× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c77afbe515536773777afebf500088e5b61cf23a6f527e6e39c0895e7be223c7
File name: vti-rescan
Detection ratio: 41 / 57
Analysis date: 2016-05-22 12:06:48 UTC ( 5 days, 11 hours ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1019800 20160522
AVG Downloader.Agent2.BNCL 20160522
AVware Trojan.Win32.Generic!BT 20160522
Ad-Aware Trojan.GenericKD.1019800 20160522
AegisLab Troj.Downloader.W32.Agent.gzlh!c 20160521
AhnLab-V3 Downloader/Win32.Agent 20160522
Antiy-AVL Trojan[Downloader]/Win32.Agent 20160522
Arcabit Trojan.Generic.DF8F98 20160522
Avast Win32:Evo-gen [Susp] 20160522
Avira (no cloud) TR/Vindo.A 20160522
Baidu-International Trojan.Win32.Downloader.gzlh 20160522
BitDefender Trojan.GenericKD.1019800 20160522
CAT-QuickHeal Trojan.ZAgent.r4 20160521
Comodo UnclassifiedMalware 20160522
DrWeb Trojan.DownLoad3.27570 20160522
Emsisoft Trojan.GenericKD.1019800 (B) 20160522
F-Secure Trojan.GenericKD.1019800 20160522
Fortinet W32/Agent.GZLH!tr.dldr 20160522
GData Trojan.GenericKD.1019800 20160522
Ikarus Trojan-Spy.Win32.Apotriphis 20160522
Jiangmin TrojanDownloader.Agent.epej 20160522
K7AntiVirus Trojan-Downloader ( 004400e51 ) 20160522
K7GW Trojan-Downloader ( 004400e51 ) 20160522
Kaspersky Trojan-Downloader.Win32.Agent.gzlh 20160522
McAfee Generic.dx!832F5E01BE53 20160522
McAfee-GW-Edition BehavesLike.Win32.Ipamor.kh 20160521
eScan Trojan.GenericKD.1019800 20160522
Microsoft Trojan:Win32/Yayih.C 20160522
NANO-Antivirus Trojan.Win32.Agent.cylzin 20160522
Panda Trj/Genetic.gen 20160522
Qihoo-360 HEUR/Malware.QVM07.Gen 20160522
Sophos Troj/Agent-ABUA 20160522
Symantec Trojan.Krast.B 20160522
Tencent Win32.Trojan-downloader.Agent.Dxmt 20160522
TrendMicro TROJ_SPNR.0BFD13 20160522
TrendMicro-HouseCall TROJ_SPNR.0BFD13 20160522
VBA32 TrojanDownloader.Agent 20160520
VIPRE Trojan.Win32.Generic!BT 20160522
ViRobot Trojan.Win32.Downloader.66560.CO[h] 20160522
Yandex Trojan.DL.Agent!DeqkiFkmicY 20160521
nProtect Trojan.GenericKD.1019800 20160520
Alibaba 20160520
Baidu 20160520
Bkav 20160521
CMC 20160520
ClamAV 20160522
Cyren 20160522
ESET-NOD32 20160522
F-Prot 20160522
Kingsoft 20160522
Malwarebytes 20160522
Rising 20160522
SUPERAntiSpyware 20160522
TheHacker 20160522
TotalDefense 20160522
Zillya 20160521
Zoner 20160522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-15 06:42:49
Entry Point 0x00004F60
Number of sections 4
PE sections
PE imports
PeekNamedPipe
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
SetEvent
LCMapStringA
CopyFileA
HeapAlloc
IsBadWritePtr
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetACP
FreeEnvironmentStringsA
CreatePipe
GetStartupInfoA
GetEnvironmentStrings
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
UnhandledExceptionFilter
DeleteFileA
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
IsBadCodePtr
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
LeaveCriticalSection
CreateMutexA
GetModuleHandleA
IsBadReadPtr
CreateThread
GetStringTypeA
SetFilePointer
DeleteCriticalSection
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
ReadFile
SetStdHandle
GetComputerNameA
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
HeapDestroy
GetOEMCP
LocalFree
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
HeapCreate
VirtualFree
CreateEventA
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
InterlockedIncrement
VirtualAlloc
GetFileSize
SetLastError
CloseHandle
PathFileExistsA
wsprintfA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA
WSAStartup
gethostbyname
inet_ntoa
WSACleanup
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:05:15 07:42:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40448

LinkerVersion
6.0

EntryPoint
0x4f60

InitializedDataSize
31232

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 832f5e01be536da71d5b3f7e41938cfb
SHA1 8bea77d1bb18050d74445ffafdf300527308df95
SHA256 c77afbe515536773777afebf500088e5b61cf23a6f527e6e39c0895e7be223c7
ssdeep
768:hGdAgG/Sl+PRtijUC50BgUxTQw5UCeWeqxn09hP5H0Ng25mS8nlu5M1pgC2LX0:hGdAYldUm0BgUxTFBeunGFntlu+1iCK

authentihash bc1902babe09745391830b4837cdbf3cf957dc6b049c710b856724a1838633ad
imphash ebc6892c8504022198d28cf056171bbd
File size 65.0 KB ( 66560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-05-31 20:57:50 UTC ( 2 years, 12 months ago )
Last submission 2016-05-22 12:06:48 UTC ( 5 days, 11 hours ago )
File names myScript.js.vir
cefad9dca9fc1e029acad7cfbf181a13-cefad9dca9fc1e029acad7cfbf181a13-1370034012
VirusShare_832f5e01be536da71d5b3f7e41938cfb
output.11658020.txt
832f5e01be536da71d5b3f7e41938cfb
VirusShare_832f5e01be536da71d5b3f7e41938cfb
myscript.js
vti-rescan
832f5e01be536da71d5b3f7e41938cfb.exe
css.css
VirusShare_832f5e01be536da71d5b3f7e41938cfb
11658019
myScript.js
11658020
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications