× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 32a107cefbc1f6a5cd194a638b8d625e420eba2a6b866d509684192edb7c561a
File name: vti-rescan
Detection ratio: 37 / 57
Analysis date: 2015-03-06 07:43:15 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.33419 20150306
AVG Worm/Pakes.BMD 20150306
AVware Trojan.Win32.Encpk.akva (v) 20150306
Ad-Aware Gen:Variant.Symmi.33419 20150306
Agnitum Trojan.Caphaw!FGpLil4g2W0 20150228
AhnLab-V3 Trojan/Win32.Foreign 20150306
Avast Win32:Crypt-QUS [Trj] 20150306
Avira TR/Crypt.ZPACK.Gen8 20150306
Baidu-International Trojan.Win32.Caphaw.I 20150306
BitDefender Gen:Variant.Symmi.33419 20150306
Comodo UnclassifiedMalware 20150306
DrWeb BackDoor.Caphaw.2 20150306
ESET-NOD32 Win32/Caphaw.I 20150306
Emsisoft Gen:Variant.Symmi.33419 (B) 20150306
F-Secure Gen:Variant.Symmi.33419 20150306
Fortinet W32/BackDoor.FBFT!tr 20150306
GData Gen:Variant.Symmi.33419 20150306
Ikarus Trojan.Agent4 20150306
K7AntiVirus Trojan ( 001d712b1 ) 20150306
K7GW Trojan ( 001d712b1 ) 20150306
Kaspersky HEUR:Trojan.Win32.Generic 20150306
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150306
Malwarebytes Trojan.Crypt 20150306
McAfee BackDoor-FBFT!0746C48F0195 20150306
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fm 20150306
MicroWorld-eScan Gen:Variant.Symmi.33419 20150306
Microsoft Backdoor:Win32/Caphaw.AG 20150306
Norman FakeAV.CPDJ 20150306
Panda Generic Malware 20150306
Qihoo-360 HEUR/Malware.QVM20.Gen 20150306
Sophos Mal/EncPk-AKV 20150306
Symantec Trojan.Shylock 20150306
Tencent Win32.Trojan.Generic.Eeo 20150306
TheHacker Trojan/Caphaw.i 20150306
TrendMicro BKDR_CAPHAW.G 20150306
TrendMicro-HouseCall BKDR_CAPHAW.G 20150306
VIPRE Trojan.Win32.Encpk.akva (v) 20150306
AegisLab 20150306
Alibaba 20150306
Antiy-AVL 20150306
Bkav 20150305
ByteHero 20150306
CAT-QuickHeal 20150306
CMC 20150304
ClamAV 20150306
Cyren 20150306
F-Prot 20150306
Jiangmin 20150306
NANO-Antivirus 20150306
Rising 20150305
SUPERAntiSpyware 20150306
TotalDefense 20150306
VBA32 20150305
ViRobot 20150306
Zillya 20150305
Zoner 20150306
nProtect 20150306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-05 11:59:21
Link date 12:59 PM 9/5/2013
Entry Point 0x00006450
Number of sections 5
PE sections
PE imports
GetTextExtentPoint32A
TextOutA
GetTextMetricsA
SetBkColor
GetCharWidth32A
SetTextColor
GetLastError
HeapFree
GetStdHandle
LCMapStringW
TerminateThread
GlobalFree
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
HeapAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
VirtualQuery
RtlUnwind
GetModuleFileNameA
GetACP
GetStartupInfoA
SetThreadPriority
GetCurrentProcessId
OpenProcess
GetCurrentDirectoryA
ExitProcess
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
GetSystemInfo
GetProcessHeap
SetStdHandle
SetFilePointer
CreateThread
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetComputerNameA
ExitThread
HeapReAlloc
GetStringTypeW
SetPriorityClass
TerminateProcess
LCMapStringA
WideCharToMultiByte
GlobalAlloc
VirtualFree
Sleep
GetLocaleInfoA
GetProcessVersion
GetTickCount
GetCurrentThreadId
VirtualAlloc
SetLastError
ReleaseDC
GetSystemMetrics
ShowCaret
DrawTextA
UnregisterHotKey
EndPaint
BeginPaint
HideCaret
SetCaretPos
GetDesktopWindow
MessageBoxA
wsprintfA
PostQuitMessage
DefWindowProcA
SendMessageA
MessageBeep
DestroyCaret
GetDC
GetKeyState
timeBeginPeriod
SCardAccessStartedEvent
Number of PE resources by type
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:09:05 12:59:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
102400

LinkerVersion
8.0

EntryPoint
0x6450

InitializedDataSize
278528

SubsystemVersion
4.0

ImageVersion
8.37

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0746c48f0195240b2ec6ea6621511597
SHA1 929edfb9f5bb666479247f3951b6c9c530b0225d
SHA256 32a107cefbc1f6a5cd194a638b8d625e420eba2a6b866d509684192edb7c561a
ssdeep
6144:w4Cpii2x3yuatzUZDyBg+kFT2htG4M2geqIt8V9tZoIT8:Dx3yualZSTktG4M2gB9fv

authentihash bff25f65df69d6010484942e50b2d54c043c30f3ccf90287f4bf2440e6edf726
imphash 6a5ec83753dff0f98e88657a636fa996
File size 376.0 KB ( 385024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-06 07:32:35 UTC ( 1 year, 10 months ago )
Last submission 2013-09-24 19:30:19 UTC ( 1 year, 10 months ago )
File names vt_15322140.@
vti-rescan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications