× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ffd6891cd4c1f97da7cd3c364a55eeec952ccc0cfdadd477d4a190cd99cebb2
File name: vti-rescan
Detection ratio: 25 / 57
Analysis date: 2015-06-08 14:00:06 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2469843 20150608
AhnLab-V3 Trojan/Win32.Dynamer 20150608
ALYac Trojan.GenericKD.2469843 20150608
Antiy-AVL Trojan/Win32.Inject 20150608
Arcabit Trojan.Generic.D25AFD3 20150608
AVG Inject2.CHDE 20150608
Avira (no cloud) TR/Crypt.Xpack.15771 20150608
AVware Trojan.Win32.Generic!BT 20150608
Baidu-International Trojan.Win32.Inject.uxkg 20150608
BitDefender Trojan.GenericKD.2469843 20150608
Emsisoft Trojan.GenericKD.2469843 (B) 20150608
ESET-NOD32 Win32/Spy.Zbot.ACB 20150608
F-Secure Trojan.GenericKD.2469843 20150608
GData Trojan.GenericKD.2469843 20150608
Ikarus Trojan-Spy.Agent 20150608
Kaspersky Trojan.Win32.Inject.uxkg 20150608
Microsoft PWS:Win32/Zbot!VM 20150608
eScan Trojan.GenericKD.2469843 20150608
nProtect Trojan.GenericKD.2469843 20150608
Panda Generic Suspicious 20150608
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150608
Symantec WS.Reputation.1 20150608
Tencent Trojan.Win32.Qudamah.Gen.3 20150608
TrendMicro-HouseCall Suspicious_GEN.F47V0607 20150608
VIPRE Trojan.Win32.Generic!BT 20150608
AegisLab 20150608
Yandex 20150607
Alibaba 20150608
Avast 20150608
Bkav 20150608
ByteHero 20150608
CAT-QuickHeal 20150608
ClamAV 20150608
CMC 20150604
Comodo 20150608
Cyren 20150608
DrWeb 20150608
F-Prot 20150608
Fortinet 20150608
Jiangmin 20150607
K7AntiVirus 20150608
K7GW 20150608
Kingsoft 20150608
Malwarebytes 20150608
McAfee 20150608
McAfee-GW-Edition 20150607
NANO-Antivirus 20150608
Rising 20150608
Sophos AV 20150608
SUPERAntiSpyware 20150606
TheHacker 20150607
TotalDefense 20150608
TrendMicro 20150608
VBA32 20150608
ViRobot 20150608
Zillya 20150608
Zoner 20150605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2014 Jan Goyvaerts

Publisher Just Great Software
Product EditPad Pro
Original name EditPadPro.exe
Internal name EditPadPro
File version 7.3.6.5448
Description EditPad Pro
Comments Visit http://www.editpadpro.com/ for more information
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-06 12:53:31
Entry Point 0x0000497D
Number of sections 5
PE sections
PE imports
capCreateCaptureWindowA
ImageList_DrawIndirect
CreateToolbarEx
Ord(17)
GetFileTitleA
GetOpenFileNameA
GetTextMetricsW
GetWindowOrgEx
TextOutA
CreateFontIndirectA
GetObjectA
CreateDCA
DeleteDC
SetBkMode
EndDoc
SetWindowOrgEx
StartPage
SetTextColor
FillRgn
CreateFontA
GetStockObject
SetViewportOrgEx
CreateCompatibleDC
CreateFontW
EndPage
SelectObject
StartDocA
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
QueryPerformanceFrequency
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
SetSystemTime
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
lstrcatA
WriteConsoleW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
FormatMessageA
SetStdHandle
GetModuleHandleA
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetPriorityClass
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
lstrcpyA
CreateFileW
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
GetFileSize
SetLastError
InterlockedIncrement
GetProcessMemoryInfo
AddCredentialsA
SetFocus
GetMessageA
UpdateWindow
DrawTextExW
EndDialog
PostQuitMessage
OffsetRect
DefWindowProcA
KillTimer
DestroyMenu
ShowWindow
CreatePopupMenu
SetWindowTextA
IsWindowEnabled
LoadMenuW
SetWindowPos
SetDlgItemInt
DispatchMessageA
EndPaint
ScrollWindowEx
SetDlgItemTextA
MoveWindow
GetDlgItemTextA
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetSysColor
GetDlgItemInt
SendDlgItemMessageA
SetScrollInfo
RegisterClassExA
GetCursorPos
ReleaseDC
BeginPaint
GetClassInfoA
SendMessageW
UnregisterClassA
DrawIconEx
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
SetTimer
GetDlgItem
DrawTextW
TrackPopupMenuEx
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
InvalidateRect
FillRect
GetSubMenu
CopyRect
GetSysColorBrush
GetFocus
GetDC
wsprintfW
GetWindowTextA
OpenClipboard
DragDetect
DestroyWindow
GetFileVersionInfoW
EnumPrintersA
OpenPrinterA
ClosePrinter
Ord(201)
WSAAsyncGetProtoByNumber
SCardFreeMemory
SCardLocateCardsA
SCardEstablishContext
SCardReleaseContext
SCardListReadersA
SCardGetStatusChangeA
CredUIPromptForCredentialsA
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipCreatePen1
GdipFree
GdipDrawRectangleI
GdipCreateHatchBrush
GdipDeleteBrush
GdipAlloc
GdipDrawEllipseI
GdipDeleteGraphics
GdipFillRectangleI
GdipDeletePen
GdipCreateFromHDC2
CoTaskMemFree
Ord(320)
Number of PE resources by type
RT_BITMAP 18
RT_STRING 9
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 29
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
Visit http://www.editpadpro.com/ for more information

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.3.6.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
EditPad Pro

CharacterSet
Unicode

InitializedDataSize
199680

EntryPoint
0x497d

OriginalFileName
EditPadPro.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2014 Jan Goyvaerts

FileVersion
7.3.6.5448

TimeStamp
2015:06:06 13:53:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
EditPadPro

ProductVersion
7.3.6

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Just Great Software

CodeSize
65536

ProductName
EditPad Pro

ProductVersionNumber
7.3.6.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 078fd45cdb00fbce73be5a89aaf534b9
SHA1 91561e143df4b8852d3428a688166a0f766b8a68
SHA256 4ffd6891cd4c1f97da7cd3c364a55eeec952ccc0cfdadd477d4a190cd99cebb2
ssdeep
6144:4JJm7qlVy9kO27hRGLWwSIzqlLvVU8jUw:4JJfVy9kOViwG3UMU

authentihash 7186f36251b0e945e8517379223706d7687e5095c390be2ced01d2763dd68603
imphash fce7b07376fb50cbb92be0b478cd9946
File size 260.0 KB ( 266240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-06 23:12:45 UTC ( 3 years, 9 months ago )
Last submission 2015-08-12 17:00:25 UTC ( 3 years, 7 months ago )
File names EditPadPro.exe
pi.exe
EditPadPro
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TC0DFD15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.