× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7cb59c97136094034fd49772a6f5c6248d00c4f970dcf0fb5f82518b867056eb
File name: vti-rescan
Detection ratio: 24 / 55
Analysis date: 2016-06-22 06:40:01 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.50254 20160622
AegisLab Gen.Variant.Mikey!c 20160622
ALYac Gen:Variant.Mikey.50254 20160622
Arcabit Trojan.Mikey.DC44E 20160622
Avast Win32:Malware-gen 20160622
AVG Generic_r.KCV 20160622
Avira (no cloud) TR/Crypt.ZPACK.oajs 20160622
BitDefender Gen:Variant.Mikey.50254 20160622
CMC Trojan.Win32.Rimecud.3!O 20160620
Cyren W32/Trojan.IUHY-7414 20160622
DrWeb Trojan.Encoder.4794 20160622
Emsisoft Gen:Variant.Mikey.50254 (B) 20160622
ESET-NOD32 a variant of Win32/Injector.DAQF 20160622
F-Secure Gen:Variant.Mikey.50254 20160622
Fortinet W32/Injector.CF5D!tr 20160622
GData Gen:Variant.Mikey.50254 20160622
Malwarebytes Ransom.Cerber 20160622
McAfee Artemis!85383E13C53C 20160622
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dh 20160622
Microsoft TrojanDownloader:Win32/Talalpek.A 20160622
eScan Gen:Variant.Mikey.50254 20160622
Qihoo-360 Win32/Trojan.29b 20160622
Sophos AV Mal/Cerber-D 20160622
Tencent Win32.Trojan.Kryptik.Dyqa 20160622
ahnlab 20160621
Alibaba 20160622
AVware 20160622
Baidu 20160622
Baidu-International 20160614
Bkav 20160621
CAT-QuickHeal 20160622
ClamAV 20160622
Comodo 20160622
F-Prot 20160622
Ikarus 20160622
Jiangmin 20160622
K7AntiVirus 20160621
K7GW 20160621
Kaspersky 20160622
Kingsoft 20160622
NANO-Antivirus 20160622
nProtect 20160621
Panda 20160621
SUPERAntiSpyware 20160622
Symantec 20160622
TheHacker 20160621
TotalDefense 20160622
TrendMicro 20160622
TrendMicro-HouseCall 20160622
VBA32 20160621
VIPRE 20160622
ViRobot 20160622
Yandex 20160621
Zillya 20160622
Zoner 20160622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-20 08:39:47
Entry Point 0x0000EEAA
Number of sections 4
PE sections
Overlays
MD5 89ac64d897611555917c25a8ed375755
File type data
Offset 290816
Size 500
Entropy 4.45
PE imports
GetStdHandle
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
TlsGetValue
SetLastError
WriteProcessMemory
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetEnvironmentVariableW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcAddress
VirtualProtectEx
CompareStringW
CompareStringA
IsValidLocale
GetUserDefaultLCID
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
GetSystemInfo
LCMapStringA
GetEnvironmentStringsW
VirtualFree
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
IsValidCodePage
HeapCreate
CreateProcessW
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
DocumentPropertiesW
Number of PE resources by type
RT_BITMAP 1
Number of PE resources by language
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:20 09:39:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
131072

LinkerVersion
7.1

EntryPoint
0xeeaa

InitializedDataSize
204800

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 85383e13c53c4ffa584934ddf6861db9
SHA1 c86a8dc1630e6ce1e2a4a63c4e54f9cd59049ad8
SHA256 7cb59c97136094034fd49772a6f5c6248d00c4f970dcf0fb5f82518b867056eb
ssdeep
6144:NTFnDVM9u2vc8mhydA2qzNdWEcUY4c+DT5:NT9DV/84hydA2qrN

authentihash ab54bbf56b33289ae1a6118006843a02ba9529a6e9165b29f8393e43e33a868e
imphash dcc8a817acc317f2dfbbb88364184fd5
File size 284.5 KB ( 291316 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-06-21 18:41:51 UTC ( 2 years, 10 months ago )
Last submission 2016-06-21 20:03:43 UTC ( 2 years, 10 months ago )
File names 7cb59c97136094034fd49772a6f5c6248d00c4f970dcf0fb5f82518b867056eb.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications