× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43821d5ee7fd0ee6a27fa7d7ea98b67866a3b3fb686ab3f02a370d934fefb349
File name: vti-rescan
Detection ratio: 22 / 56
Analysis date: 2016-03-04 10:20:05 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3081148 20160304
AegisLab Uds.Dangerousobject.Multi!c 20160304
ALYac Spyware.Banker.Dridex 20160304
Arcabit Trojan.Generic.D2F03BC 20160304
Avira (no cloud) TR/Crypt.EPACK.25187 20160304
AVware Trojan.Win32.Generic!BT 20160304
BitDefender Trojan.GenericKD.3081148 20160304
ESET-NOD32 a variant of Win32/Kryptik.EQBL 20160304
F-Secure Trojan.GenericKD.3081148 20160304
GData Trojan.GenericKD.3081148 20160304
Kaspersky Backdoor.Win32.Cridex.dl 20160304
McAfee Artemis!DCF982441ADA 20160304
McAfee-GW-Edition Artemis!Trojan 20160304
eScan Trojan.GenericKD.3081148 20160304
nProtect Trojan.GenericKD.3081487 20160304
Panda Generic Suspicious 20160303
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20160304
Sophos AV Troj/Dridex-QW 20160304
Tencent Win32.Trojan.Kryptik.Wwof 20160304
TrendMicro TSPY_DRIDEX.DQ 20160304
TrendMicro-HouseCall TSPY_DRIDEX.DQ 20160304
VIPRE Trojan.Win32.Generic!BT 20160304
Yandex 20160303
AhnLab-V3 20160303
Alibaba 20160304
Antiy-AVL 20160304
Avast 20160304
AVG 20160304
Baidu-International 20160303
Bkav 20160303
ByteHero 20160304
CAT-QuickHeal 20160304
ClamAV 20160304
CMC 20160303
Comodo 20160304
Cyren 20160304
DrWeb 20160304
Emsisoft 20160229
F-Prot 20160304
Fortinet 20160304
Ikarus 20160304
Jiangmin 20160304
K7AntiVirus 20160304
K7GW 20160304
Malwarebytes 20160304
Microsoft 20160304
NANO-Antivirus 20160304
Rising 20160302
SUPERAntiSpyware 20160304
Symantec 20160303
TheHacker 20160302
TotalDefense 20160303
VBA32 20160303
ViRobot 20160304
Zillya 20160303
Zoner 20160304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Make Money Soft Security Trademark R

Product Make Honey Soft Security
Original name honey.exe
Internal name Make Honey Soft
File version 1.0
Description Make Honey Soft Security
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-03 10:47:23
Entry Point 0x00019F7C
Number of sections 4
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetDateFormatA
GetProcessHeap
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
GetConsoleMode
SetConsoleCtrlHandler
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
TlsFree
GetCurrentThread
LeaveCriticalSection
CompareStringW
RaiseException
InitializeCriticalSection
WideCharToMultiByte
GetTimeFormatA
GetStringTypeA
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
SetEnvironmentVariableA
FreeLibrary
IsDebuggerPresent
TerminateProcess
CreateEventW
GetTimeZoneInformation
HeapCreate
VirtualFree
FatalAppExitA
GetEnvironmentStringsW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetLocaleInfoW
VirtualAlloc
SetLastError
InterlockedIncrement
SHDeleteValueA
OleUninitialize
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
RevokeDragDrop
OleRun
CoGetClassObject
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
32768

ImageVersion
0.0

ProductName
Make Honey Soft Security

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
7.1

FileTypeExtension
exe

OriginalFileName
honey.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2016:03:03 11:47:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Make Honey Soft

ProductVersion
1, 0

FileDescription
Make Honey Soft Security

OSVersion
4.0

FileOS
Win32

LegalCopyright
Make Money Soft Security Trademark R

MachineType
Intel 386 or later, and compatibles

CompanyName
Make Honey Soft Security

CodeSize
188416

FileSubtype
0

ProductVersionNumber
1.9.0.0

EntryPoint
0x19f7c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 dcf982441adacaeee363a4da819afe7c
SHA1 836c04c620a2323776b0ebce8841c18894f8df0d
SHA256 43821d5ee7fd0ee6a27fa7d7ea98b67866a3b3fb686ab3f02a370d934fefb349
ssdeep
3072:ck924TIhLw+nkBFpRcoZ7BQOhgLiEvNXVFlnk7WJ3XeeFxqJZNt:cxsMbnkhuW7BhKV9ZJaN

authentihash 791adc405f2f5ead3d00a9379dcd52d4d77bf375cdc9b0c3014f103919c78c57
imphash bf5364020676a0aee5fb6371ab54b129
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-03 13:42:41 UTC ( 3 years ago )
Last submission 2018-05-05 14:21:33 UTC ( 10 months, 3 weeks ago )
File names honey.exe
C__DOCUME~1_ADMINI~1_LOCALS~1_Temp_rukinogi64.exex
honey.exe
honey.exe
honey.exe
rukinogi64.exe
honey.exe
honey.exe
55e98064a9b32a3aefae1f0d8b26cfcd966d0111
honey.exe
Make Honey Soft
98yh87b564f.exe
98yh87b564f.exe
honey.exe
dcf982441adacaeee363a4da819afe7c.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications