901
nProtect Trojan.GenericKD.2637566 20150831
Panda Trj/Genetic.gen 20150831
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150901
Rising PE:Malware.Generic/QRS!1.9E2D[F1] 20150831
Sophos AV Troj/Agent-AOHW 20150901
Symantec Trojan.Cridex 20150831
Tencent Win32.Trojan.Generic.Suwy 20150901
TotalDefense Win32/Remex.ZAZA!suspicious 20150901
TrendMicro TSPY_DRIDEX.US 20150901
TrendMicro-HouseCall TSPY_DRIDEX.US 20150901
VIPRE Trojan.Win32.Generic!BT 20150901
ViRobot Trojan.Win32.Agent.140288.S[h] 20150901
Zillya Trojan.Kryptik.Win32.770190 20150901
AegisLab 20150901
Alibaba 20150901
Bkav 20150831
ByteHero 20150901
ClamAV 20150901
CMC 20150831
F-Prot 20150901
Kingsoft 20150901
SUPERAntiSpyware 20150829
TheHacker 20150831
VBA32 20150831
Zoner 20150901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-11 10:29:34
Entry Point 0x00001073
Number of sections 4
PE sections
PE imports
AVIClearClipboard
EditStreamClone
AVIFileWriteData
IID_IAVIFile
AVISaveVW
EditStreamCut
AVIStreamReadData
AVIFileOpenA
AVIBuildFilterA
AVIFileGetStream
AVISaveW
AVIFileExit
AVIFileRelease
AVIStreamTimeToSample
AVIStreamInfoW
CreateEditableStream
EditStreamSetInfoW
AVIFileInfoW
AVIStreamCreate
AVIFileEndRecord
EditStreamSetInfoA
AVIStreamInfoA
GetStartupInfoA
GetCurrentThreadId
GetModuleHandleA
ExitProcess
GetProcAddress
DsUnquoteRdnValueA
DsGetSpnW
DsCrackNamesA
DsAddSidHistoryW
DsGetSpnA
DsListServersInSiteA
DsMakePasswordCredentialsW
DsBindWithSpnW
DsListServersForDomainInSiteA
DsGetDomainControllerInfoA
DsListServersInSiteW
DsListServersForDomainInSiteW
DsBindWithSpnA
DsListRolesA
DsListDomainsInSiteW
DsInheritSecurityIdentityA
DsServerRegisterSpnW
DsClientMakeSpnForTargetServerA
DsRemoveDsDomainA
DsQuoteRdnValueW
DsFreeSpnArrayW
DsFreeSchemaGuidMapW
DsUnBindA
DsBindWithCredA
DsWriteAccountSpnA
DsFreePasswordCredentials
DsCrackSpnW
DsReplicaAddA
DsWriteAccountSpnW
DsReplicaSyncAllA
PathGetCharTypeA
StrFormatKBSizeA
wvnsprintfA
PathIsUNCA
PathIsContentTypeW
UrlApplySchemeW
SHOpenRegStream2W
StrRetToBufW
PathUndecorateA
StrCmpNIA
UrlEscapeA
StrRetToBufA
UrlApplySchemeA
SHOpenRegStream2A
PathRemoveBackslashW
SHRegEnumUSKeyA
wnsprintfW
PathRemoveExtensionA
StrChrIW
PathStripToRootA
SHOpenRegStreamA
SHEnumValueA
SHRegCreateUSKeyW
StrFormatByteSize64A
ChrCmpIW
PathIsRelativeW
PathUnquoteSpacesW
SHRegSetPathA
StrRStrIA
SHEnumValueW
PathAddExtensionW
ColorRGBToHLS
PathRemoveBlanksW
SHRegWriteUSValueW
Ord(130)
Ord(98)
Ord(154)
Ord(156)
Ord(225)
Ord(91)
Ord(115)
Ord(192)
Ord(17)
Ord(100)
Ord(26)
Ord(52)
Ord(157)
Ord(80)
Ord(59)
Ord(124)
Ord(224)
Ord(226)
Ord(69)
Ord(166)
Ord(36)
Ord(164)
Ord(55)
Ord(195)
Ord(29)
Ord(27)
Ord(214)
RevokeBindStatusCallback
CoInternetQueryInfo
HlinkSimpleNavigateToString
FindMimeFromData
URLOpenStreamW
CoInternetCombineUrl
FindMediaTypeClass
GetSoftwareUpdateInfo
FindMediaType
GetClassFileOrMime
CopyStgMedium
RegisterMediaTypes
ObtainUserAgentString
URLDownloadToCacheFileW
SetSoftwareUpdateAdvertisementState
CoGetClassObjectFromURL
HlinkSimpleNavigateToMoniker
UrlMkSetSessionOption
CoInternetCreateSecurityManager
UrlMkGetSessionOption
CreateFormatEnumerator
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:08:11 11:29:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
127488

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
11776

SubsystemVersion
4.0

EntryPoint
0x1073

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c314e376a847f9757da8d321103fca40
SHA1 9a5aa9ec711b00e234cf0ef4d65e25e35d9fe6ec
SHA256 2a1037f7992ca8c17be349bb98c334ac6b6ab082d7b47a020df72177fdaf8904
ssdeep
3072:KHkMX5kLln92vzsgirD9CpxREs1Vw5sxiCimEgnw:KHkMe9uzsrkyR5sxiqJnw

authentihash 0e80998f386d27bfcbfeab2d1626d5d81e5d95fe5a331aec6306615039f46d72
imphash 58ecb404fc8595d5ab9c3afc32971e0c
File size 137.0 KB ( 140288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-08-11 11:15:21 UTC ( 3 years, 9 months ago )
Last submission 2015-08-12 18:36:05 UTC ( 3 years, 9 months ago )
File names 9.exe.2787173842
oas.exe
QOrVZ8o2.mht
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R02JH07HB15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.