× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54d5f5e7c45d6b9a18f61b352dd04aafffddb7de0767bfccfe7b123c3200eaff
File name: vti-rescan
Detection ratio: 44 / 57
Analysis date: 2015-05-28 20:46:56 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Dyreza.4 20150528
Yandex TrojanSpy.Zbot!vQCOgJgllYc 20150528
AhnLab-V3 Malware/Win32.Generic 20150528
ALYac Gen:Variant.Dyreza.4 20150528
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150528
Avast Win32:Malware-gen 20150528
AVG Pakes_c.BMYD 20150528
Avira (no cloud) TR/Changeling.A.2047 20150528
AVware Trojan.Win32.Generic!BT 20150528
Baidu-International Trojan.Win32.Zbot.AAO 20150528
BitDefender Gen:Variant.Dyreza.4 20150528
Bkav HW32.Packed.FBC9 20150528
CAT-QuickHeal TrojanSpy.Zbot.r4 20150528
Comodo UnclassifiedMalware 20150528
DrWeb Trojan.PWS.Panda.2977 20150528
Emsisoft Gen:Variant.Dyreza.4 (B) 20150528
ESET-NOD32 Win32/Spy.Zbot.AAO 20150528
F-Secure Gen:Variant.Dyreza.4 20150528
Fortinet W32/Zbot.AAO!tr.spy 20150528
GData Gen:Variant.Dyreza.4 20150528
Ikarus Trojan-PWS.Win32.Zbot 20150528
Jiangmin Trojan/Generic.buumi 20150528
K7AntiVirus Spyware ( 0029a43a1 ) 20150528
K7GW Spyware ( 0029a43a1 ) 20150528
Kaspersky HEUR:Trojan.Win32.Generic 20150528
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150528
Malwarebytes Trojan.Zbot 20150528
McAfee PWSZbot-FABA!B87500D8D40E 20150528
McAfee-GW-Edition PWSZbot-FABA!B87500D8D40E 20150528
Microsoft PWS:Win32/Zbot 20150528
eScan Gen:Variant.Dyreza.4 20150528
NANO-Antivirus Trojan.Win32.Panda.derzlo 20150528
Norman Suspicious_Gen4.GECSK 20150528
Panda Generic Malware 20150528
Qihoo-360 HEUR/Malware.QVM20.Gen 20150528
Rising PE:Trojan.Win32.Generic.16C43D84!381959556 20150528
Sophos AV Mal/Zbot-PA 20150528
SUPERAntiSpyware Trojan.Agent/Gen-Katusha 20150528
Symantec Trojan.ADH 20150528
Tencent Trojan.Win32.YY.Gen.5 20150528
TrendMicro TROJ_SPNR.0BF514 20150528
TrendMicro-HouseCall TROJ_SPNR.0BF514 20150528
VIPRE Trojan.Win32.Generic!BT 20150528
Zillya Trojan.Zbot.Win32.179397 20150528
AegisLab 20150528
Alibaba 20150528
ByteHero 20150528
ClamAV 20150528
CMC 20150527
Cyren 20150528
F-Prot 20150528
nProtect 20150528
TheHacker 20150526
TotalDefense 20150528
VBA32 20150526
ViRobot 20150528
Zoner 20150526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-23 21:19:10
Entry Point 0x0000F314
Number of sections 4
PE sections
Overlays
MD5 627423e93eb92a91bc1e795c2a9a97b6
File type data
Offset 343040
Size 1024
Entropy 7.83
PE imports
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
GetLastError
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
TlsAlloc
VirtualProtect
FindResourceExA
GetModuleFileNameA
GetCurrentProcess
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
GetLogicalDrives
GetCommandLineA
GetProcAddress
CreateMutexA
GetTempPathA
GlobalAddAtomW
GetCPInfo
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
ConvertDefaultLocale
GetStartupInfoA
CloseHandle
GetACP
DecodePointer
SetEnvironmentVariableA
LocalFree
GlobalMemoryStatus
CreateProcessA
GetEnvironmentVariableA
LoadResource
GetConsoleAliasExesLengthW
FormatMessageA
ExitProcess
SetLastError
ShellExecuteA
GetMessageA
GetForegroundWindow
UpdateWindow
EnumWindows
KillTimer
PostQuitMessage
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
GetWindowRect
DispatchMessageA
MessageBoxA
TranslateMessage
SendMessageA
GetWindowTextA
SetTimer
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadImageA
SetForegroundWindow
__p__fmode
__p__environ
memset
fclose
strcat
atexit
strncat
_setmode
printf
fopen
strlen
strncpy
_cexit
_itoa
strtok
_chdir
_open
_onexit
_findclose
_unlink
_close
strchr
strrchr
strpbrk
atoi
__getmainargs
_stat
strstr
_read
_findnext
strcmp
_findfirst
strcpy
_mkdir
fwrite
fprintf
__set_app_type
signal
_iob
Number of PE resources by type
RT_ICON 9
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 14
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
79360

EntryPoint
0xf314

OriginalFileName
Startup.exe

MIMEType
application/octet-stream

LegalCopyright
TODO: (C) < >

FileVersion
1.0.0.1

TimeStamp
2014:01:23 22:19:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Startup.exe

ProductVersion
1.0.0.1

FileDescription
TODO: < >

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: < >

CodeSize
262656

ProductName
TODO: < >

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b87500d8d40ec1ac249f44c29a71f07f
SHA1 dadaa6b2f3b70bc9e9cd87c12b8fe87dc863ae51
SHA256 54d5f5e7c45d6b9a18f61b352dd04aafffddb7de0767bfccfe7b123c3200eaff
ssdeep
6144:ifx4my18T/BAWp3vU+2EBtmKRusqUml0yPJErFpVAnIpKRBuBF8Dn:iJ3y18T/7/U+2EJmHPQVfMBugDn

authentihash b66c9b777aa9caac0380fe93147222b73268b090d436ee739eccc7e5a79a90ce
imphash 9eca770bf3d1a30f30e61733f41bda21
File size 336.0 KB ( 344064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-04-09 07:20:10 UTC ( 4 years, 10 months ago )
Last submission 2014-04-09 09:33:03 UTC ( 4 years, 10 months ago )
File names b87500d8d40ec1ac249f44c29a71f07f_9eca770bf3d1a30f30e61733f41bda21_undefined.exe
vti-rescan
vt_15200189.@
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications