× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85b77a40eb400940285fd8490638d5a479a6d5ad5b9e452bd8ae0382256448cd
File name: vti-rescan
Detection ratio: 43 / 55
Analysis date: 2015-04-30 09:31:50 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2267975 20150502
Yandex Trojan.Inject!J59KJSatcmU 20150501
ALYac Trojan.GenericKD.2267975 20150502
Antiy-AVL Trojan/Win32.Inject 20150502
Avast Win32:Emotet-P [Trj] 20150502
AVG Inject2.BWMG 20150502
AVware Trojan.Win32.Generic!BT 20150502
Baidu-International Trojan.Win32.Inject.uqwl 20150502
BitDefender Trojan.GenericKD.2267975 20150502
ByteHero Virus.Win32.Heur.p 20150502
CAT-QuickHeal Trojan.Inject.r3 20150502
Cyren W32/Trojan.AFBV-5956 20150502
DrWeb Trojan.Emotet.69 20150502
Emsisoft Trojan.GenericKD.2267975 (B) 20150502
ESET-NOD32 a variant of Win32/Injector.BXNA 20150502
F-Prot W32/Trojan3.OPS 20150502
F-Secure Trojan:W32/Emotet.A 20150502
Fortinet W32/Zbot.JNO!tr 20150502
GData Trojan.GenericKD.2267975 20150502
Ikarus Trojan.Win32.Injector 20150502
Jiangmin Trojan/Inject.bszl 20150430
K7AntiVirus Trojan ( 004bbc951 ) 20150502
K7GW Trojan ( 004bbc951 ) 20150502
Kaspersky Trojan.Win32.Inject.uqwl 20150502
McAfee RDN/Generic.dx!dpd 20150502
McAfee-GW-Edition RDN/Generic.dx!dpd 20150501
Microsoft Trojan:Win32/Emotet.G 20150502
eScan Trojan.GenericKD.2267975 20150502
NANO-Antivirus Trojan.Win32.Inject.dqcmpp 20150502
Norman VBKrypt.VBP 20150502
nProtect Trojan.GenericKD.2267975 20150430
Panda Trj/Genetic.gen 20150502
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150502
Sophos AV Troj/Zbot-JNO 20150502
SUPERAntiSpyware Trojan.Agent/Gen-Multi 20150502
Symantec Trojan.Zbot 20150502
Tencent Trojan.Win32.Qudamah.Gen.17 20150502
TheHacker Trojan/Injector.bxna 20150501
TrendMicro TROJ_GEN.R000C0CD815 20150502
TrendMicro-HouseCall TROJ_GEN.R000C0CD815 20150502
VBA32 Trojan.Inject 20150501
VIPRE Trojan.Win32.Generic!BT 20150502
Zillya Trojan.Inject.Win32.162443 20150501
AegisLab 20150502
AhnLab-V3 20150502
Alibaba 20150502
Bkav 20150425
ClamAV 20150502
CMC 20150501
Comodo 20150502
Kingsoft 20150502
Rising 20150502
TotalDefense 20150430
ViRobot 20150502
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product NR78 RECmains
Original name Callstb.exe
Internal name Callstb
File version 1.00.0228
Description -color, and -style, but this is currently.
Comments decoration property is a shorthand property f,olor, and text-decoration-style, but this is currently.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-02 06:15:07
Entry Point 0x0000110C
Number of sections 3
PE sections
Overlays
MD5 4999e58d2160760e49745d06d0a2f34d
File type MMDF mailbox
Offset 94208
Size 51721
Entropy 7.92
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(648)
Ord(570)
Ord(594)
Ord(689)
Ord(525)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(100)
Ord(599)
Ord(516)
Ord(571)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(593)
Ord(306)
Ord(631)
Ord(588)
Ord(563)
Number of PE resources by type
RT_ICON 4
ABOUT 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
TELUGU DEFAULT 1
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
decoration property is a shorthand property f,olor, and text-decoration-style, but this is currently.

InitializedDataSize
36864

ImageVersion
1.0

ProductName
NR78 RECmains

FileVersionNumber
1.0.0.228

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Callstb.exe

MIMEType
application/octet-stream

FileVersion
1.00.0228

TimeStamp
2015:04:02 07:15:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Callstb

ProductVersion
1.00.0228

FileDescription
-color, and -style, but this is currently.

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
65536

FileSubtype
0

ProductVersionNumber
1.0.0.228

EntryPoint
0x110c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 67375dc7433cc0192743a5a9c0bf893a
SHA1 6334b2329df04b019b4b020e132d9ad14fea136c
SHA256 85b77a40eb400940285fd8490638d5a479a6d5ad5b9e452bd8ae0382256448cd
ssdeep
3072:7h/T2R4pdex9K7hhrF6CFW7wRbcnyVUEof7KK:yCrwCFmwpA+K

authentihash 463a0a1d4538e271a7e61f123a26fa56fca311875c0f19478aa2a8d4dc9e3c06
imphash 1904432750b7bcb1240b81518eae8d11
File size 142.5 KB ( 145929 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-02 06:27:09 UTC ( 4 years, 1 month ago )
Last submission 2016-05-25 01:33:22 UTC ( 2 years, 12 months ago )
File names Callstb.exe
Callstb
67375dc7433cc0192743a5a9c0bf893a
Voice_754310340394939___date____01_04_2015____wav__id__0~.ex
Voice_754310340394939___date____01_04_2015____wav__id__039488529348273__lang_De.exe
Voi340394939___date____01_04_2015____wav__id__039488529348273__lang_De.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R000C0CD815.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!