× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c355f5044291eef6d39fa7b93dff6f8497d92d2072cc3813cf5313e0c6f570b
File name: 87h754.exe.2
Detection ratio: 8 / 55
Analysis date: 2016-02-24 10:42:18 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
AegisLab Suspicious.Cloud.7!c 20160224
Kaspersky UDS:DangerousObject.Multi.Generic 20160224
McAfee Artemis!010E0D1C0518 20160224
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160224
Qihoo-360 QVM19.1.Malware.Gen 20160224
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160224
Sophos AV Mal/Generic-S 20160224
Symantec Suspicious.Cloud.7.F 20160223
Ad-Aware 20160224
Yandex 20160221
AhnLab-V3 20160224
Alibaba 20160224
ALYac 20160224
Antiy-AVL 20160224
Arcabit 20160224
Avast 20160224
AVG 20160224
Avira (no cloud) 20160224
AVware 20160224
Baidu-International 20160224
BitDefender 20160224
Bkav 20160223
ByteHero 20160224
CAT-QuickHeal 20160224
ClamAV 20160224
CMC 20160223
Comodo 20160224
Cyren 20160224
DrWeb 20160224
Emsisoft 20160224
ESET-NOD32 20160224
F-Prot 20160224
F-Secure 20160222
Fortinet 20160224
GData 20160224
Ikarus 20160224
Jiangmin 20160224
K7AntiVirus 20160224
K7GW 20160224
Malwarebytes 20160224
Microsoft 20160224
eScan 20160224
NANO-Antivirus 20160224
nProtect 20160223
Panda 20160223
SUPERAntiSpyware 20160224
Tencent 20160224
TheHacker 20160222
TrendMicro 20160224
TrendMicro-HouseCall 20160224
VBA32 20160224
VIPRE 20160224
ViRobot 20160224
Zillya 20160223
Zoner 20160224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Rastapi.dll
Internal name Rastapi.dll
File version 5.1.2600.5512 (xpsp.080413-0852)
Description Remote Access TAPI Compliance Layer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 01:08:16
Entry Point 0x00022530
Number of sections 11
PE sections
PE imports
SetBkColor
SaveDC
GetPrivateProfileSectionNamesA
ReplaceFileA
CreateFiberEx
FileTimeToDosDateTime
GetPrivateProfileStructA
SetSystemTime
InterlockedPopEntrySList
GetOverlappedResult
DeactivateActCtx
DeleteFiber
LockResource
GetDriveTypeA
Thread32Next
HeapDestroy
SetFileTime
GetOEMCP
GetHandleInformation
ScrollConsoleScreenBufferW
GetFileAttributesW
SetInformationJobObject
GetPrivateProfileStructW
GetProcessId
FreeEnvironmentStringsA
CreatePipe
GetUserGeoID
SetComputerNameW
OpenFileMappingW
CommConfigDialogW
SetFileAttributesA
SetTimeZoneInformation
WriteConsoleOutputAttribute
Module32First
IsValidLanguageGroup
VerifyVersionInfoA
IsProcessInJob
RequestWakeupLatency
FreeEnvironmentStringsW
SizeofResource
lstrcatW
GetThreadContext
CommConfigDialogA
GetLocaleInfoW
WaitCommEvent
EnumResourceLanguagesW
IsDBCSLeadByteEx
FindResourceExA
CheckRemoteDebuggerPresent
lstrcmpiA
GetStringTypeA
WriteConsoleOutputA
GetDiskFreeSpaceW
WriteConsoleOutputW
SetThreadPriorityBoost
FindResourceExW
FindNextVolumeMountPointW
SetDefaultCommConfigW
SetConsoleCursorInfo
GetThreadTimes
Thread32First
HeapReAlloc
GetStringTypeW
HeapWalk
ResumeThread
EnumDateFormatsW
GetExitCodeProcess
QueryDosDeviceA
HeapLock
ConnectNamedPipe
WaitNamedPipeA
FreeLibraryAndExitThread
GetEnvironmentVariableA
OutputDebugStringW
lstrcatA
VerLanguageNameA
FatalExit
GlobalLock
WriteFileGather
TlsGetValue
QueryDosDeviceW
GetProfileIntA
EnumDateFormatsA
OutputDebugStringA
SetLocaleInfoW
GetEnvironmentVariableW
VerifyVersionInfoW
SetConsoleTextAttribute
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
GetWriteWatch
SystemTimeToFileTime
GetNamedPipeInfo
GetConsoleSelectionInfo
OpenEventW
CancelTimerQueueTimer
GetLargestConsoleWindowSize
GetNumberOfConsoleInputEvents
ExitProcess
ReadConsoleInputW
Heap32ListFirst
RemoveVectoredExceptionHandler
FlushViewOfFile
SetConsoleScreenBufferSize
QueueUserAPC
GetSystemDefaultLangID
FatalAppExitW
LoadLibraryExA
CreateActCtxW
SetThreadPriority
WriteProfileStringA
GetCalendarInfoW
WritePrivateProfileSectionW
CreateActCtxA
GetVolumeInformationW
LoadLibraryExW
TerminateJobObject
SetFilePointerEx
WritePrivateProfileSectionA
GetCalendarInfoA
GetSystemPowerStatus
FlushInstructionCache
GetVolumePathNamesForVolumeNameW
CreateMutexA
GetModuleHandleA
SetFileAttributesW
PurgeComm
GetTapeParameters
WriteConsoleA
GetSystemDefaultUILanguage
TlsSetValue
DebugSetProcessKillOnExit
SetNamedPipeHandleState
CreateDirectoryExA
ConvertDefaultLocale
GetConsoleDisplayMode
EnumSystemLanguageGroupsW
GetFileInformationByHandle
ExitThread
MoveFileExA
SetupComm
SetEnvironmentVariableA
WaitForMultipleObjectsEx
GetDiskFreeSpaceExA
FindCloseChangeNotification
ConvertThreadToFiber
SetConsoleCP
GetCommState
DebugActiveProcess
GetConsoleMode
FindAtomA
GetProcessPriorityBoost
ReadConsoleW
WriteProcessMemory
OpenSemaphoreW
AddRefActCtx
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
PeekNamedPipe
OpenEventA
TerminateThread
lstrcpynA
FillConsoleOutputCharacterA
RequestDeviceWakeup
FindVolumeClose
CreateMailslotW
FreeLibrary
GetSystemWow64DirectoryA
IsBadWritePtr
GetSystemTimes
VirtualProtect
CreateMailslotA
GlobalUnfix
EndUpdateResourceA
WaitForSingleObjectEx
WriteConsoleInputW
IsValidLocale
CreateRemoteThread
ConvertFiberToThread
GetStartupInfoA
GetProcessIoCounters
FlushConsoleInputBuffer
lstrlenA
SetCommBreak
GetTimeZoneInformation
Process32First
GetDateFormatW
DeleteFileA
GetWindowsDirectoryA
GetCommProperties
SetCommMask
SetThreadExecutionState
Process32FirstW
UpdateResourceW
BackupWrite
GetFullPathNameA
GetProcAddress
GetConsoleScreenBufferInfo
AddAtomW
SetSystemTimeAdjustment
GetProcessHeap
GetComputerNameExA
CreateWaitableTimerW
EnumResourceNamesW
CompareStringW
lstrcpyW
VirtualProtectEx
WaitNamedPipeW
GlobalReAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindFirstFileA
GlobalFix
SetVolumeMountPointW
lstrcpyA
CreateMemoryResourceNotification
GetTimeFormatA
QueryInformationJobObject
FindFirstFileW
GlobalMemoryStatus
Module32FirstW
ExpandEnvironmentStringsA
EscapeCommFunction
SetEvent
GetPrivateProfileSectionW
SetComputerNameA
GetNamedPipeHandleStateW
GetTempPathW
SetTapePosition
CreateEventW
SetCommConfig
GetConsoleWindow
CreateEventA
IsDebuggerPresent
WriteProfileSectionW
GetFileType
GetPrivateProfileSectionA
CreateFileA
HeapAlloc
GetCurrencyFormatW
FindFirstVolumeW
InterlockedIncrement
GetTempFileNameW
GlobalGetAtomNameW
LCMapStringW
LocalReAlloc
DosDateTimeToFileTime
CreateFileMappingW
SetComputerNameExA
GetSystemInfo
LocalFileTimeToFileTime
GlobalFree
GetConsoleCP
GetDefaultCommConfigW
VirtualAllocEx
AssignProcessToJobObject
GetDevicePowerState
CreateNamedPipeA
FindFirstChangeNotificationW
HeapCompact
CancelWaitableTimer
InterlockedFlushSList
GetCPInfoExW
GetEnvironmentStrings
CompareFileTime
VirtualFreeEx
GetCurrentProcessId
CopyFileExA
ChangeTimerQueueTimer
GetConsoleTitleW
GetCompressedFileSizeW
HeapQueryInformation
GetCurrentDirectoryA
SetConsoleWindowInfo
RegisterWaitForSingleObject
BackupRead
GetCompressedFileSizeA
CopyFileExW
WaitForDebugEvent
CancelIo
EnumSystemCodePagesW
EnumResourceTypesA
DecodeSystemPointer
Heap32ListNext
QueryPerformanceFrequency
ReleaseSemaphore
GetDiskFreeSpaceExW
GetGeoInfoA
DeleteVolumeMountPointW
OpenFile
LeaveCriticalSection
ReadConsoleOutputCharacterW
PulseEvent
CloseHandle
EnumResourceTypesW
PeekConsoleInputA
GetPrivateProfileIntW
SetLocalTime
GetCommConfig
CreateConsoleScreenBuffer
GetGeoInfoW
BindIoCompletionCallback
OpenWaitableTimerA
IsBadStringPtrW
GetFileAttributesExW
GetDefaultCommConfigA
ReadConsoleOutputCharacterA
GetProcessHandleCount
GetCurrentDirectoryW
ResetWriteWatch
FindResourceW
VirtualQuery
WaitForMultipleObjects
Sleep
IsBadCodePtr
EnumResourceNamesA
SetComputerNameExW
FindResourceA
DnsHostnameToComputerNameA
MprInfoBlockRemove
MprConfigInterfaceTransportSetInfo
MprConfigInterfaceSetInfo
MprAdminTransportGetInfo
MprAdminServerConnect
MprAdminInterfaceUpdatePhonebookInfo
MprAdminConnectionClearStats
MprInfoBlockSet
MprAdminUserSetInfo
MprConfigInterfaceCreate
VarR4FromDec
VarUI2FromI4
VarUI1FromCy
VarR8FromBool
VarCyFromI1
VarR4FromCy
VarCyFromUI2
ExtractAssociatedIconExW
DuplicateIcon
SHGetNewLinkInfoA
DragQueryPoint
SHInvokePrinterCommandA
SHAppBarMessage
ExtractIconW
Shell_NotifyIconW
wnsprintfW
wnsprintfA
DrawEdge
RegisterWindowMessageW
SetWindowLongW
GetThreadDesktop
MoveWindow
IsWindowEnabled
GetProcessWindowStation
ReleaseDC
SetWindowTextA
SendMessageW
CreateMDIWindowW
GetLastActivePopup
wsprintfA
LoadStringW
ScreenToClient
PostMessageW
AnimateWindow
GetWindowLongA
FindWindowExA
GetWindowTextW
IsCharUpperW
TabbedTextOutW
wsprintfW
SetCursor
rename
rand
malloc
_lock
fgetc
fread
mbtowc
iswalnum
fwprintf
fprintf
getwc
fflush
fopen
wcstod
getchar
fputc
clearerr
puts
strtok
fwrite
getc
fsetpos
fputs
wcsftime
_unlock
iswcntrl
free
_onexit
vfprintf
wscanf
atof
perror
fputws
iswpunct
fgetwc
__dllonexit
fgetws
freopen
ungetc
strftime
strtoul
wcstoul
memset
toupper
isdigit
VerSetConditionMask
qsort
wcscmp
isalpha
wcsncat
sprintf
mbstowcs
isspace
strcspn
atoi
atol
wcsspn
wcstombs
iscntrl
strspn
bsearch
iswspace
islower
isupper
strcmp
PdhGetRawCounterValue
PdhCloseQuery
PdhOpenQueryA
PdhAddCounterA
PdhEnumObjectsA
PdhMakeCounterPathW
PdhParseCounterPathA
PdhGetFormattedCounterArrayW
PdhRemoveCounter
PdhGetCounterTimeBase
RevokeFormatEnumerator
GetClassURL
GetComponentIDFromCLSSPEC
CreateURLMonikerEx
CoInternetCompareUrl
CreateURLMoniker
GetClassFileOrMime
UrlMkSetSessionOption
CoInternetCombineUrl
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
42753

ImageVersion
1.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
8192

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
1.17

FileTypeExtension
exe

OriginalFileName
Rastapi.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
1970:01:01 02:08:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rastapi.dll

ProductVersion
5.1.2600.5512

FileDescription
Remote Access TAPI Compliance Layer

OSVersion
4.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
57344

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x22530

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 010e0d1c0518844bd6624f644156d008
SHA1 a1c5d95c71ee10fa99dab450e758185e923bd289
SHA256 7c355f5044291eef6d39fa7b93dff6f8497d92d2072cc3813cf5313e0c6f570b
ssdeep
3072:qygpXPTIwOQkNwRwWDrBqNVpIv33YkepQBOL3QmH6pcDTlMWVNe6gYI80h:Rgp/FkN75rIvpsQBOLgm5Hh

authentihash a32895178f15e59733eece42fea191243e2f8be3f8d1b8d9033bbf432a834bb4
imphash 990b2699f2e60d090cf272568077054a
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-24 09:44:45 UTC ( 1 year, 9 months ago )
Last submission 2016-12-16 10:39:02 UTC ( 11 months, 1 week ago )
File names 010e0d1c0518844bd6624f644156d008.exe
samses.exe
87h754.exe.2
87h754.exe
Rastapi.dll
file.exe
snRI.msc
87h754
87h754[1].exe.2600.dr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications