× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7127ea6a185af63fc77fa2a7f87605d981a15c90277eaa3e9899d333e2e108e2
File name: vti-rescan
Detection ratio: 0 / 57
Analysis date: 2015-06-11 13:10:10 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150611
AegisLab 20150611
Yandex 20150611
AhnLab-V3 20150611
Alibaba 20150610
ALYac 20150611
Antiy-AVL 20150611
Arcabit 20150611
Avast 20150611
AVG 20150611
Avira (no cloud) 20150611
AVware 20150611
Baidu-International 20150611
BitDefender 20150611
Bkav 20150611
ByteHero 20150611
CAT-QuickHeal 20150611
ClamAV 20150611
CMC 20150610
Comodo 20150611
Cyren 20150611
DrWeb 20150611
Emsisoft 20150611
ESET-NOD32 20150611
F-Prot 20150611
F-Secure 20150611
Fortinet 20150611
GData 20150611
Ikarus 20150611
Jiangmin 20150610
K7AntiVirus 20150611
K7GW 20150611
Kaspersky 20150611
Kingsoft 20150611
Malwarebytes 20150611
McAfee 20150611
McAfee-GW-Edition 20150610
Microsoft 20150611
eScan 20150611
NANO-Antivirus 20150611
nProtect 20150611
Panda 20150611
Qihoo-360 20150611
Rising 20150611
Sophos AV 20150611
SUPERAntiSpyware 20150611
Symantec 20150611
Tencent 20150611
TheHacker 20150609
TotalDefense 20150611
TrendMicro 20150611
TrendMicro-HouseCall 20150611
VBA32 20150610
VIPRE 20150611
ViRobot 20150611
Zillya 20150611
Zoner 20150609
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000053CC
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
GetTokenInformation
RegCloseKey
CreateWellKnownSid
OpenProcessToken
RegSetValueExW
FreeSid
DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW
RegQueryValueExW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
GetTempFileNameW
SetStdHandle
GetStringTypeW
RaiseException
WideCharToMultiByte
GetSystemDirectoryW
MoveFileExW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
IsProcessorFeaturePresent
DeleteFileW
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetConsoleCP
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
WriteFile
CreateFileW
CreateProcessW
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
SetLastError
LeaveCriticalSection
ShellExecuteW
PathFileExistsW
PathAppendW
wsprintfW
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 DLL

PEType
PE32

CodeSize
69632

LinkerVersion
12.0

FileTypeExtension
dll

InitializedDataSize
46080

SubsystemVersion
5.1

EntryPoint
0x53cc

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d6ce4b6db8407ca80193ede96d812bb7
SHA1 0a181d703e3adf1b3b9f043559e1952446a0b0cd
SHA256 7127ea6a185af63fc77fa2a7f87605d981a15c90277eaa3e9899d333e2e108e2
ssdeep
1536:fIXYFDjgHBqzr39suDEUsTF+HHcu/TsWjcdC/Aw+EDwE/gEAr:tFIqzLv9N/cCp+EDwE/Ur

authentihash ac7ec39b374ee890cc172ffc4d7ff8fe5a7da2c2e8f2437c50966d3e301be3e1
imphash 6944cad7600a33dcac375ed67a77d7cd
File size 106.5 KB ( 109056 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2015-06-02 13:56:44 UTC ( 3 years, 9 months ago )
Last submission 2015-06-15 07:54:14 UTC ( 3 years, 9 months ago )
File names BEFA.tmp
7127ea6a185af63fc77fa2a7f87605d981a15c90277eaa3e9899d333e2e108e2
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TB01HH15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!