× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 883b274e5f79f47e5d75afa940eb0c99d4a77526137cbc9a0af1581875e99b0d
File name: vti-rescan
Detection ratio: 41 / 51
Analysis date: 2014-03-24 11:12:21 UTC ( 3 weeks, 2 days ago )
Antivirus Result Update
AVG Generic28.ANAN 20140324
Ad-Aware Trojan.Cnasp.A 20140324
Agnitum Trojan.DL.Agent!TeJ1xFhuAcA 20140323
AhnLab-V3 Dropper/Dalbot.2192363 20140323
AntiVir TR/Downloader.Gen 20140324
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20140324
Avast Win32:Malware-gen 20140324
Baidu-International Trojan.Win32.Generic.Ar 20140324
BitDefender Trojan.Cnasp.A 20140324
Bkav W32.Clod335.Trojan.1056 20140322
CAT-QuickHeal TrojanDownloader.Dalbot 20140324
ClamAV Trojan.Leepload 20140324
Comodo UnclassifiedMalware 20140324
DrWeb Trojan.DownLoader6.34186 20140324
ESET-NOD32 Win32/TrojanDownloader.Agent.RFT 20140324
Emsisoft Trojan.Cnasp.A (B) 20140324
F-Secure Trojan.Cnasp.A 20140324
Fortinet W32/Agent.RFT!tr.dldr 20140324
GData Trojan.Cnasp.A 20140324
Ikarus Trojan-Dropper.Agent 20140324
Jiangmin TrojanDownloader.Agent.ekdh 20140324
K7AntiVirus Riskware ( 0015e4f21 ) 20140321
K7GW Riskware ( 0015e4f01 ) 20140321
Kaspersky HEUR:Trojan.Win32.Generic 20140324
Kingsoft Win32.TrojDownloader.Agent.(kcloud) 20140324
McAfee Artemis!C6B95B178188 20140324
McAfee-GW-Edition Artemis!C6B95B178188 20140324
MicroWorld-eScan Trojan.Cnasp.A 20140324
Microsoft TrojanDownloader:Win32/Dalbot.A 20140324
NANO-Antivirus Trojan.Win32.DloadrDOI.sxvve 20140324
Norman Malware 20140324
Panda Generic Trojan 20140324
Qihoo-360 Win32/Trojan.Downloader.437 20140324
Rising PE:Trojan.Win32.Generic.12D96279!316236409 20140324
Sophos Mal/Generic-L 20140324
Symantec Downloader 20140324
TrendMicro TROJ_SPNR.30HL12 20140324
TrendMicro-HouseCall TROJ_SPNR.30HL12 20140324
VBA32 TrojanDownloader.Agent 20140321
VIPRE Trojan.Win32.Generic!SB.0 20140324
nProtect Trojan/W32.Cnasp.2192363 20140323
AegisLab 20140324
ByteHero 20140324
CMC 20140319
Commtouch 20140324
F-Prot 20140324
Malwarebytes 20140324
SUPERAntiSpyware 20140323
TheHacker 20140323
TotalDefense 20140324
ViRobot 20140324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command RAR
F-PROT RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, appended, RAR, RAR, RAR, RAR, RAR, RAR, RAR, appended, RAR, RAR, RAR, RAR, RAR, RAR, appended, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, appended, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR, RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-28 16:04:29
Link date 5:04 PM 5/28/2011
Entry Point 0x0000B480
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
Ord(17)
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
FindNextFileA
CompareStringW
HeapAlloc
SetFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
CopyRect
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
OemToCharA
EnableWindow
GetClientRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_ICON 10
RT_DIALOG 6
RT_STRING 5
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 13
NEUTRAL DEFAULT 11
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:05:28 17:04:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72192

LinkerVersion
9.0

FileAccessDate
2014:03:24 12:14:59+01:00

EntryPoint
0xb480

InitializedDataSize
313856

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:03:24 12:14:59+01:00

UninitializedDataSize
0

File identification
MD5 c6b95b178188b8c35d14bed40520e685
SHA1 5eec19a882a66aee148fe195b3a4147242e86541
SHA256 883b274e5f79f47e5d75afa940eb0c99d4a77526137cbc9a0af1581875e99b0d
ssdeep
49152:6mHzzTnKy9nn/JIGv6FAEjUhKw4cJXAAT07RwQxwnY:6mvnKSxIG6AEjIKw4cJAATSwQx5

imphash dbb1eb5c3476069287a73206929932fd
File size 2.1 MB ( 2192363 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-07 21:49:31 UTC ( 1 year, 10 months ago )
Last submission 2012-10-10 23:05:21 UTC ( 1 year, 6 months ago )
File names Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe
vti-rescan
c6b95b178188b8c35d14bed4052
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!