× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab58c5e9cc495fe3d2ec1ed731330685b2107f1e52bbfef02a76ed103920b7ab
File name: vti-rescan
Detection ratio: 31 / 54
Analysis date: 2014-08-15 12:42:42 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1801288 20140815
AhnLab-V3 Win-Trojan/FCN.140610 20140815
Avast Win32:Trojan-gen 20140815
AVG Inject2.ARAA 20140815
AVware Trojan.Win32.Generic.pak!cobra 20140815
Baidu-International Trojan.Win32.Injector.BBJRE 20140815
BitDefender Trojan.GenericKD.1801288 20140815
ByteHero Virus.Win32.Heur.p 20140815
CMC Heur.Win32.Veebee.1!O 20140814
Commtouch W32/Trojan.KWJP-0628 20140815
Emsisoft Trojan.GenericKD.1801288 (B) 20140815
ESET-NOD32 a variant of Win32/Injector.BJRE 20140815
F-Prot W32/Trojan3.JXV 20140815
F-Secure Trojan.GenericKD.1801288 20140815
Fortinet W32/BJRE!tr 20140815
GData Trojan.GenericKD.1801288 20140815
Ikarus Trojan.VBAgent 20140815
Kaspersky Trojan-Spy.Win32.Zbot.sbhk 20140815
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140815
McAfee PWSZbot-FACB!15591B4F2EBF 20140815
Microsoft PWS:Win32/Zbot 20140815
eScan Trojan.GenericKD.1801288 20140815
nProtect Trojan.GenericKD.1801288 20140814
Panda Trj/CI.A 20140815
Qihoo-360 HEUR/Malware.QVM03.Gen 20140815
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140815
Sophos AV Mal/Generic-S 20140815
Symantec Trojan.Zbot 20140815
TrendMicro TSPY_ZBOT.YVAHQ 20140815
TrendMicro-HouseCall TSPY_ZBOT.YVAHQ 20140815
VIPRE Trojan.Win32.Generic.pak!cobra 20140815
AegisLab 20140815
Yandex 20140814
AntiVir 20140815
Antiy-AVL 20140815
Bkav 20140815
CAT-QuickHeal 20140814
ClamAV 20140815
Comodo 20140815
DrWeb 20140815
Jiangmin 20140815
K7AntiVirus 20140814
K7GW 20140814
Malwarebytes 20140815
McAfee-GW-Edition 20140815
NANO-Antivirus 20140815
Norman 20140815
SUPERAntiSpyware 20140814
Tencent 20140815
TheHacker 20140814
TotalDefense 20140814
VBA32 20140814
ViRobot 20140815
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Publisher Fraps is a trademark of Beepa Pty Ltd
Product Asemia
Original name Braxy's.exe
Internal name Braxy's
File version 1.07.0004
Description Ultrapro tinse
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-11 06:14:19
Entry Point 0x00001414
Number of sections 3
PE sections
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
Compressed bundles
File identification
MD5 15591b4f2ebf4f166d4c5a6f56a87c73
SHA1 e00d837cf91428b0029a65fbf4c03b0e1eedd4c7
SHA256 ab58c5e9cc495fe3d2ec1ed731330685b2107f1e52bbfef02a76ed103920b7ab
ssdeep
6144:SCdTG+H2yFo48UkXlyKDWI/2sIUIsOBRgSPGcZ20CDTU9HjcZi427Z2:SCdEkv8U0IKSI/x7mB+SPt4IHjz2

imphash 2879121e83bfc553f38040b947bd88ca
File size 506.8 KB ( 518985 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-11 07:04:42 UTC ( 4 years, 3 months ago )
Last submission 2014-08-15 12:42:42 UTC ( 4 years, 3 months ago )
File names c-2c3c0-7090-1407740466
vti-rescan
Braxy's.exe
Braxy's
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.