× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab8b7a7e6d5e2f98e85489c0d71e005842c3a6e085f8c4dd9f3011bfc9dbc18d
File name: vti-rescan
Detection ratio: 34 / 45
Analysis date: 2012-12-27 06:43:05 UTC ( 5 years, 11 months ago ) View latest
Antivirus Result Update
Yandex Trojan.Injector!YMWrZ30yPrY 20121226
AhnLab-V3 Win-Trojan/Zeeborot.10867712 20121226
AntiVir TR/FakeAV.92.5 20121226
Avast Win32:FakeAV-EEX [Trj] 20121227
AVG Inject.ECG 20121226
BitDefender Gen:Variant.FakeAV.92 20121227
Comodo UnclassifiedMalware 20121227
DrWeb Trojan.Packed.23590 20121227
Emsisoft Trojan.Win32.Inject (A) 20121227
eSafe Win32.Trojan 20121226
ESET-NOD32 Win32/Scoinet.A 20121226
F-Secure Gen:Variant.FakeAV.92 20121227
Fortinet W32/Injector.WSM!tr 20121227
GData Gen:Variant.FakeAV.92 20121227
Ikarus Trojan.SuspectCRC 20121227
K7AntiVirus Trojan 20121226
Kaspersky Trojan-Dropper.Win32.Injector.gglr 20121227
Kingsoft Win32.Troj.Injector.gg.(kcloud) 20121225
Malwarebytes Trojan.Inject 20121227
McAfee Artemis!23AAB9C1C462 20121227
McAfee-GW-Edition Artemis!23AAB9C1C462 20121226
Microsoft Trojan:Win32/Zeeborot.A 20121227
eScan Gen:Variant.FakeAV.92 20121227
NANO-Antivirus Trojan.Win32.Injector.bdeabf 20121227
Norman W32/Troj_Generic.FUYVX 20121226
Panda Trj/CI.A 20121226
Symantec WS.Reputation.1 20121227
TheHacker Trojan/Injector.yyr 20121226
TotalDefense Win32/Zbot.GNY 20121226
TrendMicro TROJ_GEN.RCBCDLJ 20121227
TrendMicro-HouseCall TROJ_GEN.RCBCDLJ 20121227
VBA32 Trojan-Dropper.Injector.gglr 20121226
VIPRE Trojan.Win32.Generic!BT 20121227
ViRobot Dropper.A.Injector.15685716 20121227
Antiy-AVL 20121226
ByteHero 20121226
CAT-QuickHeal 20121227
Commtouch 20121227
F-Prot 20121226
Jiangmin 20121221
nProtect 20121226
PCTools 20121227
Rising 20121227
Sophos AV 20121227
SUPERAntiSpyware 20121227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright Limited Car Industries

Product HostSystemDriverComputer
Original name HostSystemDriverComputer.exe
Internal name HostSystemDriverComputer
File version 9.1.9.4
Description HostSystemDriverComputer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-13 10:45:39
Entry Point 0x00049AB1
Number of sections 4
PE sections
Overlays
MD5 b7caa8cc5cc45e80605984469de373d0
File type ASCII text
Offset 3436544
Size 12249172
Entropy 0.00
PE imports
GetDeviceCaps
ExcludeClipRect
MoveToEx
GetCharacterPlacementW
GetTextMetricsA
GetCharWidthW
GetStockObject
SelectPalette
CreateFontIndirectA
GetCharABCWidthsFloatA
UnrealizeObject
Polyline
SetPaletteEntries
GetCharWidthA
TextOutA
DeleteObject
CreateSolidBrush
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
VerifyVersionInfoW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FormatMessageW
InitializeCriticalSection
TlsGetValue
SetLastError
GetModuleFileNameW
SetConsoleActiveScreenBuffer
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateSemaphoreW
TerminateProcess
VirtualQuery
GetCurrentThreadId
SleepEx
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetProcAddress
CompareStringW
WriteFile
GetBinaryTypeW
FindFirstFileA
CompareStringA
GetBinaryTypeA
EscapeCommFunction
GetPrivateProfileSectionW
LocalSize
GetCurrencyFormatA
GetFileType
TlsSetValue
ExitProcess
GetCurrencyFormatW
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
SetConsoleMode
GetSystemInfo
LCMapStringA
GetEnvironmentStringsW
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
SetCommBreak
CloseHandle
GetACP
IsBadStringPtrW
HeapCreate
OpenSemaphoreA
VirtualFree
Sleep
IsBadReadPtr
IsBadStringPtrA
GetProcessVersion
VirtualAlloc
CommandLineToArgvW
EmptyClipboard
GetForegroundWindow
SystemParametersInfoA
BeginPaint
CheckRadioButton
KillTimer
SendDlgItemMessageA
GetSystemMetrics
IsWindow
EnableWindow
RegisterClipboardFormatA
SetCapture
ReleaseCapture
TranslateMessage
GetMessageTime
GetSysColor
SetScrollInfo
MapDialogRect
CreateWindowExA
RegisterClassA
IsZoomed
SendMessageA
CloseClipboard
GetClientRect
CreateMenu
GetDlgItem
CreateDialogParamA
UpdateWindow
DeleteMenu
InvalidateRect
GetWindowTextLengthA
SetTimer
GetMessageA
DefDlgProcA
GetDesktopWindow
GetWindowTextA
OpenClipboard
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
2932736

ImageVersion
0.0

ProductName
HostSystemDriverComputer

FileVersionNumber
4.0.3.0

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
7.1

FileTypeExtension
exe

OriginalFileName
HostSystemDriverComputer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.1.9.4

TimeStamp
2012:11:13 11:45:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
HostSystemDriverComputer

ProductVersion
9.1.9.4

FileDescription
HostSystemDriverComputer

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright Limited Car Industries

MachineType
Intel 386 or later, and compatibles

CompanyName
Limited Car Industries

CodeSize
507904

FileSubtype
0

ProductVersionNumber
7.9.4.8

EntryPoint
0x49ab1

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 23aab9c1c462f3fdfddd98181e963230
SHA1 5398df94f68e4d66734581f4aed57d23b454d541
SHA256 ab8b7a7e6d5e2f98e85489c0d71e005842c3a6e085f8c4dd9f3011bfc9dbc18d
ssdeep
49152:qCDEJQ/E7Ov90uzz4PyX2nnM1hme6C5I40wjdS8ki0NrBEb00:qCwJQ/E7wsPLM155c0dToEb0

authentihash c1f97ab984fb4833cd236115962124535f6505fbbc6a2d309c2be5bb72d57062
imphash 903731c6a10a32e0c21742e0c0429b72
File size 15.0 MB ( 15685716 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (26.8%)
Win32 EXE PECompact compressed (generic) (25.8%)
Win32 Executable MS Visual C++ (generic) (19.4%)
Win64 Executable (generic) (17.2%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-11-23 00:04:50 UTC ( 6 years ago )
Last submission 2018-11-10 05:43:31 UTC ( 1 month ago )
File names ysahu.exe
HostSystemDriverComputer
ysahu.ex_
ysahu.exe_
ysahu.exe
ysahu.exe
HostSystemDriverComputer.exe
ysahu.exe
vti-rescan
ab8b7a7e6d5e2f98e85489c0d71e005842c3a6e085f8c4dd9f3011bfc9dbc18d.vir
ysahu.ex_
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications