× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7de85ab9c87477dda3604403aa8a3afde99ad7b5e37f78736c2abe3375286d68
File name: vti-rescan
Detection ratio: 30 / 57
Analysis date: 2016-04-08 05:56:07 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3141647 20160408
AegisLab Dangerousobject.Multi.Generic!c 20160408
AhnLab-V3 Trojan/Win32.Dridex 20160408
ALYac Trojan.GenericKD.3141647 20160408
Arcabit Trojan.Generic.D2FF00F 20160408
Avast Win32:Malware-gen 20160408
Avira (no cloud) TR/Crypt.Xpack.fkvq 20160407
AVware Win32.Malware!Drop 20160408
BitDefender Trojan.GenericKD.3141647 20160408
Comodo TrojWare.Win32.Dridex.a 20160408
Emsisoft Trojan.Win32.Dridex (A) 20160408
ESET-NOD32 Win32/Dridex.AA 20160408
F-Secure Trojan.GenericKD.3141647 20160408
Fortinet W32/Dridex.M!tr 20160404
GData Trojan.GenericKD.3141647 20160408
Ikarus Trojan.Win32.Dridex 20160408
K7AntiVirus Trojan ( 004d86461 ) 20160407
Kaspersky Trojan.Win32.Yakes.pmea 20160408
Malwarebytes Trojan.Dridex 20160408
McAfee Artemis!C868B3DD644E 20160408
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.cc 20160407
eScan Trojan.GenericKD.3141647 20160408
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160408
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160408
Sophos AV Troj/Dridex-SQ 20160408
Symantec Trojan.Gen.SMH 20160408
Tencent Win32.Trojan.Crypt.Syro 20160408
TrendMicro TSPY_DRIDEX.BYX 20160408
TrendMicro-HouseCall TSPY_DRIDEX.BYX 20160408
VIPRE Win32.Malware!Drop 20160408
Alibaba 20160408
Antiy-AVL 20160408
AVG 20160408
Baidu 20160408
Baidu-International 20160407
Bkav 20160408
CAT-QuickHeal 20160407
ClamAV 20160405
CMC 20160407
Cyren 20160408
DrWeb 20160408
F-Prot 20160408
Jiangmin 20160408
K7GW 20160404
Kingsoft 20160408
Microsoft 20160408
NANO-Antivirus 20160408
nProtect 20160407
Panda 20160407
SUPERAntiSpyware 20160408
TheHacker 20160408
TotalDefense 20160408
VBA32 20160407
ViRobot 20160408
Yandex 20160406
Zillya 20160407
Zoner 20160408
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Rastapi.dll
Internal name Rpstapi.dll
File version 5.1.3703.5512 (xpsp.080413-0852)
Description Remote Access TAPI Compliance Layer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 01:08:17
Entry Point 0x000239B0
Number of sections 10
PE sections
PE imports
QueryDepthSList
GetAtomNameA
GetDateFormatA
TerminateThread
lstrcmpA
TryEnterCriticalSection
CreateDirectoryA
SetFileValidData
CopyFileA
EnumCalendarInfoW
FreeConsole
TerminateProcess
FillConsoleOutputCharacterW
WaitForSingleObject
lstrcmpW
ExpandEnvironmentStringsA
GetLocalTime
GetCurrentThread
FillRect
GetWindowLongA
wcsncat
memcpy
sin
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
7168

LinkerVersion
2.16

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.1.3703.5512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Remote Access TAPI Compliance Layer

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug

CharacterSet
Unicode

InitializedDataSize
42753

EntryPoint
0x239b0

OriginalFileName
Rastapi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.3703.5512 (xpsp.080413-0852)

TimeStamp
1970:01:01 02:08:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rpstapi.dll

ProductVersion
5.1.3703.5512

SubsystemVersion
4.0

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
48128

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.3703.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c868b3dd644e3bc72461a4f706101b20
SHA1 2715f45bbf8dda03123c366f7dbedf7df2807b6d
SHA256 7de85ab9c87477dda3604403aa8a3afde99ad7b5e37f78736c2abe3375286d68
ssdeep
3072:ozup5DDnJlsxdeB4O79Zp0+WbYfHQw0kZeIa:quPDJlUeBlX0k

authentihash 734168730541e7e777e2782eff560fd27333168fdbc50b61d15d8218aeb2e6cd
imphash 282bdbed6cf8c98ad19175bacdc4848e
File size 133.5 KB ( 136704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-06 10:56:40 UTC ( 2 years, 10 months ago )
Last submission 2018-10-08 03:44:40 UTC ( 4 months, 2 weeks ago )
File names 1278u0.exe
Rastapi.dll
1278u0_exe
c868b3dd644e3bc72461a4f706101b20.exe
Rpstapi.dll
c868b3dd644e3bc72461a4f706101b20
1278u0
1278u0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications