× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e
File name: malware.exe
Detection ratio: 5 / 46
Analysis date: 2016-05-05 09:59:10 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160505
K7GW Trojan ( 700001211 ) 20160505
McAfee Suspect-AN!803358C128AA 20160505
McAfee-GW-Edition BehavesLike.Win32.Suspect.cc 20160505
Qihoo-360 QVM19.1.Malware.Gen 20160505
Ad-Aware 20160505
AegisLab 20160505
AhnLab-V3 20160504
Alibaba 20160505
ALYac 20160505
Antiy-AVL 20160505
Arcabit 20160505
Avast 20160505
AVG 20160505
Avira (no cloud) 20160504
AVware 20160505
Baidu-International 20160504
BitDefender 20160505
CAT-QuickHeal 20160505
ClamAV 20160504
CMC 20160504
Comodo 20160505
Cyren 20160505
DrWeb 20160505
Emsisoft 20160503
ESET-NOD32 20160505
F-Prot 20160505
F-Secure 20160504
Fortinet 20160505
GData 20160505
Ikarus 20160505
Jiangmin 20160505
K7AntiVirus 20160504
Kaspersky 20160505
Kingsoft 20160505
Malwarebytes 20160505
Microsoft 20160505
eScan 20160505
NANO-Antivirus 20160505
nProtect 20160504
Panda 20160504
Rising 20160505
Sophos AV 20160505
SUPERAntiSpyware 20160505
Symantec 20160505
Tencent 20160505
TheHacker 20160505
TrendMicro 20160505
TrendMicro-HouseCall 20160505
VBA32 20160504
VIPRE 20160505
ViRobot 20160505
Yandex 20160502
Zillya 20160504
Zoner 20160505
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Rastapi.dll
Internal name Rpstapi.dll
File version 5.2.3703.5512 (xpsp.080413-0852)
Description Remote Access TAPI Compliance Layer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 18:34:17
Entry Point 0x0002E2F0
Number of sections 15
PE sections
PE imports
GetTextExtentPointW
TerminateThread
FindResourceExA
OpenMutexW
EraseTape
IsSystemResumeAutomatic
FileTimeToSystemTime
DebugBreakProcess
VirtualQuery
SetCalendarInfoW
VirtualQueryEx
QueryActCtxW
SetFirmwareEnvironmentVariableA
FreeConsole
UnlockFileEx
DuplicateHandle
SetConsoleOutputCP
lstrcmpW
GetFileSize
GetCurrentThread
MprConfigInterfaceSetInfo
MprInfoRemoveAll
MprAdminConnectionGetInfo
CreateMDIWindowW
atof
fgetws
fwscanf
PdhUpdateLogA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.3.3703.5512

UninitializedDataSize
7168

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
42753

EntryPoint
0x2e2f0

OriginalFileName
Rastapi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.3703.5512 (xpsp.080413-0852)

TimeStamp
1970:01:01 19:34:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rpstapi.dll

ProductVersion
5.2.3703.5512

FileDescription
Remote Access TAPI Compliance Layer

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
47104

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.3703.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 803358c128aae4faed24e194d6388e68
SHA1 a835542d280eb8a3cc508cd57bcd94fd2393fc31
SHA256 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e
ssdeep
3072:oIX5tJvFA82qjbOoaKZ+Tf/IicnFLx4vltqpoRtD91:ZXjJvF3bzaKZijcnaltqa/

authentihash f18631ff607c62a5ee471527a2f8f6c6e1212cdd48e99ecf479806e80d2cb4c5
imphash 3ab783b5223a4537f3125add213d9edf
File size 166.0 KB ( 169984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-05 09:57:13 UTC ( 1 year, 7 months ago )
Last submission 2017-08-20 19:24:33 UTC ( 3 months, 4 weeks ago )
File names 87hcnrewe
Rpstapi.dll
aa
803358c128aae4faed24e194d6388e68
84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e.bin
87hcnrewe.exe
AngV11owG.com
output.92711900.txt
Rastapi.dll
malware.exe
output.92711899.txt
87hcnrewe
hendibe.exe.malware
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs