× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2cba464f6454b598809063e58beed60d7a322f87720567997dda5f685ec5936a
File name: vti-rescan
Detection ratio: 31 / 54
Analysis date: 2016-02-17 15:10:17 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.771285 20160217
AegisLab Troj.W32.Generic!c 20160217
AhnLab-V3 Trojan/Win32.Drixed 20160217
ALYac Gen:Variant.Kazy.771285 20160217
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160217
Arcabit Trojan.Kazy.DBC4D5 20160217
Avast Win32:Crypt-SKJ [Trj] 20160217
AVG Crypt5.AJAY 20160217
Avira (no cloud) TR/Crypt.XPACK.Gen 20160217
BitDefender Gen:Variant.Kazy.771285 20160217
Emsisoft Gen:Variant.Kazy.771285 (B) 20160217
ESET-NOD32 a variant of Win32/Dridex.AA 20160217
F-Secure Gen:Variant.Kazy.771285 20160217
GData Gen:Variant.Kazy.771285 20160217
Ikarus Trojan.Win32.Dridex 20160217
K7AntiVirus Trojan ( 004d86461 ) 20160217
K7GW Trojan ( 004d86461 ) 20160217
Kaspersky HEUR:Trojan.Win32.Generic 20160217
McAfee Artemis!6E484F0C00A3 20160217
McAfee-GW-Edition BehavesLike.Win32.Sality.nh 20160217
Microsoft VirTool:Win32/Visky.A 20160217
eScan Gen:Variant.Kazy.771285 20160217
NANO-Antivirus Virus.Win32.Gen.ccmw 20160217
Panda Generic Suspicious 20160216
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160217
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160217
Sophos AV Mal/Generic-S 20160217
Symantec Suspicious.MH690.A 20160216
TrendMicro-HouseCall TSPY_DRIDEX.SMJB 20160217
VBA32 BScope.Trojan-Dropper.Injector 20160217
VIPRE Trojan.Win32.Dridex.aa (v) 20160217
Yandex 20160216
Alibaba 20160217
Baidu-International 20160216
Bkav 20160217
ByteHero 20160217
CAT-QuickHeal 20160216
ClamAV 20160217
CMC 20160216
Comodo 20160217
Cyren 20160217
DrWeb 20160217
F-Prot 20160217
Fortinet 20160217
Jiangmin 20160217
Malwarebytes 20160217
nProtect 20160217
SUPERAntiSpyware 20160217
Tencent 20160217
TheHacker 20160217
TrendMicro 20160217
ViRobot 20160217
Zillya 20160217
Zoner 20160217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-11 16:10:36
Entry Point 0x00001FD8
Number of sections 5
PE sections
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:02:11 17:10:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56832

LinkerVersion
10.0

EntryPoint
0x1fd8

InitializedDataSize
34304

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 6e484f0c00a335133ec5f5742b6ba76e
SHA1 fd03bac130f53cbf46fe5c9c81b0145e1259401d
SHA256 2cba464f6454b598809063e58beed60d7a322f87720567997dda5f685ec5936a
ssdeep
1536:cK3SnQP8R8ikGEXmQFAz0rNaXvlsQLakOwlRQRyrvlrrrrrrrrrrrrrrrrrrrrrl:/FPivXwmQFA4r8iQekOwYgjlrrrrrrr6

authentihash 1127484b6978646604245a8068c117b9d4dd780221ec44aeb15949add995e8dc
File size 90.0 KB ( 92160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-17 13:56:31 UTC ( 3 years ago )
Last submission 2016-12-17 01:57:49 UTC ( 2 years, 2 months ago )
File names whatami.exe
driver.exe
kbe.exe
driver.exe.1284.dr
kbe.exe
tcp_st1.exe
kbe.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications