× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d5d7a372d6b4b48640fae95238ee74b99be35d8e64b4de5bde8d8d140c91d7c
File name: vti-rescan
Detection ratio: 42 / 56
Analysis date: 2015-05-05 05:23:19 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.919697 20150505
Yandex Trojan.Agent!x2yG1HJ0Y9k 20150504
AhnLab-V3 Win-Trojan/Agent.208896.AJ 20150504
ALYac Trojan.Generic.919697 20150505
Antiy-AVL Trojan/Win32.Agent 20150505
Avast Win32:Trojan-gen 20150505
AVG Agent.MEW 20150505
Avira (no cloud) TR/Agent.dnd.1 20150505
AVware Trojan.Win32.Generic!BT 20150505
BitDefender Trojan.Generic.919697 20150505
CMC Trojan.Win32.Agent!O 20150505
Comodo TrojWare.Win32.Agent.dne 20150505
Cyren W32/Trojan.JEOV-8188 20150505
DrWeb Trojan.DownLoader.51471 20150505
Emsisoft Trojan.Generic.919697 (B) 20150505
ESET-NOD32 Win32/Turla.BE 20150505
F-Prot W32/Trojan2.AAMF 20150505
F-Secure Trojan.Generic.919697 20150505
Fortinet W32/Agent.CK!tr.spy 20150505
GData Trojan.Generic.919697 20150505
Ikarus Trojan.Win32.Agent 20150505
Jiangmin Trojan/Agent.ajaz 20150504
Kaspersky Trojan.Win32.Agent.dne 20150505
Kingsoft Win32.Troj.Agent.(kcloud) 20150505
McAfee Artemis!0328DEDFCE54 20150505
McAfee-GW-Edition Spy-Agent.ck 20150505
eScan Trojan.Generic.919697 20150505
NANO-Antivirus Trojan.Win32.Agent.cvoivv 20150505
Norman Agent.WKJS 20150504
nProtect Trojan.Generic.919697 20150504
Panda Trj/CI.A 20150504
Qihoo-360 Win32/Trojan.5a4 20150505
Rising PE:Trojan.Win32.Agent.aap!1075357248 20150504
Sophos AV Mal/Generic-S 20150505
Symantec Trojan Horse 20150505
Tencent Trojan.Win32.Qudamah.Gen.19 20150505
TheHacker Trojan/Agent.dne 20150504
TrendMicro TROJ_GEN.R047C0EC515 20150505
TrendMicro-HouseCall TROJ_GEN.R047C0EC515 20150505
VBA32 Trojan-Dropper.Win32.Agent 20150504
VIPRE Trojan.Win32.Generic!BT 20150505
Zillya Trojan.Agent.Win32.102417 20150504
AegisLab 20150505
Alibaba 20150505
Baidu-International 20150504
Bkav 20150504
ByteHero 20150505
CAT-QuickHeal 20150505
ClamAV 20150505
K7AntiVirus 20150504
K7GW 20150505
Microsoft 20150505
SUPERAntiSpyware 20150505
TotalDefense 20150430
ViRobot 20150505
Zoner 20150504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-11-22 12:34:15
Entry Point 0x00034BF0
Number of sections 3
PE sections
PE imports
EqualSid
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
Number of PE resources by type
BINARY 1
TEXT 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:11:22 13:34:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
90112

LinkerVersion
6.0

EntryPoint
0x34bf0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
2.0

OSVersion
4.0

UninitializedDataSize
122880

File identification
MD5 0328dedfce54e185ad395ac44aa4223c
SHA1 763d40f53c51887dd596bcf44d4798e363859f55
SHA256 7d5d7a372d6b4b48640fae95238ee74b99be35d8e64b4de5bde8d8d140c91d7c
ssdeep
1536:OXShoLd1JRVH4t4r8uhmg1YwVECXsTNZBlmhbTJbg:OX/Ld1JoWgQn1fVECXsTNjlmhfJ

authentihash abc0b71483b633e6242ccc6abe5f8812fe66d9aa9d6a090883ff3b7f51c744aa
imphash 4b0c5669afabc4bb221351da426b3058
File size 89.0 KB ( 91136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2007-12-19 19:06:59 UTC ( 9 years, 8 months ago )
Last submission 2015-11-12 06:10:43 UTC ( 1 year, 9 months ago )
File names Turla.bin
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0EC515.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications