× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4eb9799a2c4febffb81260abb889c909b4eaa28344a4e708d2b3231985311ec3
File name: vti-rescan
Detection ratio: 19 / 45
Analysis date: 2012-12-27 06:42:50 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AntiVir TR/FakeAV.92.104 20121226
Avast Win32:FakeAV-EEX [Trj] 20121227
AVG Win32/Cryptor 20121226
BitDefender Gen:Variant.FakeAV.92 20121227
ESET-NOD32 a variant of Win32/Injector.YYR 20121226
F-Secure Gen:Variant.FakeAV.92 20121227
Fortinet W32/Injector.YYR 20121227
GData Gen:Variant.FakeAV.92 20121227
Ikarus Trojan.SuspectCRC 20121227
K7AntiVirus Trojan 20121226
Kaspersky Trojan-Dropper.Win32.Injector.gigl 20121227
McAfee Artemis!519ED597B22D 20121227
McAfee-GW-Edition Artemis!519ED597B22D 20121226
eScan Gen:Variant.FakeAV.92 20121227
nProtect Trojan-Dropper/W32.Injector.15582988 20121226
Panda Trj/CI.A 20121226
TrendMicro-HouseCall TROJ_GEN.R47B1LM 20121227
VBA32 Trojan-Dropper.Injector.gigl 20121226
VIPRE Trojan.Win32.Generic!BT 20121227
Yandex 20121226
AhnLab-V3 20121226
Antiy-AVL 20121226
ByteHero 20121226
CAT-QuickHeal 20121227
Commtouch 20121227
Comodo 20121227
DrWeb 20121227
Emsisoft 20121227
eSafe 20121226
F-Prot 20121226
Jiangmin 20121221
Kingsoft 20121225
Malwarebytes 20121227
Microsoft 20121227
NANO-Antivirus 20121227
Norman 20121226
PCTools 20121227
Rising 20121227
Sophos AV 20121227
SUPERAntiSpyware 20121227
Symantec 20121227
TheHacker 20121226
TotalDefense 20121226
TrendMicro 20121227
ViRobot 20121227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright Mega Batteries Expertise

Product NetworkPolicyServerStereo
Original name NetworkPolicyServerStereo.exe
Internal name NetworkPolicyServerStereo
File version 8.14.5.8
Description NetworkPolicyServerStereo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-06-26 14:57:38
Entry Point 0x00041D50
Number of sections 4
PE sections
Overlays
MD5 761063efb18bdc05587080f220b2364c
File type ASCII text
Offset 3420160
Size 12162828
Entropy 0.00
PE imports
GetDeviceCaps
TranslateCharsetInfo
LineTo
ExtTextOutW
GetPixel
GetTextExtentPoint32A
CreateFontA
CreatePalette
TextOutA
CreateFontIndirectA
UnrealizeObject
UpdateColors
SetPaletteEntries
SetTextAlign
CreateCompatibleDC
DeleteObject
MoveToEx
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
VerifyVersionInfoW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FormatMessageW
InitializeCriticalSection
TlsGetValue
SetLastError
GetModuleFileNameW
SetConsoleActiveScreenBuffer
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateSemaphoreW
TerminateProcess
VirtualQuery
GetCurrentThreadId
SleepEx
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetProcAddress
CompareStringW
WriteFile
GetBinaryTypeW
FindFirstFileA
CompareStringA
GetBinaryTypeA
EscapeCommFunction
GetPrivateProfileSectionW
LocalSize
GetCurrencyFormatA
GetFileType
TlsSetValue
ExitProcess
GetCurrencyFormatW
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
SetConsoleMode
GetSystemInfo
LCMapStringA
GetEnvironmentStringsW
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
SetCommBreak
CloseHandle
GetACP
IsBadStringPtrW
HeapCreate
OpenSemaphoreA
VirtualFree
Sleep
IsBadReadPtr
IsBadStringPtrA
GetProcessVersion
VirtualAlloc
CommandLineToArgvW
GetMessageA
SetWindowPlacement
GetCapture
KillTimer
GetClipboardOwner
ShowWindow
MessageBeep
SetClassLongA
SetWindowPos
SendDlgItemMessageA
AppendMenuA
GetWindowRect
EnableWindow
RegisterClipboardFormatA
PostMessageA
MoveWindow
PeekMessageA
CloseClipboard
GetMessageTime
DestroyCaret
SetActiveWindow
SetScrollInfo
SetClipboardData
SendMessageA
SetForegroundWindow
CreateDialogParamA
WinHelpA
IsIconic
RegisterClassA
InvalidateRect
SetTimer
LoadIconA
GetKeyboardLayout
ShowCursor
CheckDlgButton
MsgWaitForMultipleObjects
GetWindowTextA
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.8.9.4

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
2936832

EntryPoint
0x41d50

OriginalFileName
NetworkPolicyServerStereo.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Mega Batteries Expertise

FileVersion
8.14.5.8

TimeStamp
2007:06:26 15:57:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NetworkPolicyServerStereo

ProductVersion
8.14.5.8

FileDescription
NetworkPolicyServerStereo

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mega Batteries Expertise

CodeSize
487424

ProductName
NetworkPolicyServerStereo

ProductVersionNumber
9.4.2.6

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 519ed597b22d46ef8029c0720206e9d5
SHA1 a0ef3c79c9a3dc29dc26b81f68ab05e25f561aa0
SHA256 4eb9799a2c4febffb81260abb889c909b4eaa28344a4e708d2b3231985311ec3
ssdeep
49152:u3Q2ExepwtW4Hhb09GAEeGcLNjTlbwX6WUaWtugzMu/3c31jw5:uA2fpwtWIh81GAJ6DMsguc

authentihash e24cb6998a3a075cbf28df90fabfd35dbc75c12f0892d9f6e4be74f817285263
imphash 61993e1a6159ac2630466f17896c4404
File size 14.9 MB ( 15582988 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.9%)
Win32 Executable MS Visual C++ (generic) (27.0%)
Win64 Executable (generic) (23.9%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-12-01 03:21:56 UTC ( 5 years, 7 months ago )
Last submission 2016-03-28 07:16:48 UTC ( 2 years, 3 months ago )
File names NetworkPolicyServerStereo.exe
UEStudio.v12.20.0.1002.Incl.Keygen-MESMERiZE.exe
UEStudio.v12.20.0.1002.Incl.Keygen-MESMERiZE.exe_
vti-rescan
UEStudio.v12.20.0.1002.Incl.Keygen-MESMERiZE.exe
UEStudio.v12.20.0.1002.Incl.Keygen-MESMERiZE.exe
NetworkPolicyServerStereo
a0ef3c79c9a3dc29dc26b81f68ab05e25f561aa0_UEStudio.v12.20.0.1002.Incl.Keygen-MESMERiZE.ex
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DBO16.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications