× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55b20ee4691371134f9a0a33c6ea092c366e05950f22a5147a29f6613e16ff39
File name: vti-rescan
Detection ratio: 21 / 50
Analysis date: 2014-03-10 19:24:53 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.85089 20140310
Agnitum Trojan.Inject!SMbBrIq0+BQ 20140310
Antiy-AVL Trojan/Win32.Inject 20140310
Baidu-International Trojan.Win32.Inject.axAP 20140310
BitDefender Gen:Variant.Zusy.85089 20140310
ESET-NOD32 a variant of Win32/Injector.AZAR 20140310
Emsisoft Gen:Variant.Zusy.23178 (B) 20140310
F-Secure Trojan:W32/Agent.DUTJ 20140310
Fortinet W32/Inject.ISOO!tr 20140310
GData Gen:Variant.Zusy.85089 20140310
Ikarus Trojan.SuspectCRC 20140310
Kaspersky Trojan.Win32.Inject.isoo 20140310
Kingsoft Win32.Troj.Inject.is.(kcloud) 20140310
MicroWorld-eScan Gen:Variant.Zusy.85089 20140310
Microsoft Trojan:Win32/Lecpetex.A 20140310
Panda Generic Malware 20140310
Qihoo-360 HEUR/Malware.QVM30.Gen 20140310
Sophos Mal/Generic-S 20140310
Symantec WS.Reputation.1 20140310
TrendMicro-HouseCall TROJ_GEN.R0CBH01CA14 20140310
VIPRE Trojan.Win32.Generic!BT 20140310
AVG 20140309
AhnLab-V3 20140310
AntiVir 20140310
Avast 20140310
Bkav 20140310
ByteHero 20140310
CAT-QuickHeal 20140310
CMC 20140307
ClamAV 20140310
Commtouch 20140310
Comodo 20140310
DrWeb 20140310
F-Prot 20140310
Jiangmin 20140310
K7AntiVirus 20140310
K7GW 20140310
Malwarebytes 20140310
McAfee 20140310
McAfee-GW-Edition 20140310
NANO-Antivirus 20140310
Norman 20140310
Rising 20140310
SUPERAntiSpyware 20140310
TheHacker 20140309
TotalDefense 20140310
TrendMicro 20140310
VBA32 20140310
ViRobot 20140310
nProtect 20140310
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-27 21:16:35
Link date 10:16 PM 2/27/2014
Entry Point 0x00002CBF
Number of sections 3
PE sections
PE imports
CryptDeriveKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
WriteProcessMemory
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
FlsGetValue
FlushFileBuffers
GetEnvironmentStringsW
FlsSetValue
LoadLibraryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetVolumeInformationA
GetConsoleMode
HeapSize
WriteConsoleW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
FlsAlloc
GetCommandLineA
GetProcAddress
FlsFree
EncodePointer
GetProcessHeap
GetTickCount64
SetStdHandle
CreateMutexA
WideCharToMultiByte
LoadLibraryW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetThreadContext
TerminateProcess
ResumeThread
LCMapStringEx
GetModuleHandleExW
InitOnceExecuteOnce
OutputDebugStringW
CreateFileW
GetStringTypeW
InterlockedDecrement
Sleep
GetFileType
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:02:27 22:16:35+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
29696

LinkerVersion
11.0

FileAccessDate
2014:05:12 07:03:12+01:00

EntryPoint
0x2cbf

InitializedDataSize
188928

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

FileCreateDate
2014:05:12 07:03:12+01:00

UninitializedDataSize
0

File identification
MD5 fc33a4e66788f49d280be290720216ef
SHA1 4244658776cd7d6a29752abfb6f106dfc8aa322b
SHA256 55b20ee4691371134f9a0a33c6ea092c366e05950f22a5147a29f6613e16ff39
ssdeep
3072:wjffnWrL63cAGeT4qbACKxtLJ8XEyJnV2N1w:kffWCsiTzbBKynV2N1w

imphash d9b37e72a8c1fddfe70d273fcc001cbb
File size 207.0 KB ( 211968 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-02-28 18:29:40 UTC ( 1 year, 2 months ago )
Last submission 2014-03-10 19:24:53 UTC ( 1 year, 1 month ago )
File names asdfrr.dat_
96f4e00c8272651b0245063a9553dbf3420f8a94
module.dat
module.exe
output.21929775.txt
21929775
vti-rescan
module.zip
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!