× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4be99fdcc05ad6d74160505b5fd1f62def038569fd1bb4ec09f6c2caba1bd074
File name: vti-rescan
Detection ratio: 29 / 54
Analysis date: 2014-09-03 21:28:54 UTC ( 6 months ago )
Antivirus Result Update
AVG Delf.ALZZ 20140903
AVware Trojan.Win32.Generic!BT 20140903
Agnitum Trojan.DelFiles!iAN25kMV1iQ 20140903
AhnLab-V3 Win-Trojan/Agent.241664.HH 20140903
Avast Win32:Malware-gen 20140903
Avira TR/Spy.241664.397 20140903
Baidu-International Trojan.Win32.DelFiles.NAX 20140903
Bkav W32.Clodc22.Trojan.3693 20140903
Comodo UnclassifiedMalware 20140903
Cyren W32/Trojan.ZDPM-6755 20140903
DrWeb Trojan.KillDisk.421 20140903
ESET-NOD32 Win32/DelFiles.NAX 20140903
Fortinet W32/INJECTO.MBF!tr 20140903
GData Win32.Trojan.Jorik.F@gen 20140903
Ikarus Trojan.Win32.Spy 20140903
McAfee Artemis!E823221609B3 20140903
McAfee-GW-Edition Artemis!Trojan 20140903
NANO-Antivirus Trojan.Win32.KillDisk.cpxvwt 20140903
Norman Suspicious_Gen5.QGAP 20140903
Panda Trj/CI.A 20140903
Rising PE:Trojan.Win32.Generic.14512A3D!340863549 20140903
Sophos Mal/Generic-S 20140903
Symantec Trojan Horse 20140903
Tencent Win32.Trojan.Killmbr.djxr 20140903
TrendMicro TROJ_KILLMBR.DF 20140903
TrendMicro-HouseCall TROJ_KILLMBR.DF 20140903
VIPRE Trojan.Win32.Generic!BT 20140903
ViRobot Trojan.Win32.S.Agent.241664.O 20140903
nProtect Trojan/W32.Agent.241664.ACQ 20140903
Ad-Aware 20140903
AegisLab 20140903
BitDefender 20140903
ByteHero 20140903
CAT-QuickHeal 20140903
CMC 20140901
ClamAV 20140903
Emsisoft 20140903
F-Prot 20140903
F-Secure 20140903
Jiangmin 20140903
K7AntiVirus 20140903
K7GW 20140903
Kaspersky 20140903
Kingsoft 20140903
Malwarebytes 20140903
MicroWorld-eScan 20140903
Microsoft 20140903
Qihoo-360 20140903
SUPERAntiSpyware 20140903
TheHacker 20140903
TotalDefense 20140903
VBA32 20140903
Zillya 20140903
Zoner 20140901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-19 23:57:06
Link date 12:57 AM 3/20/2013
Entry Point 0x00003DDD
Number of sections 4
PE sections
PE imports
CloseServiceHandle
RegOpenKeyA
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
RegSetValueExA
ControlService
StartServiceA
ChangeServiceConfig2A
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetStdHandle
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLogicalDrives
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
MoveFileA
InitializeCriticalSection
FindClose
InterlockedDecrement
SetLastError
GetSystemTime
CopyFileA
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetExitCodeProcess
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
CompareStringW
FindFirstFileA
CompareStringA
GetTempFileNameA
FindNextFileA
WaitForMultipleObjects
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
SizeofResource
LockResource
WideCharToMultiByte
GetCommandLineA
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetVersion
GetEnvironmentStrings
CreateProcessA
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
SHGetSpecialFolderPathA
PathFindExtensionA
StrStrIA
PathCombineA
PathAppendA
Number of PE resources by type
HTML_DATA 5
Number of PE resources by language
KOREAN 5
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:03:20 00:57:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
6.0

FileAccessDate
2014:03:06 11:29:52+01:00

EntryPoint
0x3ddd

InitializedDataSize
466944

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:06 11:29:52+01:00

UninitializedDataSize
0

File identification
MD5 e823221609b37e99fbbce5b493a02f68
SHA1 5161018dc06b4129d095f10760aaa4a90565c134
SHA256 4be99fdcc05ad6d74160505b5fd1f62def038569fd1bb4ec09f6c2caba1bd074
ssdeep
6144:jtsAv00nSOqoWBfEC43LZINuOB/+S1sQClPtdCQ+L1EEtdCQ:CAbVqoEfP4b7NsC5dENd

imphash 7d20c1f12b38a54c6f3b13a9d9800c16
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-03-20 18:44:00 UTC ( 1 year, 11 months ago )
Last submission 2013-03-26 16:53:58 UTC ( 1 year, 11 months ago )
File names vti-rescan
cmsvrts.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files