× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5dd1401b9efa4de93671847af3d958790ad6c2d34731f0ecac408e1ff1238744
File name: vti-rescan
Detection ratio: 2 / 56
Analysis date: 2015-10-17 05:33:00 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
TrendMicro TSPY_DRIDEX.XDG 20151017
TrendMicro-HouseCall TSPY_DRIDEX.XDG 20151017
Ad-Aware 20151017
AegisLab 20151016
Yandex 20151016
AhnLab-V3 20151016
Alibaba 20151016
ALYac 20151017
Antiy-AVL 20151016
Arcabit 20151017
Avast 20151017
AVG 20151017
Avira (no cloud) 20151016
AVware 20151017
Baidu-International 20151016
BitDefender 20151017
Bkav 20151016
ByteHero 20151017
CAT-QuickHeal 20151016
ClamAV 20151017
CMC 20151016
Comodo 20151017
Cyren 20151016
DrWeb 20151017
Emsisoft 20151017
ESET-NOD32 20151016
F-Prot 20151016
F-Secure 20151017
Fortinet 20151017
GData 20151017
Ikarus 20151017
Jiangmin 20151016
K7AntiVirus 20151016
K7GW 20151017
Kaspersky 20151017
Kingsoft 20151017
Malwarebytes 20151017
McAfee 20151017
McAfee-GW-Edition 20151017
Microsoft 20151017
eScan 20151017
NANO-Antivirus 20151017
nProtect 20151016
Panda 20151016
Qihoo-360 20151017
Rising 20151016
Sophos AV 20151017
SUPERAntiSpyware 20151017
Symantec 20151016
Tencent 20151017
TheHacker 20151016
VBA32 20151016
VIPRE 20151017
ViRobot 20151017
Zillya 20151016
Zoner 20151017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 6:12 AM 3/26/2016
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-07 20:33:55
Entry Point 0x0003C616
Number of sections 4
PE sections
Overlays
MD5 ebce2ea9cb46ffb361f185fccc71a7f8
File type data
Offset 286720
Size 6760
Entropy 7.49
PE imports
NotifyBootConfigStatus
LsaSetTrustedDomainInfoByName
DeleteService
VerLanguageNameA
GetTimeFormatW
GetStartupInfoA
GetModuleHandleA
LoadLibraryW
FindFirstFileA
Module32Next
GetProfileIntW
CreateTapePartition
GetSystemTimeAsFileTime
GetCommConfig
GetShortPathNameA
__p__fmode
_acmdln
_exit
_adjust_fdiv
_controlfp
exit
_XcptFilter
__getmainargs
__setusermatherr
_close
_initterm
__set_app_type
VarUI1FromBool
VarMul
VarR4FromDate
VarCyNeg
VarCyCmp
SysAllocString
VarI4FromI1
VarCyFromI1
SafeArrayGetElemsize
VarImp
LPSAFEARRAY_UserMarshal
VarUI2FromDate
VarBoolFromR4
LoadTypeLibEx
VarI1FromI4
SafeArrayPtrOfIndex
VarCySub
SafeArraySetRecordInfo
VarDecFromDate
SafeArrayCopy
VarI2FromDisp
VarUI1FromI4
VarDecFromR4
SysReAllocString
VarCat
VarDecFromR8
VarCyFix
VarI2FromR8
VarUI2FromUI1
SafeArraySetIID
VarI1FromDec
VarCyCmpR8
VarDateFromR8
VarCyMulI4
VarDecSub
SafeArrayAllocDescriptorEx
VarCyFromDec
OleLoadPicturePath
VarInt
VarR8FromDate
VarFormatCurrency
VARIANT_UserMarshal
DispGetIDsOfNames
VarI4FromBool
VarR4FromR8
VarR8FromDec
RegisterActiveObject
OleLoadPictureFileEx
VarI2FromDate
VarR4FromI4
VarR4FromI2
VarI2FromStr
CreateTypeLib
SafeArrayAllocData
SafeArrayDestroyDescriptor
VarBstrFromI1
LoadTypeLib
VarDecFromBool
VariantChangeType
VarAbs
VarWeekdayName
VarNeg
VarBoolFromDec
VarMod
VarFormatNumber
VarI2FromCy
VarUI1FromDec
VarUI4FromStr
RegisterTypeLib
SafeArrayAllocDescriptor
VarI2FromUI1
VarBstrFromR4
SafeArrayGetDim
VarBstrFromR8
VarBstrFromDec
VarEqv
VarUI1FromCy
VarUI1FromStr
VarCyFromUI1
RevokeActiveObject
VarI2FromI4
VarBstrFromDate
VarBstrFromUI1
LPSAFEARRAY_UserFree
LHashValOfNameSysA
VarUI2FromR8
VarDateFromI1
SafeArrayUnlock
VarDateFromI2
VarIdiv
VarR8FromUI1
SafeArrayCreateEx
VarR4FromStr
VarR8FromUI2
SafeArrayGetElement
VarCyFromDate
VarUI2FromI2
DosDateTimeToVariantTime
VarBoolFromUI2
VarI1FromR4
BSTR_UserSize
VarDecDiv
VarUI1FromR8
VarNot
VarFormatPercent
VariantClear
VarDiv
GetAltMonthNames
VarFormatDateTime
VarDateFromUI4
VarDateFromUI1
VarUI2FromCy
SHGetFileInfoA
SHFileOperationW
SHGetInstanceExplorer
FindExecutableW
SHEmptyRecycleBinA
SHGetFileInfoW
SHGetDesktopFolder
SHFileOperationA
DoEnvironmentSubstW
GetSystemMetrics
AdjustWindowRect
GetDoubleClickTime
IsClipboardFormatAvailable
ShowCursor
GetClipboardViewer
SubtractRect
GetClassInfoExA
GetFocus
GetClipboardData
GetUrlCacheEntryInfoA
GopherGetLocatorTypeW
FtpRemoveDirectoryA
SetUrlCacheEntryGroup
DeleteUrlCacheEntry
InternetCrackUrlA
CommitUrlCacheEntryA
waveOutSetVolume
midiInGetErrorTextA
joyGetNumDevs
mmioWrite
mciSendStringW
midiInGetErrorTextW
waveOutGetDevCapsW
mciSendStringA
waveInGetErrorTextA
waveInGetDevCapsA
waveOutPause
midiOutReset
midiOutGetDevCapsW
midiInClose
waveInAddBuffer
mixerMessage
midiOutGetDevCapsA
midiInUnprepareHeader
mmioSetBuffer
waveInGetNumDevs
mixerGetControlDetailsW
midiInGetNumDevs
waveOutPrepareHeader
waveInGetPosition
mciSendCommandA
midiOutLongMsg
waveInOpen
mmioDescend
sndPlaySoundA
waveOutSetPlaybackRate
mixerGetNumDevs
joySetCapture
midiOutMessage
midiInReset
auxGetNumDevs
waveOutGetID
waveInGetID
waveOutWrite
waveOutBreakLoop
midiOutOpen
OpenDriver
mixerGetID
midiInAddBuffer
CloseDriver
midiOutGetNumDevs
mmioRead
waveOutUnprepareHeader
waveInStart
midiInStop
midiOutGetID
SendDriverMessage
GetDriverModuleHandle
midiInStart
waveInStop
midiOutSetVolume
sndPlaySoundW
mixerGetLineInfoA
mixerOpen
midiOutGetVolume
waveInMessage
waveOutGetNumDevs
midiStreamOut
mixerGetLineInfoW
mmioSetInfo
waveOutGetPlaybackRate
PlaySoundW
midiInGetDevCapsW
joyGetPos
mmioCreateChunk
mmioGetInfo
midiInGetDevCapsA
midiOutCacheDrumPatches
mmioAdvance
midiOutPrepareHeader
midiOutCachePatches
mixerClose
waveInUnprepareHeader
mciGetErrorStringA
midiOutUnprepareHeader
midiInMessage
DefDriverProc
midiInPrepareHeader
mixerGetLineControlsW
mciGetErrorStringW
auxGetVolume
midiOutGetErrorTextW
midiStreamPosition
timeSetEvent
mixerGetLineControlsA
waveOutGetPosition
auxGetDevCapsW
midiOutGetErrorTextA
waveInPrepareHeader
mciGetCreatorTask
mmioClose
joyGetPosEx
waveOutMessage
mmioStringToFOURCCA
timeGetTime
timeGetDevCaps
mmioStringToFOURCCW
waveOutGetErrorTextW
mixerGetDevCapsA
midiStreamRestart
mixerSetControlDetails
PlaySoundA
midiStreamOpen
mixerGetDevCapsW
waveOutGetVolume
waveInReset
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 3
n1111U2 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
GREEK DEFAULT 6
GAELIC SCOTTISH 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.248.205.71

