× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: abb0893c46a52d260b8832745116495d73e248347a00648d0501eff3015037c1
File name: vti-rescan
Detection ratio: 20 / 57
Analysis date: 2015-06-13 06:17:55 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Trojan.PWS.Sinowal.NCX 20150613
ALYac Trojan.PWS.Sinowal.NCX 20150613
Arcabit Trojan.PWS.Sinowal.NCX 20150613
Avast Win32:Malware-gen 20150613
Baidu-International Trojan.Win32.Rovnix.AH 20150612
BitDefender Trojan.PWS.Sinowal.NCX 20150613
Emsisoft Trojan.PWS.Sinowal.NCX (B) 20150613
ESET-NOD32 a variant of Win32/Rovnix.AH 20150613
F-Secure Trojan.PWS.Sinowal.NCX 20150613
GData Trojan.PWS.Sinowal.NCX 20150613
Ikarus Trojan-Spy.Sinowal 20150613
McAfee Artemis!4ACC23E1A445 20150613
McAfee-GW-Edition Artemis 20150612
eScan Trojan.PWS.Sinowal.NCX 20150613
nProtect Trojan.PWS.Sinowal.NCX 20150612
Qihoo-360 HEUR/QVM39.1.Malware.Gen 20150613
Sophos Mal/Generic-S 20150613
Symantec Suspicious.Cloud.5 20150613
Tencent Trojan.Win32.Qudamah.Gen.14 20150613
TrendMicro-HouseCall TROJ_GEN.R047H09FB15 20150613
AegisLab 20150613
Yandex 20150612
AhnLab-V3 20150612
Alibaba 20150613
Antiy-AVL 20150613
AVG 20150613
Avira (no cloud) 20150612
AVware 20150613
Bkav 20150612
ByteHero 20150613
CAT-QuickHeal 20150612
ClamAV 20150613
CMC 20150610
Comodo 20150613
Cyren 20150613
DrWeb 20150613
F-Prot 20150613
Fortinet 20150613
Jiangmin 20150610
K7AntiVirus 20150613
K7GW 20150613
Kaspersky 20150613
Kingsoft 20150613
Malwarebytes 20150612
Microsoft 20150613
NANO-Antivirus 20150613
Panda 20150612
Rising 20150612
SUPERAntiSpyware 20150613
TheHacker 20150611
TotalDefense 20150612
TrendMicro 20150613
VBA32 20150612
VIPRE 20150613
ViRobot 20150613
Zillya 20150613
Zoner 20150612
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-13 10:11:31
Entry Point 0x000014E0
Number of sections 4
PE sections
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:13 11:11:31+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
15360

LinkerVersion
11.0

FileTypeExtension
dll

InitializedDataSize
85504

SubsystemVersion
5.1

EntryPoint
0x14e0

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4acc23e1a445cca0a1e30f3171f90dac
SHA1 06b97509b98c6b61b2892094daa1e3170b2e53fc
SHA256 abb0893c46a52d260b8832745116495d73e248347a00648d0501eff3015037c1
ssdeep
1536:rp+7fMUG8Qm1i82SD0HbBLN9QG8p8Y7yKSm6ykgB7+JikopEnOuy5P5XAt:odG8QmkTSDEN6GKOD5yP+cqnOn5P5X0

authentihash d41e40e31cfeaeb51528f2bb82f5f9d4fd9fa79d1cda2881bf918d634e36a7ea
File size 90.0 KB ( 92160 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-06-10 23:11:55 UTC ( 2 years ago )
Last submission 2015-06-13 06:17:55 UTC ( 2 years ago )
File names bootkitdll.4acc23e1a445cca0a1e30f3171f90dac.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!