× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b4de7a26909fba102cf19552ec0b43aa89d810bac545f2a309ced67802698ffd
File name: vti-rescan
Detection ratio: 35 / 46
Analysis date: 2012-12-03 09:03:52 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
Yandex Trojan.PWS.Agent!oG9LUK+WC5E 20121202
AhnLab-V3 Trojan/Win32.Agent 20121203
AntiVir TR/Agent.117248.18 20121203
Avast Win32:Malware-gen 20121203
AVG Generic26.LDI 20121203
BitDefender DeepScan:Generic.Malware.P!.5936F6C7 20121203
CAT-QuickHeal TrojanBanker.Agent.fyn 20121203
Commtouch W32/Backdoor2.HMYA 20121203
DrWeb Trojan.PWS.Banker.63135 20121203
Emsisoft DeepScan:Generic.Malware.P!.5936F6C7 (B) 20121203
eSafe Win32.DeepScanGeneri 20121202
ESET-NOD32 probably a variant of Win32/Spy.Banker.CPNRGDZ 20121202
F-Prot W32/Backdoor2.HMYA 20121202
F-Secure DeepScan:Generic.Malware.P!.5936F6C7 20121203
Fortinet W32/Banker.H2O!tr.pws 20121203
GData DeepScan:Generic.Malware.P!.5936F6C7 20121203
Ikarus Trojan-Banker.Win32.Agent 20121203
Jiangmin Trojan/Banker.Agent.bhj 20121203
K7AntiVirus Trojan 20121130
Kaspersky Trojan-Banker.Win32.Agent.fyn 20121203
McAfee Artemis!47D03FD75007 20121203
McAfee-GW-Edition Artemis!47D03FD75007 20121203
Microsoft Trojan:Win32/Bumat!rts 20121203
eScan DeepScan:Generic.Malware.P!.5936F6C7 20121203
NANO-Antivirus Trojan.Win32.Agent.kaovw 20121203
Norman W32/Suspicious_Gen2.QEYSN 20121203
nProtect Trojan.Generic.8206215 20121203
Panda Trj/Banker.KRZ 20121202
PCTools Trojan.ADH 20121203
Sophos AV Troj/Trackr-Gen 20121203
Symantec Infostealer.Bancos 20121203
TrendMicro TROJ_BANKER.QPA 20121203
TrendMicro-HouseCall TROJ_AVKILLP.BBH 20121203
VBA32 TrojanBanker.Agent.fyn 20121130
VIPRE Trojan.Win32.Generic!BT 20121203
Antiy-AVL 20121202
ByteHero 20121130
ClamAV 20121202
Comodo 20121203
Kingsoft 20121119
Malwarebytes 20121203
Rising 20121203
SUPERAntiSpyware 20121202
TheHacker 20121202
TotalDefense 20121202
ViRobot 20121203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command ZIP
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00007E60
Number of sections 8
PE sections
Overlays
MD5 3e464a042ce5b3ed8c900a828aa8ae3e
File type application/zip
Offset 40960
Size 122034
Entropy 8.00
PE imports
SetBkMode
GdiFlush
CreateSolidBrush
IntersectClipRect
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetStdHandle
EnterCriticalSection
FileTimeToSystemTime
GetModuleFileNameW
FreeLibrary
ExitProcess
CreateDirectoryA
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
SystemTimeToFileTime
LocalAlloc
FindClose
SetFileTime
DeleteFileA
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetFileTime
SetFilePointer
RaiseException
WideCharToMultiByte
GetFileAttributesA
GetModuleHandleA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
DeleteFileW
FindFirstFileW
SetFileAttributesW
FileTimeToLocalFileTime
SetFileAttributesA
LocalFree
InitializeCriticalSection
CreateFileW
VirtualFree
LocalFileTimeToFileTime
GetFileAttributesW
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
VirtualAlloc
GetFileSize
LeaveCriticalSection
GetParent
DrawTextA
EndDialog
ShowWindow
MessageBeep
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
DispatchMessageA
SetDlgItemTextA
DialogBoxParamW
GetDlgItemTextA
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
GetDlgItemTextW
GetSysColor
SetDlgItemTextW
GetDC
GetAsyncKeyState
ReleaseDC
LoadStringA
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
IsIconic
DeleteMenu
OemToCharA
GetActiveWindow
GetSystemMenu
FillRect
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 4
RT_ICON 2
RT_STRING 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29184

LinkerVersion
2.25

EntryPoint
0x7e60

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 47d03fd75007f91af4efc39573164023
SHA1 61395ad59bbb111aa2a84ccd1e1cb4da3c38211a
SHA256 b4de7a26909fba102cf19552ec0b43aa89d810bac545f2a309ced67802698ffd
ssdeep
3072:NvTgOOph+Yv5nLJjHmujNbxknlQUao1aX8F8kL+:NUtH1jNmlQu1aO8l

authentihash aa818633ed37e2a14dd81cb4ef31e7eacce24a8afeef60c85239dd48d9b88bfe
imphash c5afd6d556425273741b60c59dffda7f
File size 159.2 KB ( 162994 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 3 (93.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-07-08 10:42:46 UTC ( 7 years, 8 months ago )
Last submission 2017-05-11 03:46:48 UTC ( 1 year, 10 months ago )
File names b4de7a26909fba102cf19552ec0b43aa89d810bac545f2a309ced67802698ffd.EXE
b4de7a26909fba102cf19552ec0b43aa89d810bac545f2a309ced67802698ffd.exe
A0084515.exe
b4de7a26909fba102cf19552ec0b43aa89d810bac545f2a309ced67802698ffd
file-3360242_exe
EHZ-000001.exe
vti-rescan
47D03FD75007F91AF4EFC39573164023
r.exe
C66D6AECB23F3A5A7C6F02A43586C6002FDB8C05.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!