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
151552

EntryPoint
0x3c616

OriginalFileName
Sitting.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012

FileVersion
149, 175, 246, 223

TimeStamp
2008:04:07 21:33:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ted

FileDescription
Tool

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Jean-Pierre Menicucci

CodeSize
245760

FileSubtype
0

ProductVersionNumber
0.59.93.110

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0afd817b81bc604476bab407c8bee224
SHA1 dfb62529d68835c35f2fa7a02a912ba5cab943b9
SHA256 5dd1401b9efa4de93671847af3d958790ad6c2d34731f0ecac408e1ff1238744
ssdeep
6144:CPJQDEymt4PhaWtsd7ct5neEh16kRXWINCn4g2u:aQDLmt+h47ct5dPu

authentihash ca0b4276999e353f55db8632f230f6489739212dd071e14935b3a366b84915e9
imphash ae703a256fad5ca87b6c69ca89607118
File size 286.6 KB ( 293480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay via-tor

VirusTotal metadata
First submission 2015-10-16 15:23:23 UTC ( 3 years, 5 months ago )
Last submission 2015-11-09 21:08:48 UTC ( 3 years, 4 months ago )
File names crypted120med.exe
5dd1401b9efa4de93671847af3d958790ad6c2d34731f0ecac408e1ff1238744.bin
crypted120med[1].exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections