× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f037fb68270b63b998ae501e087fa30190cda5c47cafd3b5c50ef3d09fea95b
File name: vti-rescan
Detection ratio: 28 / 50
Analysis date: 2014-03-10 19:22:40 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1594735 20140310
Agnitum Trojan.Inject!SMbBrIq0+BQ 20140310
Antiy-AVL Trojan/Win32.Inject 20140310
Baidu-International Trojan.Win32.Inject.AJ 20140310
BitDefender Trojan.GenericKD.1594735 20140310
ESET-NOD32 a variant of Win32/Injector.AZAR 20140310
Emsisoft Trojan.GenericKD.1594735 (B) 20140310
F-Secure Trojan:W32/Agent.DUTJ 20140310
Fortinet W32/Inject.ISOO!tr 20140310
GData Trojan.GenericKD.1594735 20140310
Ikarus Trojan.SuspectCRC 20140310
K7AntiVirus Trojan ( 0049632d1 ) 20140310
K7GW Trojan ( 0049632d1 ) 20140310
Kaspersky Trojan.Win32.Inject.isoo 20140310
Kingsoft Win32.Troj.Inject.is.(kcloud) 20140310
McAfee Artemis!120B6F1EEC89 20140310
McAfee-GW-Edition Artemis!120B6F1EEC89 20140310
MicroWorld-eScan Trojan.GenericKD.1594735 20140310
Microsoft Trojan:Win32/Lecpetex.A 20140310
Norman Suspicious_Gen4.FWXLU 20140310
Panda Generic Malware 20140310
Qihoo-360 Win32/Trojan.849 20140310
Sophos Troj/Agent-AGGL 20140310
Symantec WS.Reputation.1 20140310
TrendMicro TROJ_INJECTOR.ZA 20140310
TrendMicro-HouseCall TROJ_INJECTOR.ZA 20140310
VBA32 Trojan.Inject 20140310
VIPRE Trojan.Win32.Generic!BT 20140310
AVG 20140309
AhnLab-V3 20140310
AntiVir 20140310
Avast 20140310
Bkav 20140310
ByteHero 20140310
CAT-QuickHeal 20140310
CMC 20140307
ClamAV 20140310
Commtouch 20140310
Comodo 20140310
DrWeb 20140310
F-Prot 20140310
Jiangmin 20140310
Malwarebytes 20140310
NANO-Antivirus 20140310
Rising 20140310
SUPERAntiSpyware 20140310
TheHacker 20140309
TotalDefense 20140310
ViRobot 20140310
nProtect 20140310
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-04 16:42:12
Entry Point 0x00002CBF
Number of sections 3
PE sections
PE imports
CryptDeriveKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
WriteProcessMemory
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
FlsGetValue
FlushFileBuffers
GetEnvironmentStringsW
FlsSetValue
LoadLibraryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetVolumeInformationA
GetConsoleMode
HeapSize
WriteConsoleW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
FlsAlloc
GetCommandLineA
GetProcAddress
FlsFree
EncodePointer
GetProcessHeap
GetTickCount64
SetStdHandle
CreateMutexA
WideCharToMultiByte
LoadLibraryW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetThreadContext
TerminateProcess
ResumeThread
LCMapStringEx
GetModuleHandleExW
InitOnceExecuteOnce
OutputDebugStringW
CreateFileW
GetStringTypeW
InterlockedDecrement
Sleep
GetFileType
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:04 17:42:12+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
29696

LinkerVersion
11.0

FileAccessDate
2014:03:14 17:37:33+01:00

EntryPoint
0x2cbf

InitializedDataSize
188928

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

FileCreateDate
2014:03:14 17:37:33+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 120b6f1eec89ee9f1c7255840d147976
SHA1 3f873ce3f9a45aa1e896cab05a3344c2ef4a4612
SHA256 4f037fb68270b63b998ae501e087fa30190cda5c47cafd3b5c50ef3d09fea95b
ssdeep
3072:vjffnWrL63cAGeT4qbACKxtLJ8XEyJnV2N1w:7ffWCsiTzbBKynV2N1w

imphash d9b37e72a8c1fddfe70d273fcc001cbb
File size 207.0 KB ( 211968 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-03-04 18:48:51 UTC ( 12 months ago )
Last submission 2014-03-14 16:40:28 UTC ( 11 months, 3 weeks ago )
File names 22013923
module.dat
vti-rescan
module.dat
file-6686706_dat
coffeebreak.dat
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!