× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab8df164a725456e535f1b6ca6dc81e56b9e86206876ab17f9ca79e37f6cbf86
File name: vti-rescan
Detection ratio: 34 / 45
Analysis date: 2012-12-03 09:22:41 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
Yandex Trojan.PWS.Agent!oG9LUK+WC5E 20121202
AntiVir TR/Agent.117248.18 20121203
Avast Win32:Malware-gen 20121203
AVG Generic26.LDI 20121203
BitDefender DeepScan:Generic.Malware.P!.5936F6C7 20121203
CAT-QuickHeal TrojanBanker.Agent.fyn 20121203
Commtouch W32/Backdoor2.HMYA 20121203
DrWeb Trojan.Click2.26269 20121203
Emsisoft Trojan-Banker.Win32.Agent (A) 20121203
eSafe Win32.TRAgent 20121202
ESET-NOD32 probably a variant of Win32/Spy.Banker.CPNRGDZ 20121202
F-Prot W32/Backdoor2.HMYA 20121202
F-Secure DeepScan:Generic.Malware.P!.5936F6C7 20121203
Fortinet W32/Trackr.HHO!tr 20121203
GData DeepScan:Generic.Malware.P!.5936F6C7 20121203
Ikarus Trojan-Banker.Win32.Agent 20121203
Jiangmin Trojan/Banker.Agent.bhj 20121203
K7AntiVirus Trojan 20121130
Kaspersky Trojan-Banker.Win32.Agent.fyn 20121203
McAfee Artemis!64C9217C52B1 20121203
McAfee-GW-Edition Artemis!64C9217C52B1 20121203
Microsoft Trojan:Win32/Bumat!rts 20121203
eScan DeepScan:Generic.Malware.P!.5936F6C7 20121203
NANO-Antivirus Trojan.Win32.Agent2.bbarfi 20121203
Norman W32/Suspicious_Gen2.TQSOH 20121203
nProtect Trojan.Generic.8206215 20121203
Panda Trj/Banker.KRZ 20121202
Sophos AV Troj/Trackr-Gen 20121203
Symantec Infostealer.Bancos 20121203
TrendMicro TROJ_BANKER.QPA 20121203
TrendMicro-HouseCall TROJ_GEN.RCBOHJ7 20121203
VBA32 TrojanBanker.Agent.fyn 20121130
VIPRE Trojan.Win32.Generic!BT 20121203
ViRobot Trojan.Win32.A.Agent.163341 20121203
Antiy-AVL 20121202
ByteHero 20121130
ClamAV 20121202
Comodo 20121203
Kingsoft 20121119
Malwarebytes 20121203
PCTools 20121203
Rising 20121203
SUPERAntiSpyware 20121202
TheHacker 20121202
TotalDefense 20121202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command ZIP
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00007E60
Number of sections 8
PE sections
Overlays
MD5 476a7d12b7155219b9a17e9137f11949
File type application/zip
Offset 40960
Size 122381
Entropy 8.00
PE imports
SetBkMode
GdiFlush
CreateSolidBrush
IntersectClipRect
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetStdHandle
EnterCriticalSection
FileTimeToSystemTime
GetModuleFileNameW
FreeLibrary
ExitProcess
CreateDirectoryA
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
SystemTimeToFileTime
LocalAlloc
FindClose
SetFileTime
DeleteFileA
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetFileTime
SetFilePointer
RaiseException
WideCharToMultiByte
GetFileAttributesA
GetModuleHandleA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
DeleteFileW
FindFirstFileW
SetFileAttributesW
FileTimeToLocalFileTime
SetFileAttributesA
LocalFree
InitializeCriticalSection
CreateFileW
VirtualFree
LocalFileTimeToFileTime
GetFileAttributesW
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
VirtualAlloc
GetFileSize
LeaveCriticalSection
GetParent
DrawTextA
EndDialog
ShowWindow
MessageBeep
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
DispatchMessageA
SetDlgItemTextA
DialogBoxParamW
GetDlgItemTextA
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
GetDlgItemTextW
GetSysColor
SetDlgItemTextW
GetDC
GetAsyncKeyState
ReleaseDC
LoadStringA
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
IsIconic
DeleteMenu
OemToCharA
GetActiveWindow
GetSystemMenu
FillRect
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 4
RT_ICON 2
RT_STRING 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29184

LinkerVersion
2.25

EntryPoint
0x7e60

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 64c9217c52b197256b16ebfb377d8d60
SHA1 5af473b20dd138b38bc7804c1383bccc6a3df8e4
SHA256 ab8df164a725456e535f1b6ca6dc81e56b9e86206876ab17f9ca79e37f6cbf86
ssdeep
3072:NvTgOOph+Yi5nLJjHmujNbxkn0QUaX1aX8F8kLK:NJtH1jNm0Q91aO8H

authentihash 0ee8c1d19897986fe5ecbc5b159b51a9656c5bd25b27fbb7b9a96cc502efd743
imphash c5afd6d556425273741b60c59dffda7f
File size 159.5 KB ( 163341 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 3 (93.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-12-01 18:30:57 UTC ( 7 years, 3 months ago )
Last submission 2018-01-23 13:58:00 UTC ( 1 year, 2 months ago )
File names T.EXE
ab8df164a725456e535f1b6ca6dc81e56b9e86206876ab17f9ca79e37f6cbf86
vti-rescan
t.exe
64C9217C52B197256B16EBFB377D8D60
JHB-000001.exe
ab8df164a725456e535f1b6ca6dc81e56b9e86206876ab17f9ca79e37f6cbf86.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!