× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36d8683a481a08bfe1ea58fc8dcd6c75df586d3f11b598324f8e652f39f5d9b2
File name: YCW2w5Ez.scr
Detection ratio: 11 / 55
Analysis date: 2016-02-18 15:30:16 UTC ( 3 years ago ) View latest
Antivirus Result Update
AegisLab Suspicious.Cloud.7!c 20160218
Avast Win32:Malware-gen 20160218
Avira (no cloud) TR/Crypt.Xpack.406145 20160218
ESET-NOD32 a variant of Generik.JTTNNLH 20160218
Kaspersky UDS:DangerousObject.Multi.Generic 20160218
McAfee Artemis!8FF1738486C8 20160218
McAfee-GW-Edition BehavesLike.Win32.Suspect.ch 20160218
Qihoo-360 QVM19.1.Malware.Gen 20160218
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160218
Symantec Suspicious.Cloud.7.F 20160217
Tencent Win32.Trojan.Inject.Auto 20160218
Ad-Aware 20160218
Yandex 20160217
AhnLab-V3 20160218
Alibaba 20160218
ALYac 20160218
Antiy-AVL 20160218
Arcabit 20160218
AVG 20160218
AVware 20160218
Baidu-International 20160218
BitDefender 20160218
Bkav 20160218
ByteHero 20160218
CAT-QuickHeal 20160218
ClamAV 20160217
CMC 20160216
Comodo 20160218
Cyren 20160218
DrWeb 20160218
Emsisoft 20160218
F-Prot 20160218
F-Secure 20160218
Fortinet 20160218
GData 20160218
Ikarus 20160218
Jiangmin 20160218
K7AntiVirus 20160218
K7GW 20160218
Malwarebytes 20160218
Microsoft 20160218
eScan 20160218
NANO-Antivirus 20160218
nProtect 20160218
Panda 20160217
Sophos AV 20160218
SUPERAntiSpyware 20160218
TheHacker 20160217
TrendMicro 20160218
TrendMicro-HouseCall 20160218
VBA32 20160218
VIPRE 20160218
ViRobot 20160218
Zillya 20160218
Zoner 20160218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Rastapi.dll
Internal name Rastapi.dll
File version 5.1.2600.5512 (xpsp.080413-0852)
Description Remote Access TAPI Compliance Layer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 01:08:16
Entry Point 0x00023730
Number of sections 10
PE sections
PE imports
SetBkColor
SaveDC
GetPrivateProfileSectionNamesA
ReplaceFileA
CreateFiberEx
FileTimeToDosDateTime
GetPrivateProfileStructA
SetSystemTime
InterlockedPopEntrySList
GetOverlappedResult
DeactivateActCtx
DeleteFiber
LockResource
GetDriveTypeA
Thread32Next
HeapDestroy
SetFileTime
GetOEMCP
GetHandleInformation
ScrollConsoleScreenBufferW
GetFileAttributesW
SetInformationJobObject
GetPrivateProfileStructW
GetProcessId
FreeEnvironmentStringsA
CreatePipe
GetUserGeoID
SetComputerNameW
OpenFileMappingW
CommConfigDialogW
SetFileAttributesA
SetTimeZoneInformation
WriteConsoleOutputAttribute
Module32First
IsValidLanguageGroup
VerifyVersionInfoA
IsProcessInJob
RequestWakeupLatency
FreeEnvironmentStringsW
SizeofResource
lstrcatW
GetThreadContext
CommConfigDialogA
GetLocaleInfoW
WaitCommEvent
EnumResourceLanguagesW
IsDBCSLeadByteEx
FindResourceExA
CheckRemoteDebuggerPresent
lstrcmpiA
GetStringTypeA
WriteConsoleOutputA
GetDiskFreeSpaceW
WriteConsoleOutputW
SetThreadPriorityBoost
FindResourceExW
FindNextVolumeMountPointW
SetDefaultCommConfigW
SetConsoleCursorInfo
GetThreadTimes
Thread32First
HeapReAlloc
GetStringTypeW
HeapWalk
ResumeThread
EnumDateFormatsW
GetExitCodeProcess
QueryDosDeviceA
HeapLock
ConnectNamedPipe
SetConsoleWindowInfo
WaitNamedPipeA
FreeLibraryAndExitThread
GetEnvironmentVariableA
OutputDebugStringW
lstrcatA
VerLanguageNameA
FatalExit
GlobalLock
WriteFileGather
TlsGetValue
QueryDosDeviceW
GetProfileIntA
EnumDateFormatsA
OutputDebugStringA
SetLocaleInfoW
GetEnvironmentVariableW
VerifyVersionInfoW
SetConsoleTextAttribute
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
GetWriteWatch
SystemTimeToFileTime
GetNamedPipeInfo
GetConsoleSelectionInfo
OpenEventW
CancelTimerQueueTimer
GetLargestConsoleWindowSize
GetNumberOfConsoleInputEvents
ExitProcess
ReadConsoleInputW
Heap32ListFirst
RemoveVectoredExceptionHandler
FlushViewOfFile
SetConsoleScreenBufferSize
QueueUserAPC
GetSystemDefaultLangID
FatalAppExitW
LoadLibraryExA
CreateActCtxW
SetThreadPriority
WriteProfileStringA
GetCalendarInfoW
WritePrivateProfileSectionW
CreateActCtxA
GetVolumeInformationW
LoadLibraryExW
TerminateJobObject
SetFilePointerEx
WritePrivateProfileSectionA
GetCalendarInfoA
GetSystemPowerStatus
FlushInstructionCache
GetVolumePathNamesForVolumeNameW
CreateMutexA
GetModuleHandleA
SetFileAttributesW
PurgeComm
GetTapeParameters
WriteConsoleA
GetSystemDefaultUILanguage
TlsSetValue
DebugSetProcessKillOnExit
SetNamedPipeHandleState
CreateDirectoryExA
ConvertDefaultLocale
GetConsoleDisplayMode
EnumSystemLanguageGroupsW
GetFileInformationByHandle
ExitThread
MoveFileExA
SetupComm
SetEnvironmentVariableA
WaitForMultipleObjectsEx
GetDiskFreeSpaceExA
FindCloseChangeNotification
ConvertThreadToFiber
SetConsoleCP
GetCommState
DebugActiveProcess
GetConsoleMode
FindAtomA
GetProcessPriorityBoost
ReadConsoleW
WriteProcessMemory
OpenSemaphoreW
AddRefActCtx
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
PeekNamedPipe
OpenEventA
TerminateThread
lstrcpynA
FillConsoleOutputCharacterA
RequestDeviceWakeup
FindVolumeClose
CreateMailslotW
FreeLibrary
GetSystemWow64DirectoryA
IsBadWritePtr
GetSystemTimes
VirtualProtect
CreateMailslotA
GlobalUnfix
EndUpdateResourceA
WaitForSingleObjectEx
WriteConsoleInputW
IsValidLocale
CreateRemoteThread
ConvertFiberToThread
GetStartupInfoA
GetProcessIoCounters
FlushConsoleInputBuffer
lstrlenA
SetCommBreak
GetTimeZoneInformation
Process32First
GetDateFormatW
DeleteFileA
GetWindowsDirectoryA
GetCommProperties
SetCommMask
SetThreadExecutionState
Process32FirstW
UpdateResourceW
BackupWrite
GetFullPathNameA
GetProcAddress
GetConsoleScreenBufferInfo
AddAtomW
SetSystemTimeAdjustment
GetProcessHeap
GetComputerNameExA
CreateWaitableTimerW
EnumResourceNamesW
CompareStringW
lstrcpyW
VirtualProtectEx
WaitNamedPipeW
GlobalReAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindFirstFileA
GlobalFix
SetVolumeMountPointW
lstrcpyA
CreateMemoryResourceNotification
GetTimeFormatA
QueryInformationJobObject
FindFirstFileW
GlobalMemoryStatus
Module32FirstW
ExpandEnvironmentStringsA
EscapeCommFunction
SetEvent
GetPrivateProfileSectionW
SetComputerNameA
GetNamedPipeHandleStateW
GetTempPathW
SetTapePosition
CreateEventW
SetCommConfig
GetConsoleWindow
CreateEventA
IsDebuggerPresent
WriteProfileSectionW
GetFileType
GetPrivateProfileSectionA
CreateFileA
HeapAlloc
GetCurrencyFormatW
FindFirstVolumeW
InterlockedIncrement
GetTempFileNameW
GlobalGetAtomNameW
LCMapStringW
LocalReAlloc
DosDateTimeToFileTime
CreateFileMappingW
SetComputerNameExA
GetSystemInfo
LocalFileTimeToFileTime
GlobalFree
GetConsoleCP
GetDefaultCommConfigW
VirtualAllocEx
AssignProcessToJobObject
GetDevicePowerState
CreateNamedPipeA
FindFirstChangeNotificationW
HeapCompact
CancelWaitableTimer
InterlockedFlushSList
GetCPInfoExW
GetEnvironmentStrings
CompareFileTime
VirtualFreeEx
GetCurrentProcessId
CopyFileExA
ChangeTimerQueueTimer
GetConsoleTitleW
GetCompressedFileSizeW
HeapQueryInformation
GetCurrentDirectoryA
RegisterWaitForSingleObject
BackupRead
GetCompressedFileSizeA
CopyFileExW
WaitForDebugEvent
CancelIo
EnumSystemCodePagesW
EnumResourceTypesA
DecodeSystemPointer
Heap32ListNext
QueryPerformanceFrequency
ReleaseSemaphore
GetDiskFreeSpaceExW
GetGeoInfoA
DeleteVolumeMountPointW
OpenFile
LeaveCriticalSection
ReadConsoleOutputCharacterW
PulseEvent
CloseHandle
EnumResourceTypesW
PeekConsoleInputA
GetPrivateProfileIntW
SetLocalTime
GetCommConfig
CreateConsoleScreenBuffer
GetGeoInfoW
BindIoCompletionCallback
OpenWaitableTimerA
IsBadStringPtrW
GetFileAttributesExW
GetDefaultCommConfigA
ReadConsoleOutputCharacterA
GetProcessHandleCount
GetCurrentDirectoryW
ResetWriteWatch
FindResourceW
VirtualQuery
WaitForMultipleObjects
Sleep
IsBadCodePtr
EnumResourceNamesA
SetComputerNameExW
FindResourceA
DnsHostnameToComputerNameA
MprInfoBlockRemove
MprConfigInterfaceTransportSetInfo
MprConfigInterfaceSetInfo
MprAdminTransportGetInfo
MprAdminServerConnect
MprAdminInterfaceUpdatePhonebookInfo
MprAdminConnectionClearStats
MprInfoBlockSet
MprAdminUserSetInfo
MprConfigInterfaceCreate
VarR4FromDec
VarUI2FromI4
VarUI1FromCy
VarR8FromBool
VarCyFromI1
VarR4FromCy
VarCyFromUI2
ExtractAssociatedIconExW
DuplicateIcon
SHGetNewLinkInfoA
DragQueryPoint
SHInvokePrinterCommandA
SHAppBarMessage
ExtractIconW
Shell_NotifyIconW
wnsprintfW
DrawEdge
RegisterWindowMessageW
SetWindowLongW
GetThreadDesktop
MoveWindow
IsWindowEnabled
GetProcessWindowStation
ReleaseDC
SetWindowTextA
SendMessageW
CreateMDIWindowW
GetLastActivePopup
wsprintfA
LoadStringW
ScreenToClient
PostMessageW
AnimateWindow
GetWindowLongA
FindWindowExA
GetWindowTextW
IsCharUpperW
TabbedTextOutW
wsprintfW
SetCursor
rename
rand
malloc
_lock
fgetc
fread
mbtowc
iswalnum
fwprintf
fprintf
getwc
fflush
fopen
wcstod
getchar
fputc
clearerr
puts
strtok
fwrite
getc
fsetpos
fputs
wcsftime
_unlock
iswcntrl
free
_onexit
vfprintf
wscanf
atof
perror
fputws
iswpunct
fgetwc
__dllonexit
fgetws
freopen
ungetc
strftime
strtoul
wcstoul
memset
toupper
isdigit
VerSetConditionMask
qsort
wcscmp
isalpha
wcsncat
sprintf
mbstowcs
isspace
strcspn
atoi
atol
wcsspn
wcstombs
iscntrl
strspn
bsearch
iswspace
islower
isupper
strcmp
PdhGetRawCounterValue
PdhCloseQuery
PdhOpenQueryA
PdhAddCounterA
PdhEnumObjectsA
PdhMakeCounterPathW
PdhParseCounterPathA
PdhGetFormattedCounterArrayW
PdhRemoveCounter
PdhGetCounterTimeBase
RevokeFormatEnumerator
GetClassURL
GetComponentIDFromCLSSPEC
CreateURLMonikerEx
CoInternetCompareUrl
CreateURLMoniker
GetClassFileOrMime
UrlMkSetSessionOption
CoInternetCombineUrl
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.17

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
8192

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
42753

EntryPoint
0x23730

OriginalFileName
Rastapi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
1970:01:01 02:08:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rastapi.dll

ProductVersion
5.1.2600.5512

FileDescription
Remote Access TAPI Compliance Layer

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
57344

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8ff1738486c81edd15cadc2773f31298
SHA1 faa88577a7b98059ec6fadbabff5da1d2353d180
SHA256 36d8683a481a08bfe1ea58fc8dcd6c75df586d3f11b598324f8e652f39f5d9b2
ssdeep
3072:HYeknrTcZiEjzjn0VzW4q/dK5y610i/VSPlEXe6gYI+6y:Hs/cZiqUVzlg+z9gi

authentihash ec29313a294bb70890b5cfd07f8077bdaaac3a7ae9ae36376423fbd0847dfca7
imphash 515fc79d8fb95aea994009a37f6eafb3
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-18 09:54:40 UTC ( 3 years ago )
Last submission 2016-02-24 06:17:13 UTC ( 2 years, 11 months ago )
File names notepad.exe
notepad_exe
8ff1738486c81edd15cadc2773f31298_notepad.exe
YCW2w5Ez.scr
notepad.exe
Rastapi.dll
notepad-2.exe
notepad.exe
notepad.exe
notepad.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!