× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3124fc4b6acf28cbebd8463cbf3e7279a73135e0c64b0133adc4c18188761f6e
File name: vti-rescan
Detection ratio: 33 / 49
Analysis date: 2014-01-21 04:57:42 UTC ( 3 months ago )
Antivirus Result Update
AVG Generic35.BHDH 20140121
Ad-Aware Trojan.GenericKD.1500583 20140121
AhnLab-V3 Trojan/Win32.Rebhip 20140120
AntiVir Worm/Rebhip.A.13469 20140121
Avast Win32:Malware-gen 20140121
Baidu-International Trojan.Win32.Injector.AVJH 20131213
BitDefender Trojan.GenericKD.1500583 20140121
CMC Heur.Win32.Veebee.1!O 20140115
DrWeb Win32.HLLW.Autoruner.25074 20140121
ESET-NOD32 a variant of Win32/Injector.AVJH 20140121
Emsisoft Trojan.GenericKD.1500583 (B) 20140121
F-Secure Trojan.GenericKD.1500583 20140121
Fortinet W32/Llac.DTTH!tr 20140121
GData Trojan.GenericKD.1500583 20140121
Ikarus Trojan.Win32.Llac 20140121
K7AntiVirus Trojan ( 004937201 ) 20140120
K7GW Trojan ( 004937201 ) 20140120
Kaspersky Trojan.Win32.Llac.dtth 20140121
Kingsoft Win32.Troj.Llac.dt.(kcloud) 20130829
Malwarebytes Trojan.Downloader 20140121
McAfee RDN/Generic.bfr!fs 20140121
McAfee-GW-Edition Artemis!F79EB2C78A11 20140121
MicroWorld-eScan Trojan.GenericKD.1500583 20140121
Microsoft Worm:Win32/Rebhip.A 20140121
Norman Suspicious_Gen4.FQKCF None
Rising PE:Trojan.VBInject!1.6546 20140121
Sophos Mal/Generic-S 20140121
Symantec WS.Reputation.1 20140121
TrendMicro TROJ_GEN.R0CCC0DAH14 20140121
TrendMicro-HouseCall TROJ_GEN.R0CCC0DAH14 20140121
VBA32 TScope.Trojan.VB 20140120
VIPRE Trojan.Win32.Generic!BT 20140121
nProtect Trojan.GenericKD.1500583 20140120
Agnitum 20140120
Antiy-AVL 20140120
Bkav 20140120
ByteHero 20140117
CAT-QuickHeal 20140121
ClamAV 20140121
Commtouch 20140121
Comodo 20140121
F-Prot 20140121
Jiangmin 20140121
NANO-Antivirus 20140121
Panda 20140120
SUPERAntiSpyware 20140120
TheHacker 20140120
TotalDefense 20140120
ViRobot 20140121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher CyberLink
Product Rollneck squamula galways soothsaw
Original name Gingivec.exe
Internal name Gingivec
File version 1.07.0004
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-10 09:31:32
Entry Point 0x000012C4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(572)
Ord(617)
Ord(546)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(651)
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaStrCmp
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fprem1
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_CIcos
Ord(616)
Ord(587)
_adj_fptan
__vbaI2Var
__vbaI4Var
__vbaVarMove
Ord(646)
_CIatan
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(631)
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
__vbaStrCat
_CItan
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 13
RT_FONT 2
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.7

FileSubtype
0

FileVersionNumber
1.7.0.4

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
471040

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.07.0004

TimeStamp
2014:01:10 10:31:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Gingivec

ProductVersion
1.07.0004

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
Gingivec.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CyberLink

CodeSize
151552

ProductName
Rollneck squamula galways soothsaw

ProductVersionNumber
1.7.0.4

EntryPoint
0x12c4

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f79eb2c78a11194cde18cc7190304ec5
SHA1 4903c8ed0000e91408eb796ee313a766b0c79221
SHA256 3124fc4b6acf28cbebd8463cbf3e7279a73135e0c64b0133adc4c18188761f6e
ssdeep
12288:VUDOZZUDEK3yWQg2rZtx7QTkZuh/p8coc:V9XTKCW0rR8quhSq

File size 596.0 KB ( 610304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-14 10:34:38 UTC ( 3 months, 1 week ago )
Last submission 2014-01-21 04:57:42 UTC ( 3 months ago )
File names memo.exe
rat.exe.vir
Gingivec.exe
server.exe
vti-rescan
memo.exe?sig=-UOQWOtKPHvt4qtovtDNlK1pvMiAPnFrlDc
Gingivec
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!