× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8adb429d038078f46aaff0f95bb3f0d9bc5dad5bbe6937ddd63dec7f089ce0a6
File name: vti-rescan
Detection ratio: 28 / 56
Analysis date: 2016-05-27 07:02:04 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.60135 20160527
AegisLab Troj.Dropper.W32.Agent.lj6w 20160527
ALYac Gen:Variant.Barys.54469 20160527
Arcabit Trojan.Razy.DEAE7 20160527
Avast Win32:Malware-gen 20160527
AVG Crypt5.BNBA 20160527
Avira (no cloud) TR/Crypt.ZPACK.bcbz 20160527
Baidu Win32.Trojan.WisdomEyes.151026.9950.10000 20160527
BitDefender Gen:Variant.Razy.60135 20160527
Cyren W32/Trojan.EAFN-7135 20160527
DrWeb Trojan.Siggen6.58358 20160527
Emsisoft Gen:Variant.Razy.60135 (B) 20160527
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160527
F-Secure Gen:Variant.Razy.60135 20160527
Fortinet W32/Agent.CFH!tr 20160527
GData Gen:Variant.Razy.60135 20160527
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160527
K7GW Trojan-Downloader ( 004e141d1 ) 20160527
Kaspersky Trojan.Win32.Agent.nevllx 20160527
Malwarebytes Trojan.Crypt 20160527
McAfee Artemis!E97D12AA7070 20160527
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160527
Microsoft Trojan:Win32/Dynamer!ac 20160527
eScan Gen:Variant.Razy.60135 20160527
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160527
Rising Malware.XPACK-HIE/Heur!1.9C48-lLMiAa2PYPL (Cloud) 20160527
Sophos AV Mal/Generic-S 20160527
Symantec Trojan Horse 20160527
AhnLab-V3 20160527
Alibaba 20160527
Antiy-AVL 20160527
AVware 20160527
Baidu-International 20160526
Bkav 20160526
CAT-QuickHeal 20160527
ClamAV 20160527
CMC 20160523
Comodo 20160527
F-Prot 20160527
Ikarus 20160527
Jiangmin 20160527
Kingsoft 20160527
NANO-Antivirus 20160527
nProtect 20160526
Panda 20160526
SUPERAntiSpyware 20160527
Tencent 20160527
TheHacker 20160526
TrendMicro 20160527
TrendMicro-HouseCall 20160527
VBA32 20160525
VIPRE 20160526
ViRobot 20160527
Yandex 20160526
Zillya 20160526
Zoner 20160527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 09:45:49
Entry Point 0x000189B0
Number of sections 4
PE sections
PE imports
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
ReplaceFileA
CreateHardLinkA
CopyFileA
WaitForSingleObjectEx
GetSystemDirectoryA
GetStartupInfoA
GetFileSize
lstrcatA
CreateDirectoryA
lstrlenW
TlsGetValue
DeleteFileW
DefineDosDeviceA
CompareStringW
GetModuleHandleA
GetDiskFreeSpaceW
ReadFile
WriteFile
CloseHandle
FindNextFileA
GetACP
HeapReAlloc
MoveFileExA
GetProcAddress
GetLongPathNameW
GetExpandedNameW
GetNumberFormatA
OpenEventW
GetLogicalDriveStringsW
InterlockedDecrement
MoveFileW
CreateFileA
GetTickCount
GetVersion
OpenSemaphoreW
WriteConsoleW
OpenJobObjectA
WTSEnumerateSessionsA
WTSSetUserConfigA
WTSSetSessionInformationA
WTSUnRegisterSessionNotification
WTSQueryUserToken
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSVirtualChannelPurgeInput
WTSCloseServer
WTSRegisterSessionNotification
WTSLogoffSession
WTSFreeMemory
WTSEnumerateProcessesA
WTSWaitSystemEvent
Number of PE resources by type
RT_DIALOG 4
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 10:45:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
117248

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

EntryPoint
0x189b0

InitializedDataSize
9728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 e97d12aa7070ca84710ef9715ee9c710
SHA1 f8e055f78e446df124ab08f3f2abaca70b873885
SHA256 8adb429d038078f46aaff0f95bb3f0d9bc5dad5bbe6937ddd63dec7f089ce0a6
ssdeep
3072:UrvLOU+oi6bTqIGJK6vfX2GAkgxfoSftrYjKP4VTu:iNfBbeIGJdA3WSujKYT

authentihash fd1707747b78393da6a5e21b67df3e60db33104321b0b41ade8103a4865e48a9
imphash 047e094f8fc872ad76748a9944595f84
File size 125.0 KB ( 128000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-26 22:52:53 UTC ( 2 years, 11 months ago )
Last submission 2016-09-12 08:28:18 UTC ( 2 years, 7 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications