× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c670d7acc67f8b6066ca4a4e9cbbb350f92d90063d189b6867f0352c6d3922e8
File name: vti-rescan
Detection ratio: 24 / 55
Analysis date: 2015-01-01 09:43:27 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2059206 20150101
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150101
Avast Win32:Crypt-RPM [Trj] 20150101
AVG Crypt3.BMUE 20150101
Baidu-International Trojan.Win32.Zbot.ayWW 20150101
BitDefender Trojan.GenericKD.2059206 20150101
DrWeb Trojan.PWS.Panda.7708 20150101
Emsisoft Trojan.GenericKD.2059206 (B) 20150101
ESET-NOD32 a variant of Win32/Kryptik.CTRJ 20150101
F-Secure Trojan.GenericKD.2059206 20150101
Fortinet W32/Zbot.CTRJ!tr 20150101
GData Trojan.GenericKD.2059206 20150101
Ikarus Trojan-Spy.Zbot 20150101
Kaspersky Trojan-Spy.Win32.Zbot.utea 20150101
McAfee RDN/Generic PWS.y!bc3 20150101
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20150101
Microsoft PWS:Win32/Zbot.gen!VM 20150101
Panda Trj/CI.A 20150101
Qihoo-360 Win32/Trojan.Multi.daf 20150101
Sophos AV Mal/Generic-S 20150101
Symantec Trojan.Gen.2 20150101
TotalDefense Win32/Zbot.YXbLCW 20150101
TrendMicro TROJ_FORUCON.BMC 20150101
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150101
AegisLab 20150101
Yandex 20141231
AhnLab-V3 20141231
ALYac 20150101
Avira (no cloud) 20141231
AVware 20150101
Bkav 20141230
ByteHero 20150101
CAT-QuickHeal 20150101
ClamAV 20150101
Comodo 20141231
Cyren 20141231
F-Prot 20141231
Jiangmin 20141231
K7AntiVirus 20141230
K7GW 20141231
Kingsoft 20150101
Malwarebytes 20150101
eScan 20150101
NANO-Antivirus 20150101
Norman 20150101
nProtect 20141231
Rising 20141231
SUPERAntiSpyware 20141231
Tencent 20150101
TheHacker 20141229
VBA32 20141231
VIPRE 20150101
ViRobot 20150101
Zillya 20141231
Zoner 20141228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jumping Bytes, Christoph Guntner, (c) 2014

Publisher Jumping Bytes
Product PureSync
Original name PureSync
Internal name PureSync
File version 3.08.2529
Description PureSync, a file and folder synchronization and backup tool, by Jumping Bytes
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-17 23:55:06
Entry Point 0x00002DBE
Number of sections 5
PE sections
PE imports
GetDeviceCaps
CreateDCA
DeleteDC
SelectObject
CreateFontA
GetStockObject
Ellipse
CreateSolidBrush
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetStartupInfoW
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
lstrlenW
GetStdHandle
HeapSetInformation
LeaveCriticalSection
_lwrite
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetHandleCount
UnhandledExceptionFilter
GetModuleHandleW
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
lstrcatW
EncodePointer
GetProcessHeap
SetStdHandle
_lcreat
lstrcpyW
CloseHandle
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
_lclose
FindNextFileW
GetSystemTimeAsFileTime
FindFirstFileW
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
IsDebuggerPresent
TerminateProcess
GetModuleFileNameA
IsValidCodePage
HeapCreate
CreateFileW
CreateEventA
FindClose
InterlockedDecrement
Sleep
SetLastError
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
ResetEvent
WindowFromAccessibleObject
StrNCatA
MapWindowPoints
GetParent
LoadMenuA
EnumWindowStationsW
PostQuitMessage
DefWindowProcA
SetWindowTextA
EnumDisplayMonitors
AppendMenuA
GetWindowRect
CheckMenuRadioItem
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
CreatePopupMenu
GetMenu
SendMessageA
GetClientRect
SetMenuDefaultItem
SetRect
DeleteMenu
GetSubMenu
CreateWindowExA
EnumDisplaySettingsA
TrackPopupMenu
FillRect
SetDlgItemInt
wsprintfW
DestroyMenu
OpenThemeData
CloseThemeData
GetThemeSysSize
GetThemeDocumentationProperty
OpenPrinterW
GdipDisposeImage
GdipLoadImageFromFile
GdipAlloc
GdipCreateFromHWND
GdipCloneImage
GdipFree
GdipDeleteGraphics
Number of PE resources by type
RT_DIALOG 4
RT_ICON 4
RT_STRING 3
RT_HTML 2
Struct(240) 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.8.2529.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
256000

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Jumping Bytes, Christoph Guntner, (c) 2014

FileVersion
3.08.2529

TimeStamp
2014:12:18 00:55:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PureSync

FileAccessDate
2015:01:01 10:43:43+01:00

ProductVersion
3.08.2529

FileDescription
PureSync, a file and folder synchronization and backup tool, by Jumping Bytes

OSVersion
5.1

FileCreateDate
2015:01:01 10:43:43+01:00

OriginalFilename
PureSync

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Jumping Bytes

CodeSize
41984

ProductName
PureSync

ProductVersionNumber
3.8.2529.0

EntryPoint
0x2dbe

ObjectFileType
Executable application

File identification
MD5 e9ef4bac6b1fb0a01c29b049f0b983af
SHA1 8d8595652903587ea9674fbae5c615c1e2bde0f8
SHA256 c670d7acc67f8b6066ca4a4e9cbbb350f92d90063d189b6867f0352c6d3922e8
ssdeep
3072:ix0z2sk5DBSv2kXKul+Ze0DuJetuJLA7C2rRatKxp2WxvQI7lQPUwoXQkqWY9xC8:ix/lSvz1+HKw5R3pUqQUWhBxjnO7fWd

authentihash cb8af23349407515cab5187515c7e2b9c1ebbc3f5f11e5b4f737d1f79b266e5c
imphash 9b10046a45a1e3818c5ad3d627d61b56
File size 292.0 KB ( 299008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-31 18:35:11 UTC ( 4 years, 2 months ago )
Last submission 2015-01-01 09:43:27 UTC ( 4 years, 2 months ago )
File names vti-rescan
e9ef4bac6b1fb0a01c29b049f0b983af
PureSync
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.