× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a38dbae35d832be4f2222c06f5bcc9efb55adc4e0958d3f2edf65e3094ad100c
File name: vti-rescan
Detection ratio: 36 / 47
Analysis date: 2013-10-23 17:29:26 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
AVG Generic_s.AXL 20131023
AhnLab-V3 Trojan/Win32.FakeAlert 20131023
AntiVir TR/Crypt.ZPACK.Gen 20131023
Avast Win32:Malware-gen 20131023
Baidu-International Trojan.Win32.Generic.AwIH 20131023
BitDefender Trojan.Generic.KDZ.11040 20131023
CAT-QuickHeal Trojan.FakeAV 20131023
Commtouch W32/FakeAV.NUER-7466 20131023
Comodo TrojWare.Win32.Trojan.Agent.Gen 20131023
DrWeb Trojan.Fakealert.37629 20131023
ESET-NOD32 a variant of Win32/Kryptik.AWUM 20131023
F-Secure Trojan.Generic.KDZ.11040 20131023
Fortinet W32/FakeAV.RY!tr 20131023
GData Trojan.Generic.KDZ.11040 20131023
Ikarus Trojan.Win32.FakeSysdef 20131023
K7AntiVirus Trojan 20131023
K7GW Trojan 20131022
Kaspersky HEUR:Trojan.Win32.Generic 20131023
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Trojan.FakeAV 20131023
McAfee Fake-SysDef-FIH!BE52E7E38B9B 20131023
McAfee-GW-Edition Fake-SysDef-FIH!BE52E7E38B9B 20131023
MicroWorld-eScan Trojan.Generic.KDZ.11040 20131023
Microsoft Trojan:Win32/FakeSysdef 20131023
NANO-Antivirus Trojan.Win32.Fakealert.cjchtj 20131023
Norman FakeAlert.DLUY 20131023
Panda Trj/Genetic.gen 20131023
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20131023
Sophos Mal/FakeAV-RY 20131023
Symantec Trojan.FakeAV 20131023
TheHacker Trojan/Kryptik.awum 20131023
TrendMicro TROJ_SPNR.16DO13 20131023
TrendMicro-HouseCall TROJ_SPNR.16DO13 20131023
VBA32 TrojanFakeAV.FakeSysDef 20131023
VIPRE Trojan.Win32.FakeSysDef.g (v) 20131023
nProtect Trojan/W32.Agent.301568.EW 20131023
Agnitum 20131023
Antiy-AVL 20131023
Bkav 20131023
ByteHero 20130613
ClamAV 20131023
Emsisoft 20131023
F-Prot 20131023
Jiangmin 20131022
Rising 20131023
TotalDefense 20131022
ViRobot 20131023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) 2011

Publisher QTN
Product QTN
Version 2,8,1,7
Original name QTN.rc
Internal name QTN.rc
File version 2,8,1,7
Description QTN
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-24 09:43:49
Entry Point 0x00001EB6
Number of sections 4
PE sections
PE imports
VirtualAllocEx
GetProcAddress
GetStartupInfoA
GetModuleHandleA
_except_handler3
__p__fmode
_acmdln
_exit
_adjust_fdiv
__setusermatherr
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__p__commode
__set_app_type
NetMessageNameAdd
NetAuditRead
NetConfigGet
NetGetJoinableOUs
NetGetDCName
NetFileGetInfo
NetMessageBufferSend
NetErrorLogClear
NetGetJoinInformation
NetConnectionEnum
NetGroupAdd
NetConfigGetAll
EndDeferWindowPos
ChildWindowFromPointEx
SetDlgItemTextA
GetWindowRect
ShowOwnedPopups
OpenIcon
EnumWindows
MoveWindow
GetDlgItemTextA
ChildWindowFromPoint
FindWindowA
DialogBoxParamA
ShowWindow
IsIconic
AdjustWindowRect
ScriptString_pcOutChars
ScriptStringXtoCP
ScriptBreak
ScriptStringGetOrder
ScriptString_pLogAttr
ScriptFreeCache
ScriptLayout
ScriptShape
ScriptIsComplex
ScriptStringOut
ScriptTextOut
ScriptCacheGetHeight
ScriptGetFontProperties
ScriptCPtoX
ScriptItemize
ScriptJustify
GetThemeSysBool
GetThemeSysColor
GetThemeColor
GetThemeAppProperties
DrawThemeIcon
SetThemeAppProperties
IsThemeActive
EnableThemeDialogTexture
DrawThemeText
GetThemeEnumValue
DrawThemeBackground
GetThemeSysInt
GetThemeMargins
GetThemeSysSize
WTSSetUserConfigA
WTSEnumerateSessionsA
WTSSendMessageA
WTSVirtualChannelWrite
WTSSetUserConfigW
WTSOpenServerA
WTSCloseServer
WTSFreeMemory
WTSLogoffSession
WTSEnumerateSessionsW
WTSVirtualChannelClose
WTSEnumerateServersW
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSVirtualChannelQuery
WTSEnumerateServersA
Number of PE resources by type
RT_DIALOG 6
RT_ICON 4
RT_GROUP_ICON 2
RT_MANIFEST 1
Struct(190) 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 16
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
626688

ImageVersion
0.0

ProductName
QTN

FileVersionNumber
2.8.1.7

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.32

OriginalFilename
QTN.rc

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2,8,1,7

TimeStamp
2013:03:24 10:43:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
QTN.rc

FileAccessDate
2013:10:23 18:29:20+01:00

ProductVersion
2,8,1,7

FileDescription
QTN

OSVersion
4.0

FileCreateDate
2013:10:23 18:29:20+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2011

MachineType
Intel 386 or later, and compatibles

CompanyName
QTN

CodeSize
4608

FileSubtype
0

ProductVersionNumber
2.8.1.7

EntryPoint
0x1eb6

ObjectFileType
Unknown

File identification
MD5 be52e7e38b9b467c51972cc841e7e487
SHA1 711562eef8e44c684b707410ec93910021da8074
SHA256 a38dbae35d832be4f2222c06f5bcc9efb55adc4e0958d3f2edf65e3094ad100c
ssdeep
6144:YzwmvuPOluzzLV2DmKCTWWo0TJGbHLyOyiWJiakA701YE:uvijzB2DSTzdQb31WwakI0SE

File size 294.5 KB ( 301568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-23 01:09:00 UTC ( 12 months ago )
Last submission 2013-10-23 17:29:26 UTC ( 5 months, 3 weeks ago )
File names be52e7e38b9b467c51972cc841e7e487
ya.exe
QTN.rc
75ac73a6a6f83c68a80614af302ce121-75ac73a6a6f83c68a80614af302ce121-1366679323
vti-rescan
output.10412004.txt
file-5433060_arl
10412004
eknXhqrKnsXlF.exe_1367248509.arl
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications