× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55fb8a9f7d1af2a37074fb09566db7c54fb35574cf8df85a2ae10ebde773542c
File name: vti-rescan
Detection ratio: 40 / 56
Analysis date: 2015-05-13 00:40:08 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.597666 20150513
Yandex Trojan.Kryptik!AO5kPm8WdZg 20150512
AhnLab-V3 Win-Trojan/Malpacked6.Gen 20150512
ALYac Gen:Variant.Kazy.597666 20150512
Antiy-AVL Worm/Win32.Cridex 20150513
Avast Win32:Malware-gen 20150513
AVG Crypt4.QQK 20150512
AVware Trojan.Win32.Generic!BT 20150513
Baidu-International Worm.Win32.Cridex.qgo 20150512
BitDefender Gen:Variant.Kazy.597666 20150513
CAT-QuickHeal Trojan.Dynamer.AC5 20150512
ClamAV Win.Trojan.Dridex-17 20150513
Comodo UnclassifiedMalware 20150513
Cyren W32/Trojan.JJLR-8648 20150513
DrWeb Trojan.Dyre.43 20150513
Emsisoft Gen:Variant.Kazy.597666 (B) 20150513
ESET-NOD32 a variant of Win32/Kryptik.DFSU 20150512
F-Secure Gen:Variant.Kazy.597666 20150513
Fortinet W32/Dridex.P!tr 20150513
GData Gen:Variant.Kazy.597666 20150513
Ikarus Trojan.Win32.Crypt 20150513
K7AntiVirus Trojan ( 004bdf181 ) 20150512
K7GW Trojan ( 004bdf181 ) 20150512
Kaspersky Worm.Win32.Cridex.qgo 20150513
McAfee Downloader-FASP!8C0832020844 20150513
McAfee-GW-Edition BehavesLike.Win32.Dropper.cm 20150513
Microsoft Trojan:Win32/Dynamer!ac 20150513
eScan Gen:Variant.Kazy.597666 20150513
NANO-Antivirus Trojan.Win32.Cridex.dqxdnj 20150513
Norman Troj_Generic_2.BBSJ 20150512
Panda Trj/Genetic.gen 20150512
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150513
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150512
Sophos AV Mal/Generic-S 20150513
Symantec Trojan.Cridex 20150513
Tencent Trojan.Win32.YY.Gen.3 20150513
TrendMicro TROJ_CRIDEX.UNZ 20150513
TrendMicro-HouseCall TROJ_CRIDEX.UNZ 20150513
VIPRE Trojan.Win32.Generic!BT 20150513
Zillya Worm.Cridex.Win32.513 20150510
AegisLab 20150513
Alibaba 20150513
Bkav 20150512
ByteHero 20150513
CMC 20150508
F-Prot 20150513
Jiangmin 20150511
Kingsoft 20150513
Malwarebytes 20150512
nProtect 20150512
SUPERAntiSpyware 20150512
TheHacker 20150511
TotalDefense 20150512
VBA32 20150511
ViRobot 20150512
Zoner 20150511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name bitsprx4.dll
Internal name bitsprx4.dll
File version 6.7.2300.5512 (xpsp.080413-2108)
Description Background Intelligent Transfer Service 2.5 Proxy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-16 15:56:47
Entry Point 0x00001078
Number of sections 5
PE sections
PE imports
PauseClusterNode
ClusterRegSetValue
OnlineClusterGroup
OfflineClusterResource
ClusterEnum
BackupClusterDatabase
ClusterRegGetKeySecurity
GetClusterResourceKey
GetClusterFromNetInterface
GetClusterInformation
ClusterNetworkEnum
JetRestore2
SetBkColor
GetTextExtentPointW
GetPrivateProfileSectionNamesA
GetDriveTypeW
WaitForSingleObject
GetHandleInformation
SetInformationJobObject
GetTapeParameters
DisconnectNamedPipe
DefineDosDeviceA
WriteConsoleOutputAttribute
GetSystemDefaultLCID
GetCPInfo
FindNextVolumeMountPointW
EnumDateFormatsW
SetConsoleCP
MoveFileW
EnumDateFormatsA
EncodePointer
OutputDebugStringA
GetUserDefaultUILanguage
GetSystemTime
ReadConsoleInputA
GetLargestConsoleWindowSize
HeapAlloc
FlushViewOfFile
QueueUserAPC
LoadLibraryExA
LoadLibraryExW
GlobalAddAtomW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
GlobalMemoryStatus
CreateSemaphoreW
AllocateUserPhysicalPages
GetModuleHandleExW
GetCommState
OpenJobObjectA
HeapFree
WriteConsoleInputA
FillConsoleOutputCharacterA
CreateJobSet
DisableThreadLibraryCalls
SetFileApisToANSI
FillConsoleOutputCharacterW
WaitForSingleObjectEx
GlobalSize
MoveFileExA
DeleteFileA
GetCommProperties
GlobalLock
EnumResourceNamesW
GetConsoleProcessList
EnumResourceNamesA
CompareStringA
CreateWaitableTimerA
ReadConsoleOutputAttribute
SystemTimeToFileTime
GetThreadPriority
GlobalGetAtomNameA
LockFile
CompareFileTime
ProcessIdToSessionId
GetCurrentDirectoryA
GetAtomNameW
BackupRead
GetCurrentThread
EnumSystemCodePagesW
WriteTapemark
RaiseException
FindResourceW
HeapUnlock
HeapCompact
SetSystemPowerState
WriteFileEx
lstrcpynA
ReadConsoleOutputCharacterA
CreateConsoleScreenBuffer
SetWaitableTimer
SetThreadExecutionState
IsBadHugeWritePtr
CreateProcessA
GetDefaultCommConfigW
CreateProcessW
SetMailslotInfo
GetDefaultCommConfigA
CreateJobObjectA
FileTimeToDosDateTime
VerifyVersionInfoA
DeactivateActCtx
CreateJobObjectW
VerifyVersionInfoW
GetCurrentProcess
GetConsoleMode
EnumCalendarInfoExA
VirtualLock
GetThreadContext
EnumCalendarInfoA
ReleaseActCtx
FindActCtxSectionStringW
GetExitCodeProcess
LocalFree
GetLogicalDriveStringsA
LoadResource
GlobalCompact
DeleteTimerQueue
CopyFileW
RemoveDirectoryW
SetConsoleTitleW
GetNumberOfConsoleInputEvents
ExitProcess
CreateMailslotA
RemoveDirectoryA
LoadLibraryA
CancelDeviceWakeupRequest
GetCalendarInfoW
FlushInstructionCache
EnumLanguageGroupLocalesA
CreateMutexA
ActivateActCtx
SetUnhandledExceptionFilter
GetConsoleDisplayMode
CreateMutexW
MulDiv
SetThreadIdealProcessor
ReadConsoleOutputCharacterW
TzSpecificLocalTimeToSystemTime
ReadConsoleOutputW
GlobalAlloc
SetFirmwareEnvironmentVariableA
GetVersion
ReadConsoleOutputA
CallNamedPipeW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
SetConsoleTextAttribute
CallNamedPipeA
MoveFileWithProgressA
FlushFileBuffers
lstrcmpiW
GetDateFormatA
SetFileValidData
GetWindowsDirectoryA
SetSystemTimeAdjustment
GetTempFileNameW
GlobalWire
GlobalReAlloc
GlobalFix
WTSGetActiveConsoleSessionId
lstrcpyA
CreateMemoryResourceNotification
ResetEvent
GetTempFileNameA
GetCurrencyFormatA
CreateFileW
TlsSetValue
CreateFileA
PrepareTape
LocalReAlloc
FindFirstChangeNotificationA
lstrlenA
GetSystemWindowsDirectoryW
lstrcpyW
IsDBCSLeadByte
WinExec
FindFirstChangeNotificationW
CancelWaitableTimer
Module32FirstW
GetConsoleTitleW
GetCPInfoExA
CancelIo
PulseEvent
PeekConsoleInputA
GetCommConfig
IsValidCodePage
SetConsoleMode
OpenSemaphoreA
GetTimeFormatA
SetThreadLocale
CreateTimerQueueTimer
GetPrivateProfileStructA
QueryInformationJobObject
GetFileAttributesA
DeleteFiber
DebugBreak
EnumUILanguagesW
SetConsoleCursorPosition
GetFileAttributesW
SetSystemTime
LocalAlloc
UnhandledExceptionFilter
GetFileInformationByHandle
GetTapePosition
GetStringTypeA
IsBadHugeReadPtr
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
WriteConsoleOutputW
ConnectNamedPipe
InitAtomTable
GetStringTypeExW
HeapDestroy
GetProfileIntA
BeginUpdateResourceA
SetLastError
GetWriteWatch
LocalLock
UpdateResourceW
FoldStringA
LockFileEx
WritePrivateProfileSectionW
EnumSystemLocalesW
SetProcessAffinityMask
SetCalendarInfoA
GetExitCodeThread
Module32Next
FindAtomW
ConvertThreadToFiber
GetProcessShutdownParameters
DebugActiveProcess
GetDiskFreeSpaceExW
AddRefActCtx
WriteConsoleW
EndUpdateResourceW
SetEvent
IsBadWritePtr
GetVersionExA
EndUpdateResourceA
GetFileSize
GetPrivateProfileIntA
SetVolumeMountPointA
GetSystemRegistryQuota
WriteFileGather
SetVolumeMountPointW
FindVolumeMountPointClose
GetProcAddress
GetPrivateProfileIntW
GetComputerNameW
SetDefaultCommConfigA
lstrcmpA
FindFirstFileA
HeapValidate
FindFirstFileW
IsValidLocale
lstrcmpW
EnumDateFormatsExW
GetProcessAffinityMask
CreateEventW
EncodeSystemPointer
WriteConsoleA
WriteProfileSectionW
GetFileType
GetProcessTimes
LocalUnlock
InterlockedIncrement
LCMapStringW
LCMapStringA
SetProcessShutdownParameters
GetDevicePowerState
SetupComm
FileTimeToLocalFileTime
GetEnvironmentStrings
BuildCommDCBAndTimeoutsA
ClearCommBreak
GetCompressedFileSizeA
SetFirmwareEnvironmentVariableW
DecodeSystemPointer
Module32NextW
DeleteAtom
OpenMutexW
DeleteVolumeMountPointA
BindIoCompletionCallback
GetFileAttributesExW
VirtualFree
GetProcessVersion
LocalShrink
ReplaceFileA
Toolhelp32ReadProcessMemory
GetOverlappedResult
ScrollConsoleScreenBufferA
ReplaceFileW
SetThreadPriorityBoost
SystemTimeToTzSpecificLocalTime
GetProcessId
DeleteCriticalSection
GetVolumePathNamesForVolumeNameA
FreeEnvironmentStringsW
HeapWalk
GetLocaleInfoW
WideCharToMultiByte
ZombifyActCtx
WritePrivateProfileStructA
InterlockedExchange
GetSystemTimeAsFileTime
Thread32First
WritePrivateProfileStructW
AddVectoredExceptionHandler
ResumeThread
GlobalHandle
EnumSystemGeoID
QueryDosDeviceW
Process32FirstW
SetLocaleInfoW
GlobalFindAtomA
VerLanguageNameW
SetProcessWorkingSetSize
GetPriorityClass
CreateActCtxW
GetPrivateProfileStringA
GetProfileSectionW
CreateActCtxA
GetVolumeInformationW
EnumCalendarInfoW
SwitchToFiber
CreateSemaphoreA
GetSystemDefaultUILanguage
CreateDirectoryExA
EnumSystemLanguageGroupsW
GetNumberOfConsoleMouseButtons
ExitThread
TerminateProcess
FreeUserPhysicalPages
GetNumberFormatA
SetEndOfFile
LocalCompact
GetSystemWow64DirectoryW
SetCommBreak
TerminateThread
FreeLibrary
QueryPerformanceCounter
VirtualProtect
GlobalUnfix
SetProcessPriorityBoost
ReadProcessMemory
FillConsoleOutputAttribute
GetProcessHeap
QueryDepthSList
GetProfileStringW
SetCriticalSectionSpinCount
WaitNamedPipeW
GetBinaryTypeW
GetModuleFileNameW
GetProfileStringA
GetProcessWorkingSetSize
DuplicateHandle
GetBinaryTypeA
GetTimeZoneInformation
FindFirstVolumeA
WriteConsoleOutputCharacterW
IsDebuggerPresent
BuildCommDCBA
GetLastError
FlushConsoleInputBuffer
GetShortPathNameW
GetConsoleCP
GetTapeStatus
BuildCommDCBW
CreateNamedPipeA
GetModuleFileNameA
GetShortPathNameA
SwitchToThread
SetTapePosition
ExpandEnvironmentStringsW
Heap32ListNext
QueryPerformanceFrequency
FatalAppExitW
FreeResource
SetCommConfig
DnsHostnameToComputerNameW
OpenEventW
WriteConsoleOutputCharacterA
GetLongPathNameA
TransactNamedPipe
IsBadCodePtr
OpenEventA
MprInfoBlockRemove
MprConfigInterfaceTransportSetInfo
MprConfigInterfaceSetInfo
MprAdminTransportGetInfo
MprAdminMIBEntryGet
MprConfigTransportCreate
MprAdminMIBBufferFree
MprAdminInterfaceGetInfo
MprInfoBlockAdd
MprConfigTransportGetInfo
MprAdminConnectionClearStats
MprAdminServerGetInfo
MprConfigInterfaceCreate
VarR4CmpR8
VarUI2FromStr
VarUI1FromCy
VarCyFromUI2
VarBstrCmp
VarUI2FromR4
VarR8FromBool
VarCyFromI1
VarCyRound
VarUI4FromBool
VarBstrFromR8
SetupGetLineTextW
DragQueryFileW
SHQueryRecycleBinW
ExtractAssociatedIconExW
DragAcceptFiles
SHIsFileAvailableOffline
ExtractAssociatedIconW
DuplicateIcon
ShellExecuteExW
SHGetFileInfoW
ExtractIconW
Shell_NotifyIconW
DrawTextA
IsCharAlphaW
IsWindow
EnableWindow
DrawFocusRect
SetWindowTextA
FillRect
EndDialog
LoadMenuA
GetThreadDesktop
WindowFromPoint
GetKeyboardLayoutList
TabbedTextOutW
wsprintfW
ShowWindow
MessageBeep
InvalidateRect
RegisterWindowMessageW
GetLastActivePopup
SetCursor
rename
malloc
fseek
setlocale
fgetc
realloc
wctomb
fclose
wcsftime
__dllonexit
fwprintf
wcstok
putwc
remove
_onexit
wcstod
iswgraph
_except_handler3
clearerr
strtok
feof
scanf
_lock
system
fsetpos
wcscoll
ftell
vfwprintf
exit
putc
rewind
vprintf
_unlock
ferror
asctime
iswascii
vfprintf
wscanf
strcoll
fputws
fscanf
fwscanf
iswpunct
swscanf
fputwc
freopen
fprintf
strftime
sscanf
wcstoul
memset
isprint
toupper
ispunct
strlen
strncpy
VerSetConditionMask
strncat
isalnum
isxdigit
wcslen
isalpha
wcsncat
towlower
memcmp
mbstowcs
tolower
iswctype
labs
iswxdigit
wcscspn
RtlCaptureContext
memcpy
cos
wcscpy
strcpy
strspn
iswspace
wcsncmp
isupper
strcmp
PdhGetRawCounterValue
PdhReadRawLogRecord
PdhGetCounterInfoW
PdhAddCounterA
PdhParseCounterPathA
PdhCalculateCounterFromRawValue
PdhBrowseCountersW
PdhGetFormattedCounterArrayW
PdhRemoveCounter
PdhEnumMachinesA
PdhLookupPerfNameByIndexW
PdhExpandWildCardPathW
RevokeBindStatusCallback
URLOpenBlockingStreamA
CoInternetCombineUrl
CoInternetGetSecurityUrl
GetComponentIDFromCLSSPEC
URLDownloadToFileA
HlinkGoBack
CoInternetCompareUrl
CreateURLMoniker
CoInternetParseUrl
SetSoftwareUpdateAdvertisementState
FindMediaTypeClass
RegisterFormatEnumerator
CoInternetCreateSecurityManager
CompareSecurityIds
URLDownloadToFileW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.7.2300.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
139264

EntryPoint
0x1078

OriginalFileName
bitsprx4.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.7.2300.5512 (xpsp.080413-2108)

TimeStamp
2015:04:16 16:56:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bitsprx4.dll

ProductVersion
6.7.2300.5512

FileDescription
Background Intelligent Transfer Service 2.5 Proxy

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
61440

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.7.2300.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8c083202084434f4a8eb97e70fae1091
SHA1 52ad11cfbd9f0490fe55a5c301f58ed0cea75ffb
SHA256 55fb8a9f7d1af2a37074fb09566db7c54fb35574cf8df85a2ae10ebde773542c
ssdeep
3072:8Kxe9ZhrN1LtavtIZQVGEpWs8x/Wpb8kfcYRCOz:65pVIOKVWnhYbi

authentihash 0f6f72acf6271795e46272357e4d87bdde29479f49d5ce5c288b0634543036af
imphash 69a368e92121fe9ee2bd0ff89a45c241
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-19 07:51:06 UTC ( 4 years, 1 month ago )
Last submission 2017-11-30 13:03:17 UTC ( 1 year, 5 months ago )
File names KB277673402.EXE
bitsprx4.dll
55fb8a9f7d1af2a37074fb09566db7c54fb35574cf8df85a2ae10ebde773542c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications