× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c77afbe515536773777afebf500088e5b61cf23a6f527e6e39c0895e7be223c7
File name: vti-rescan
Detection ratio: 35 / 48
Analysis date: 2014-02-24 02:24:25 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
AVG Downloader.Agent2.BNCL 20140223
Ad-Aware Trojan.GenericKD.1019800 20140224
Agnitum Trojan.DL.Agent!DeqkiFkmicY 20140223
AntiVir TR/Vindo.A 20140224
Antiy-AVL Trojan[Downloader]/Win32.Agent 20140219
Avast Win32:Malware-gen 20140224
Baidu-International Trojan.Win32.Downloader.as 20140223
BitDefender Trojan.GenericKD.1019800 20140224
CAT-QuickHeal Trojan.Yayih 20140223
Comodo UnclassifiedMalware 20140224
DrWeb Trojan.DownLoad3.27570 20140224
ESET-NOD32 a variant of Generik.GPVODNK 20140224
Emsisoft Trojan.GenericKD.1019800 (B) 20140224
F-Secure Trojan.GenericKD.1019800 20140223
Fortinet W32/Agent.GZLH!tr.dldr 20140223
GData Trojan.GenericKD.1019800 20140224
Ikarus Trojan-Downloader.Agent 20140223
K7AntiVirus Trojan-Downloader ( 004400e51 ) 20140221
K7GW Trojan-Downloader ( 004400e51 ) 20140220
Kaspersky Trojan-Downloader.Win32.Agent.gzlh 20140224
Kingsoft Win32.Troj.GenericKD.v.(kcloud) 20140224
McAfee RDN/Generic Downloader.x!hi 20140224
McAfee-GW-Edition RDN/Generic Downloader.x!hi 20140224
MicroWorld-eScan Trojan.GenericKD.1019800 20140224
Microsoft Trojan:Win32/Yayih.C 20140224
Norman Suspicious_Gen4.ECIBS 20140223
Panda Trj/Genetic.gen 20140223
Rising PE:Trojan.Win32.Generic.150DEBD3!353233875 20140223
Sophos Troj/Agent-ABUA 20140224
Symantec Trojan.Krast.B 20140223
TrendMicro TROJ_SPNR.0BFD13 20140224
TrendMicro-HouseCall TROJ_SPNR.0BFD13 20140224
VBA32 TrojanDownloader.Agent 20140221
VIPRE Trojan.Win32.Generic!BT 20140224
nProtect Trojan.GenericKD.1019800 20140223
AhnLab-V3 20140223
Bkav 20140222
ByteHero 20140224
CMC 20140220
ClamAV 20140223
Commtouch 20140224
F-Prot 20140224
Jiangmin 20140223
Malwarebytes 20140224
NANO-Antivirus 20140223
Qihoo-360 20140220
SUPERAntiSpyware 20140223
TheHacker 20140222
TotalDefense 20140224
ViRobot 20140223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-15 06:42:49
Link date 7:42 AM 5/15/2013
Entry Point 0x00004F60
Number of sections 4
PE sections
PE imports
PeekNamedPipe
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
SetEvent
LCMapStringA
CopyFileA
HeapAlloc
IsBadWritePtr
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetACP
FreeEnvironmentStringsA
CreatePipe
GetStartupInfoA
GetEnvironmentStrings
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
UnhandledExceptionFilter
DeleteFileA
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
IsBadCodePtr
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
LeaveCriticalSection
CreateMutexA
GetModuleHandleA
IsBadReadPtr
CreateThread
GetStringTypeA
SetFilePointer
DeleteCriticalSection
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
ReadFile
SetStdHandle
GetComputerNameA
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
HeapDestroy
GetOEMCP
LocalFree
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
HeapCreate
VirtualFree
CreateEventA
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
InterlockedIncrement
VirtualAlloc
GetFileSize
SetLastError
CloseHandle
PathFileExistsA
wsprintfA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA
WSAStartup
gethostbyname
inet_ntoa
WSACleanup
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:05:15 07:42:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40448

LinkerVersion
6.0

FileAccessDate
2014:02:24 03:27:03+01:00

EntryPoint
0x4f60

InitializedDataSize
31232

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:24 03:27:03+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 832f5e01be536da71d5b3f7e41938cfb
SHA1 8bea77d1bb18050d74445ffafdf300527308df95
SHA256 c77afbe515536773777afebf500088e5b61cf23a6f527e6e39c0895e7be223c7
ssdeep
768:hGdAgG/Sl+PRtijUC50BgUxTQw5UCeWeqxn09hP5H0Ng25mS8nlu5M1pgC2LX0:hGdAYldUm0BgUxTFBeunGFntlu+1iCK

imphash ebc6892c8504022198d28cf056171bbd
File size 65.0 KB ( 66560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-05-31 20:57:50 UTC ( 10 months, 2 weeks ago )
Last submission 2014-02-06 11:21:30 UTC ( 2 months, 1 week ago )
File names myScript.js.vir
cefad9dca9fc1e029acad7cfbf181a13-cefad9dca9fc1e029acad7cfbf181a13-1370034012
output.11658020.txt
832f5e01be536da71d5b3f7e41938cfb
myscript.js
vti-rescan
832f5e01be536da71d5b3f7e41938cfb.exe
css.css
VirusShare_832f5e01be536da71d5b3f7e41938cfb
11658019
myScript.js
11658020
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications