× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c77afbe515536773777afebf500088e5b61cf23a6f527e6e39c0895e7be223c7
File name: vti-rescan
Detection ratio: 42 / 57
Analysis date: 2016-09-28 12:55:23 UTC ( 1 day, 21 hours ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1019800 20160928
AVG Downloader.Agent2.BNCL 20160928
AVware Trojan.Win32.Generic!BT 20160928
Ad-Aware Trojan.GenericKD.1019800 20160928
AegisLab Troj.Downloader.W32.Agent.gzlh!c 20160928
AhnLab-V3 Downloader/Win32.Agent.N870306449 20160928
Antiy-AVL Trojan[Downloader]/Win32.Agent 20160928
Arcabit Trojan.Generic.DF8F98 20160928
Avast Win32:Malware-gen 20160928
Avira (no cloud) TR/Vindo.A 20160928
BitDefender Trojan.GenericKD.1019800 20160928
CAT-QuickHeal Trojan.ZAgent.r4 20160928
Comodo UnclassifiedMalware 20160928
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Emsisoft Trojan.GenericKD.1019800 (B) 20160928
F-Secure Trojan.GenericKD.1019800 20160928
Fortinet W32/Agent.GZLH!tr.dldr 20160928
GData Trojan.GenericKD.1019800 20160928
Ikarus Trojan-Spy.Win32.Apotriphis 20160928
Invincea worm.win32.klez.h@mm 20160917
Jiangmin TrojanDownloader.Agent.epej 20160928
K7AntiVirus Trojan-Downloader ( 004400e51 ) 20160928
K7GW Trojan-Downloader ( 004400e51 ) 20160928
Kaspersky Trojan-Downloader.Win32.Agent.gzlh 20160928
McAfee Generic.dx!832F5E01BE53 20160928
McAfee-GW-Edition BehavesLike.Win32.Downloader.kh 20160927
eScan Trojan.GenericKD.1019800 20160928
Microsoft Trojan:Win32/Yayih.C 20160928
NANO-Antivirus Trojan.Win32.Agent.cylzin 20160927
Panda Trj/Genetic.gen 20160927
Qihoo-360 HEUR/Malware.QVM07.Gen 20160928
Rising Trojan.Generic-hWf7XKcSfED (cloud) 20160928
Sophos Troj/Agent-ABUA 20160928
Symantec Trojan.Krast.B 20160928
Tencent Win32.Trojan-downloader.Agent.Dxmt 20160928
TrendMicro TROJ_SPNR.0BFD13 20160928
TrendMicro-HouseCall TROJ_SPNR.0BFD13 20160928
VBA32 TrojanDownloader.Agent 20160928
VIPRE Trojan.Win32.Generic!BT 20160928
ViRobot Trojan.Win32.Downloader.66560.CO[h] 20160928
Yandex Trojan.DL.Agent!DeqkiFkmicY 20160927
Zillya Downloader.Agent.Win32.313353 20160928
Alibaba 20160928
Baidu 20160928
Bkav 20160928
CMC 20160928
ClamAV 20160928
Cyren 20160928
DrWeb 20160928
ESET-NOD32 20160928
F-Prot 20160926
Kingsoft 20160928
Malwarebytes 20160928
SUPERAntiSpyware 20160928
TheHacker 20160927
Zoner 20160928
nProtect 20160928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-15 06:42:49
Entry Point 0x00004F60
Number of sections 4
PE sections
PE imports
PeekNamedPipe
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
SetEvent
LCMapStringA
CopyFileA
HeapAlloc
IsBadWritePtr
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetACP
FreeEnvironmentStringsA
CreatePipe
GetStartupInfoA
GetEnvironmentStrings
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
UnhandledExceptionFilter
DeleteFileA
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
IsBadCodePtr
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
LeaveCriticalSection
CreateMutexA
GetModuleHandleA
IsBadReadPtr
CreateThread
GetStringTypeA
SetFilePointer
DeleteCriticalSection
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
ReadFile
SetStdHandle
GetComputerNameA
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
HeapDestroy
GetOEMCP
LocalFree
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
HeapCreate
VirtualFree
CreateEventA
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
InterlockedIncrement
VirtualAlloc
GetFileSize
SetLastError
CloseHandle
PathFileExistsA
wsprintfA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA
WSAStartup
gethostbyname
inet_ntoa
WSACleanup
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:05:15 07:42:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40448

LinkerVersion
6.0

EntryPoint
0x4f60

InitializedDataSize
31232

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 832f5e01be536da71d5b3f7e41938cfb
SHA1 8bea77d1bb18050d74445ffafdf300527308df95
SHA256 c77afbe515536773777afebf500088e5b61cf23a6f527e6e39c0895e7be223c7
ssdeep
768:hGdAgG/Sl+PRtijUC50BgUxTQw5UCeWeqxn09hP5H0Ng25mS8nlu5M1pgC2LX0:hGdAYldUm0BgUxTFBeunGFntlu+1iCK

authentihash bc1902babe09745391830b4837cdbf3cf957dc6b049c710b856724a1838633ad
imphash ebc6892c8504022198d28cf056171bbd
File size 65.0 KB ( 66560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-05-31 20:57:50 UTC ( 3 years, 4 months ago )
Last submission 2016-05-22 12:06:48 UTC ( 4 months, 1 week ago )
File names myScript.js.vir
cefad9dca9fc1e029acad7cfbf181a13-cefad9dca9fc1e029acad7cfbf181a13-1370034012
VirusShare_832f5e01be536da71d5b3f7e41938cfb
output.11658020.txt
832f5e01be536da71d5b3f7e41938cfb
VirusShare_832f5e01be536da71d5b3f7e41938cfb
myscript.js
vti-rescan
832f5e01be536da71d5b3f7e41938cfb.exe
css.css
VirusShare_832f5e01be536da71d5b3f7e41938cfb
11658019
myScript.js
11658020
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications