× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41126f9e4b5ca6d71198217d2db9323546a6b9f60229ca54d91ebb5325bdefdd
File name: vti-rescan
Detection ratio: 14 / 57
Analysis date: 2015-02-18 08:27:26 UTC ( 4 years ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150218
AVG Luhe.Fiha.A 20150218
Avira (no cloud) TR/Crypt.ZPACK.99754 20150218
DrWeb Trojan.Siggen6.30467 20150218
ESET-NOD32 a variant of Win32/Kryptik.CYWB 20150218
GData Win32.Trojan.Agent.ARO8P6 20150218
Ikarus Trojan.Win32.Crypt 20150218
Kaspersky Trojan-Spy.Win32.Zbot.vapu 20150218
Malwarebytes Trojan.Agent.ED 20150218
McAfee-GW-Edition BehavesLike.Win32.Expiro.gc 20150218
Microsoft PWS:Win32/Zbot.gen!VM 20150218
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150218
TrendMicro TROJ_FORUCON.BME 20150218
TrendMicro-HouseCall TROJ_FORUCON.BME 20150218
Ad-Aware 20150218
AegisLab 20150218
Yandex 20150218
AhnLab-V3 20150218
Alibaba 20150218
ALYac 20150218
Antiy-AVL 20150218
AVware 20150218
Baidu-International 20150218
BitDefender 20150218
Bkav 20150213
ByteHero 20150218
CAT-QuickHeal 20150218
ClamAV 20150218
CMC 20150214
Comodo 20150218
Cyren 20150218
Emsisoft 20150218
F-Prot 20150218
F-Secure 20150218
Fortinet 20150218
Jiangmin 20150216
K7AntiVirus 20150218
K7GW 20150218
Kingsoft 20150218
McAfee 20150218
eScan 20150218
NANO-Antivirus 20150218
Norman 20150218
nProtect 20150218
Panda 20150218
Rising 20150218
Sophos AV 20150218
SUPERAntiSpyware 20150218
Symantec 20150218
Tencent 20150218
TheHacker 20150218
TotalDefense 20150218
VBA32 20150218
VIPRE 20150218
ViRobot 20150218
Zillya 20150218
Zoner 20150218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C)2009-2015 AOMEI Technology Co., Ltd.

Publisher AOMEI Technology Co., Ltd.
Product AOMEI Partition Assistant
Original name PA.exe
Internal name PA.exe
File version 5.6.3.0
Description AOMEI Partition Assistant
Comments It is a Partition Manager, which can create/delete/format, move/resize, copy/merge/split and so on to manage partitions on your hard disks more easy.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-17 14:18:29
Entry Point 0x00002BD1
Number of sections 6
PE sections
PE imports
CertFreeCertificateContext
CertCreateCertificateContext
LineTo
DeleteDC
CreateEllipticRgn
SelectObject
CreateCompatibleDC
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetWindowsDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
SetStdHandle
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
LeaveCriticalSection
Ord(24)
PathGetArgsA
UpdateWindow
BeginPaint
DefWindowProcA
ShowWindow
FillRect
GetWindowThreadProcessId
GetWindowRect
EndPaint
SetMenuItemInfoA
GetWindow
GetDC
InsertMenuItemA
ReleaseDC
GetMenu
SendMessageA
InvalidateRect
LoadAcceleratorsA
CreateWindowExA
GetTopWindow
LoadImageA
GetMenuItemInfoA
DestroyWindow
GetFileVersionInfoW
PlaySoundA
CreateStreamOnHGlobal
CoGetMalloc
Number of PE resources by type
RT_STRING 12
RT_BITMAP 12
RT_CURSOR 9
RT_ICON 7
RT_GROUP_CURSOR 4
RT_RCDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 49
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
It is a Partition Manager, which can create/delete/format, move/resize, copy/merge/split and so on to manage partitions on your hard disks more easy.

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.6.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
311296

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C)2009-2015 AOMEI Technology Co., Ltd.

FileVersion
5.6.3.0

TimeStamp
2015:02:17 15:18:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PA.exe

SubsystemVersion
5.1

ProductVersion
5.6.3.0

FileDescription
AOMEI Partition Assistant

OSVersion
5.1

OriginalFilename
PA.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AOMEI Technology Co., Ltd.

CodeSize
106496

ProductName
AOMEI Partition Assistant

ProductVersionNumber
5.6.3.0

EntryPoint
0x2bd1

ObjectFileType
Executable application

File identification
MD5 b69010d768c34b2727b6b73d47112b3e
SHA1 49b9002b54000673bf33f5e6f2b181dd3ce5ddb5
SHA256 41126f9e4b5ca6d71198217d2db9323546a6b9f60229ca54d91ebb5325bdefdd
ssdeep
12288:D+/i8nisJIm1kFCS2aCvpppTLw9okAi+Sz:D+oaImqp3CvHpE9oM+c

authentihash de1ca7be999e6bfa6c4266748015b821fd27364833cbe902471c2ac7a18c966b
imphash 7aea5b2b9217025b41ca1c5f0a4792d0
File size 409.0 KB ( 418816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 system file

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-17 16:28:54 UTC ( 4 years, 1 month ago )
Last submission 2015-02-18 08:27:26 UTC ( 4 years ago )
File names PA.exe
41126f9e4b5ca6d71198217d2db9323546a6b9f60229ca54d91ebb5325bdefdd.exe.000
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications