× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9646ebf177136d9a1b3c08aad6b05ce2fca96c6e7a0d32f68d0218b9fe0c40b8
File name: vti-rescan
Detection ratio: 13 / 45
Analysis date: 2012-12-27 06:43:18 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen7 20121226
Avast Win32:FakeAV-EEX [Trj] 20121227
Emsisoft Trojan.Win32.AMN (A) 20121227
ESET-NOD32 a variant of Win32/Injector.YYR 20121226
Fortinet W32/Injector.YYR!tr 20121227
GData Win32:FakeAV-EEX 20121227
Ikarus Trojan.SuspectCRC 20121227
Kaspersky HEUR:Trojan.Win32.Generic 20121227
McAfee Artemis!FC7C3E087789 20121227
McAfee-GW-Edition Artemis!FC7C3E087789 20121226
Panda Suspicious file 20121226
Symantec WS.Reputation.1 20121227
TrendMicro-HouseCall TROJ_GEN.R47H1L8 20121227
Yandex 20121226
AhnLab-V3 20121226
Antiy-AVL 20121226
AVG 20121226
BitDefender 20121227
ByteHero 20121226
CAT-QuickHeal 20121227
Commtouch 20121227
Comodo 20121227
DrWeb 20121227
eSafe 20121226
F-Prot 20121226
F-Secure 20121227
Jiangmin 20121221
K7AntiVirus 20121226
Kingsoft 20121225
Malwarebytes 20121227
Microsoft 20121227
eScan 20121227
NANO-Antivirus 20121227
Norman 20121226
nProtect 20121226
PCTools 20121227
Rising 20121227
Sophos AV 20121227
SUPERAntiSpyware 20121227
TheHacker 20121226
TotalDefense 20121226
TrendMicro 20121227
VBA32 20121226
VIPRE 20121227
ViRobot 20121227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright Limited Electronics Worldwide

Product LaunchCryptCoordinatorMachine
Original name LaunchCryptCoordinatorMachine.exe
Internal name LaunchCryptCoordinatorMachine
File version 8.10.2.10
Description LaunchCryptCoordinatorMachine
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-16 21:23:18
Entry Point 0x000491DC
Number of sections 4
PE sections
Overlays
MD5 c84a2b19ff801efa0fdc02add3b82635
File type ASCII text
Offset 3383296
Size 8481240
Entropy 0.00
PE imports
GetObjectA
TextOutA
ExtTextOutW
DeleteDC
SetBkMode
GetTextExtentPoint32A
CreatePalette
GetCharWidth32W
GetCharWidthW
GetStockObject
SelectPalette
ExtTextOutA
CreateSolidBrush
Polyline
SetPaletteEntries
GetTextExtentExPointA
GetPixel
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
VerifyVersionInfoW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FormatMessageW
InitializeCriticalSection
TlsGetValue
SetLastError
GetModuleFileNameW
SetConsoleActiveScreenBuffer
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateSemaphoreW
TerminateProcess
VirtualQuery
GetCurrentThreadId
SleepEx
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetProcAddress
CompareStringW
WriteFile
GetBinaryTypeW
FindFirstFileA
CompareStringA
GetBinaryTypeA
EscapeCommFunction
GetPrivateProfileSectionW
LocalSize
GetCurrencyFormatA
GetFileType
TlsSetValue
ExitProcess
GetCurrencyFormatW
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
SetConsoleMode
GetSystemInfo
LCMapStringA
GetEnvironmentStringsW
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
SetCommBreak
CloseHandle
GetACP
IsBadStringPtrW
HeapCreate
OpenSemaphoreA
VirtualFree
Sleep
IsBadReadPtr
IsBadStringPtrA
GetProcessVersion
VirtualAlloc
CommandLineToArgvW
RegisterClipboardFormatA
EndDialog
BeginPaint
HideCaret
GetCaretBlinkTime
GetClipboardOwner
PostQuitMessage
CreatePopupMenu
ShowWindow
GetClipboardData
FindWindowA
AppendMenuA
GetWindowRect
EnableWindow
SetWindowPlacement
SetCapture
ReleaseCapture
MessageBoxA
SetWindowPos
DestroyCaret
GetSysColor
GetDC
GetDoubleClickTime
CheckDlgButton
GetWindowPlacement
SendMessageA
CreateWindowExA
DeleteMenu
SetTimer
GetKeyboardState
SetWindowTextA
FlashWindow
ShowCursor
IsDlgButtonChecked
SetActiveWindow
SetScrollInfo
EndPaint
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.8.8.1

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
2875392

EntryPoint
0x491dc

OriginalFileName
LaunchCryptCoordinatorMachine.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Limited Electronics Worldwide

FileVersion
8.10.2.10

TimeStamp
2012:11:16 22:23:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LaunchCryptCoordinatorMachine

ProductVersion
8.10.2.10

FileDescription
LaunchCryptCoordinatorMachine

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Limited Electronics Worldwide

CodeSize
512000

ProductName
LaunchCryptCoordinatorMachine

ProductVersionNumber
6.7.3.3

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fc7c3e087789824f34a9309da2388ce5
SHA1 4d77ed69246c7dcf0e5c804d1ff5f569ae5070f8
SHA256 9646ebf177136d9a1b3c08aad6b05ce2fca96c6e7a0d32f68d0218b9fe0c40b8
ssdeep
24576:7bdgSwGG0hpQaVGA7kFY1BRimyDmydAXvfOp/SZutkR2d3qPWuoDcVdOGvaGaVSO:qSTJShbtUBNwn9tuRNc60utm

authentihash 362f298b4115b75e818a1c149c92c603b363cdde5bfdde0539dff3b803b92fb7
imphash 76eb429858056b7fa80b1ae291852170
File size 11.3 MB ( 11864536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (27.1%)
Win32 EXE PECompact compressed (generic) (26.2%)
Win32 Executable MS Visual C++ (generic) (19.6%)
Win64 Executable (generic) (17.4%)
Win32 Dynamic Link Library (generic) (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-12-08 21:05:29 UTC ( 5 years, 7 months ago )
Last submission 2016-12-08 16:07:50 UTC ( 1 year, 7 months ago )
File names 4d77ed69246c7dcf0e5c804d1ff5f569ae5070f8-fc7c3e087789824f34a9309da2388ce5.01.exe.vir.vt
Z.wie.Zorro.S01E03.Der.Brandstifter.GERMAN.ANiME.FS.DVDRip.XViD-aWake.exe_
vti-rescan
LaunchCryptCoordinatorMachine
9646ebf177136d9a1b3c08aad6b05ce2fca96c6e7a0d32f68d0218b9fe0c40b8.vir
Z.wie.Zorro.S01E03.Der.Brandstifter.GERMAN.ANiME.FS.DVDRip.XViD-aWake.exe
Z.wie.Zorro.S01E03.Der.Brandstifter.GERMAN.ANiME.FS.DVDRip.XViD-aWake.exe
9646ebf177136d9a1b3c08aad6b05ce2fca96c6e7a0d32f68d0218b9fe0c40b8.bin
LaunchCryptCoordinatorMachine.exe
Z.wie.Zorro.S01E03.Der.Brandstifter.GERMAN.ANiME.FS.DVDRip.XViD-aWake.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DLJ15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications