× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8450cee8e3fd37910c63261650da3de3a8c290f891ca05f68a84adb7a8005e2d
File name: vti-rescan
Detection ratio: 35 / 55
Analysis date: 2016-03-22 08:57:02 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3103985 20160322
AegisLab Backdoor.W32.Androm!c 20160322
AhnLab-V3 Trojan/Win32.Inject 20160322
ALYac Trojan.GenericKD.3103985 20160322
Arcabit Trojan.Generic.D2F5CF1 20160322
Avast Win32:Malware-gen 20160322
AVG Generic37.ARFA 20160321
AVware Trojan.Win32.Generic!BT 20160322
BitDefender Trojan.GenericKD.3103985 20160322
Bkav HW32.Packed.FD29 20160321
DrWeb Trojan.PWS.Siggen1.48724 20160322
Emsisoft Trojan.GenericKD.3103985 (B) 20160322
ESET-NOD32 a variant of Win32/Kryptik.ERKA 20160322
F-Secure Trojan.GenericKD.3103985 20160322
Fortinet W32/Kryptik.ERKA!tr 20160322
GData Trojan.GenericKD.3103985 20160322
Ikarus Trojan.Win32.Crypt 20160322
Jiangmin Backdoor.Androm.fhx 20160322
K7AntiVirus Trojan ( 004e0b4c1 ) 20160322
K7GW Trojan ( 004e0b4c1 ) 20160322
Kaspersky Backdoor.Win32.Androm.jgzz 20160322
Malwarebytes Ransom.TorrentLocker 20160322
McAfee Ransom-O 20160322
McAfee-GW-Edition Ransom-O 20160322
Microsoft Ransom:Win32/Teerac.A 20160322
eScan Trojan.GenericKD.3103985 20160322
nProtect Trojan.GenericKD.3103985 20160321
Panda Trj/Andromeda 20160321
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160322
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160322
Sophos AV Troj/Ransom-CKC 20160322
Tencent Win32.Backdoor.Androm.Ljtn 20160322
TrendMicro Ransom_CRILOCK.NEO 20160322
TrendMicro-HouseCall Ransom_CRILOCK.NEO 20160322
VIPRE Trojan.Win32.Generic!BT 20160322
Yandex 20160316
Alibaba 20160322
Antiy-AVL 20160322
Baidu 20160321
Baidu-International 20160321
ByteHero 20160322
CAT-QuickHeal 20160322
ClamAV 20160319
CMC 20160322
Comodo 20160322
Cyren 20160322
F-Prot 20160322
NANO-Antivirus 20160322
SUPERAntiSpyware 20160322
Symantec 20160322
TheHacker 20160321
VBA32 20160321
ViRobot 20160322
Zillya 20160321
Zoner 20160322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-02-05 07:51:46
Entry Point 0x00012492
Number of sections 4
PE sections
Overlays
MD5 d4bac1285bcfc6c036b83a3d46b8cb95
File type data
Offset 655360
Size 186956
Entropy 6.98
PE imports
Ord(3)
PropertySheetA
ImageList_BeginDrag
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_GetImageInfo
FlatSB_GetScrollProp
Ord(4)
FlatSB_GetScrollRange
DrawStatusTextW
_TrackMouseEvent
Ord(6)
Ord(5)
ImageList_GetIconSize
ImageList_SetDragCursorImage
FlatSB_SetScrollRange
ImageList_Merge
FlatSB_SetScrollProp
ImageList_Create
ImageList_DrawIndirect
ImageList_DragMove
ImageList_DrawEx
Ord(2)
ImageList_SetIconSize
Ord(15)
UninitializeFlatSB
FlatSB_ShowScrollBar
CreateToolbarEx
ImageList_Replace
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
DestroyPropertySheetPage
ImageList_DragLeave
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
CreatePropertySheetPageA
ImageList_Add
ImageList_SetImageCount
ImageList_Copy
InitCommonControlsEx
FlatSB_EnableScrollBar
ImageList_LoadImageA
CreatePropertySheetPageW
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Remove
Ord(16)
Ord(14)
Ord(13)
ImageList_LoadImageW
ImageList_EndDrag
PropertySheetW
__p__fmode
_CIlog
__p__commode
getc
__dllonexit
_onexit
atan2
wcscspn
__setusermatherr
exit
_winver
_mbcasemap
_initterm
fflush
_wcmdln
_adjust_fdiv
__set_app_type
PathRemoveBackslashA
PathCompactPathExA
PathIsDirectoryA
PathIsRelativeA
PathIsRelativeW
PathIsDirectoryW
PathRemoveBackslashW
PathCompactPathExW
PathMakePrettyW
SHDeleteValueW
StrCSpnW
SHRegGetBoolUSValueA
SHEnumKeyExA
StrToIntA
PathMatchSpecW
PathSetDlgItemPathW
SHEnumKeyExW
StrToIntW
SHRegOpenUSKeyW
PathQuoteSpacesA
StrPBrkA
SHDeleteEmptyKeyW
PathFindFileNameA
SHDeleteEmptyKeyA
PathFileExistsA
StrPBrkW
PathIsContentTypeW
SHSetValueW
PathIsUNCA
PathParseIconLocationA
SHGetValueA
SHRegDeleteUSValueW
PathParseIconLocationW
PathFindExtensionW
PathCanonicalizeW
PathIsSystemFolderW
PathAppendA
StrToIntExW
PathIsRootW
PathAddBackslashA
PathQuoteSpacesW
PathAddBackslashW
StrCatW
StrToIntExA
StrCmpIW
PathBuildRootW
PathRelativePathToW
SHDeleteKeyW
PathIsUNCServerShareA
PathIsFileSpecW
PathIsUNCServerW
PathIsFileSpecA
SHDeleteKeyA
PathAppendW
SHRegEnumUSValueW
PathRemoveFileSpecA
StrCmpW
PathGetArgsA
PathIsUNCServerShareW
PathAddExtensionW
StrSpnW
PathFindExtensionA
StrSpnA
PathIsPrefixW
PathGetDriveNumberA
PathCombineA
PathGetDriveNumberW
PathStripToRootW
PathMakeSystemFolderW
PathCombineW
PathCommonPrefixW
PathCompactPathA
PathFindNextComponentA
SHRegSetUSValueW
PathCommonPrefixA
SHRegQueryUSValueW
PathStripPathA
SHRegDeleteEmptyUSKeyW
SHRegCloseUSKey
PathBuildRootA
PathUnquoteSpacesW
PathIsURLA
PathUnquoteSpacesA
StrDupA
PathMatchSpecA
SHSetValueA
SHRegWriteUSValueW
StrNCatW
StrNCatA
StrFormatByteSizeW
StrTrimW
PathRemoveExtensionA
SHOpenRegStreamW
PathFindOnPathW
SHGetValueW
PathFindOnPathA
StrTrimA
PathRemoveExtensionW
SHRegCreateUSKeyW
PathRenameExtensionW
SHQueryInfoKeyW
ChrCmpIW
SHRegCreateUSKeyA
StrFromTimeIntervalW
SHQueryValueExA
SHQueryValueExW
PathFileExistsW
PathIsSameRootA
Number of PE resources by type
RT_ICON 13
RT_GROUP_ICON 8
RT_DIALOG 3
RT_VERSION 1
Number of PE resources by language
CATALAN DEFAULT 16
ENGLISH US 9
PE resources
ExifTool file metadata
SpecialBuild
0.45.53.105

LegalTrademarks
Early

SubsystemVersion
4.0

Comments
Finite

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.208.110.246

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Less Lung Foreshadows

CharacterSet
Unicode

InitializedDataSize
2879488

EntryPoint
0x12492

OriginalFileName
Dressyl.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2016

FileVersion
0.5.98.154

TimeStamp
2006:02:05 08:51:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Lacking

ProductVersion
0.138.22.164

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
A4Tech Co.,Ltd.

CodeSize
73728

ProductName
Implementing Injects

ProductVersionNumber
0.203.221.96

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a1575677285282b0f4b409691d5ffad8
SHA1 085b5ee5f335451ca8f517eef007465f243f5ea4
SHA256 8450cee8e3fd37910c63261650da3de3a8c290f891ca05f68a84adb7a8005e2d
ssdeep
12288:qxIFD4hBpBHG8P4sjT5EMwXko3jsbwlpNiLwm4TRvceDqBp7vDzlKFjEFdTb:2hrBHG8AK5xIkTbCXt9Dq35K5Ebb

authentihash 3426a36692489ecc361c7a7674d70b22ac6f8f80764301a586982b392711f127
imphash 365ef7b85798a8979d0db9b0eac07ebd
File size 822.6 KB ( 842316 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-16 11:17:16 UTC ( 2 years, 11 months ago )
Last submission 2016-03-22 08:57:02 UTC ( 2 years, 11 months ago )
File names obykibuz.exe.old
Posten_Adresselapp.exe
carta_certificada.exe
Bolletta.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!