× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e7ff70e809b1ce584a5ab05769bf142b5561efa43e82e6bb43eb3df2faad5ff
File name: vti-rescan
Detection ratio: 46 / 53
Analysis date: 2014-09-18 16:29:40 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BBBC 20140918
Yandex Trojan.Inject!rkm0jGhjs+g 20140918
AhnLab-V3 Trojan/Win32.Inject 20140918
Antiy-AVL Trojan/Win32.Inject 20140918
Avast Win32:Zbot-SEX [Trj] 20140918
AVG Zbot.EKT 20140918
Avira (no cloud) TR/Inject.rsjg 20140918
AVware Trojan.Win32.Generic!BT 20140918
Baidu-International Trojan.Win32.Inject.Av 20140918
BitDefender Trojan.Agent.BBBC 20140918
Bkav HW32.Paked.F874 20140918
ByteHero Virus.Win32.Heur.p 20140918
CAT-QuickHeal Trojan.Inject.r3 20140918
Comodo TrojWare.Win32.Inject.GVYJ 20140918
Cyren W32/Trojan.XJQS-5987 20140918
DrWeb Trojan.Siggen6.18928 20140918
Emsisoft Trojan.Agent.BBBC (B) 20140918
ESET-NOD32 a variant of Win32/Injector.ATLQ 20140918
F-Prot W32/Trojan2.OBVQ 20140918
F-Secure Trojan.Agent.BBBC 20140918
Fortinet W32/Injector.AUHG!tr 20140918
GData Trojan.Agent.BBBC 20140918
Ikarus Trojan.Win32.Inject 20140918
Jiangmin Trojan/Inject.bcbk 20140917
K7AntiVirus Trojan ( 004916661 ) 20140918
K7GW Trojan ( 004916661 ) 20140918
Kaspersky Trojan.Win32.Inject.gvsp 20140918
Kingsoft Win32.Troj.Inject.gv.(kcloud) 20140918
Malwarebytes Trojan.LVBP 20140918
McAfee Trojan-FDIP!C2AD7E039480 20140918
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20140917
Microsoft Trojan:Win32/Dynamer 20140918
eScan Trojan.Agent.BBBC 20140918
NANO-Antivirus Trojan.Win32.Inject.cqyqwd 20140918
Norman Troj_Generic.RQVEG 20140918
nProtect Trojan.Agent.BBBC 20140918
Panda Trj/CI.A 20140918
Qihoo-360 HEUR/Malware.QVM03.Gen 20140918
Sophos Mal/Generic-S 20140918
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20140918
Symantec Trojan.Zbot 20140918
TheHacker Trojan/Injector.atlq 20140917
VBA32 Trojan.Inject 20140918
VIPRE Trojan.Win32.Generic!BT 20140918
Zillya Trojan.Inject.Win32.64984 20140917
Zoner Trojan.Boaxxe.BE 20140916
AegisLab 20140918
ClamAV 20140918
CMC 20140918
Rising 20140918
Tencent 20140918
TrendMicro-HouseCall 20140918
ViRobot 20140918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Flash
Product Flash game you run forward as an alien in outer space. You can run and jump on the floor, walls, and even the ceiling.
Original name MN741AQ_IJ08.exe
Internal name MN741AQ_IJ08
File version 1.00.0124
Comments Flash game you run forward as an alien in outer space. You can run and jump on the floor, walls, and even the ceiling.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-12 19:14:00
Entry Point 0x000018F0
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaForEachCollObj
_adj_fdiv_r
__vbaObjSetAddref
__vbaFixstrConstruct
Ord(100)
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaAryCopy
__vbaFreeStr
__vbaLateIdCallLd
__vbaStrI4
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaLenBstr
Ord(617)
__vbaCheckType
__vbaStrToUnicode
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaFileOpen
Ord(711)
__vbaAryLock
EVENT_SINK_Release
Ord(610)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaLsetFixstr
Ord(570)
__vbaErase
__vbaVarLateMemSt
__vbaFreeObjList
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaVarSub
Ord(660)
_CIcos
__vbaNew2
__vbaLateIdSt
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaLenVar
__vbaLateMemSt
_adj_fpatan
Ord(712)
__vbaObjIs
Ord(612)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
_adj_fdiv_m64
__vbaCastObjVar
EVENT_SINK_AddRef
__vbaNextEachCollObj
_CIsin
_CIsqrt
__vbaVarCopy
__vbaStrCopy
_CIatan
__vbaVarDiv
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
Ord(598)
Number of PE resources by type
Struct(0) 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Flash game you run forward as an alien in outer space. You can run and jump on the floor, walls, and even the ceiling.

InitializedDataSize
12288

ImageVersion
1.0

FileVersionNumber
1.0.0.124

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

yourunforwardasanalieninouterspaceYoucanrunandjumponthefloorwallsandeventheceiling
ProductName

LinkerVersion
6.0

Tag00124
<InternalName

shgameyourunforwardasanalieninouterspaceYoucanrunandjumponthefloorwallsandeventheceiling
4FileVersion

MIMEType
application/octet-stream

TimeStamp
2013:12:12 20:14:00+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:12:17 09:01:17+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2013:12:17 09:01:17+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Flash

CodeSize
53248

FileSubtype
0

ProductVersionNumber
1.0.0.124

EntryPoint
0x18f0

ObjectFileType
Executable application

Tag41AQ_IJ08
L"OriginalFilename

File identification
MD5 c2ad7e039480e7ebba6224378d734749
SHA1 7ef95a1022d0ce146751637a057e0678a4fd62a6
SHA256 3e7ff70e809b1ce584a5ab05769bf142b5561efa43e82e6bb43eb3df2faad5ff
ssdeep
6144:hgBqMutzZElC0TQLaqdQaK0NUpskYfG2c/1bT6jLCAYU8I:NMuf+AWaK0CskYfG2c/1CvCPC

authentihash b2fefbc4e967351f275017b107b305b62dcab72e7ef10970f080b0f823fba8bc
imphash 44eb6bf935f4744faa411b43b9dbdd36
File size 288.9 KB ( 295882 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-17 07:57:45 UTC ( 3 years, 3 months ago )
Last submission 2014-09-18 16:29:40 UTC ( 2 years, 6 months ago )
File names MN741AQ_IJ08.exe
vti-rescan
MN741AQ_IJ08
vt-upload-F9N8B
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.