× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c77afbe515536773777afebf500088e5b61cf23a6f527e6e39c0895e7be223c7
File name: vti-rescan
Detection ratio: 40 / 55
Analysis date: 2015-11-04 09:39:40 UTC ( 3 months, 1 week ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1019800 20151104
AVG Downloader.Agent2.BNCL 20151104
AVware Trojan.Win32.Generic!BT 20151104
Ad-Aware Trojan.GenericKD.1019800 20151104
Agnitum Trojan.DL.Agent!DeqkiFkmicY 20151104
AhnLab-V3 Downloader/Win32.Agent 20151104
Antiy-AVL Trojan[Downloader]/Win32.Agent 20151104
Arcabit Trojan.Generic.DF8F98 20151104
Avast Win32:Malware-gen 20151104
Avira TR/Vindo.A 20151104
Baidu-International Trojan.Win32.Downloader.gzlh 20151104
BitDefender Trojan.GenericKD.1019800 20151104
CAT-QuickHeal Trojan.ZAgent.r4 20151103
Comodo UnclassifiedMalware 20151104
DrWeb Trojan.DownLoad3.27570 20151104
Emsisoft Trojan.GenericKD.1019800 (B) 20151104
F-Secure Trojan.GenericKD.1019800 20151104
Fortinet W32/Agent.GZLH!tr.dldr 20151104
GData Trojan.GenericKD.1019800 20151104
Ikarus Trojan-Downloader.Agent 20151104
Jiangmin TrojanDownloader.Agent.fqbs 20151104
K7AntiVirus Trojan-Downloader ( 004400e51 ) 20151104
K7GW Trojan-Downloader ( 004400e51 ) 20151104
Kaspersky Trojan-Downloader.Win32.Agent.gzlh 20151104
McAfee Generic.dx!832F5E01BE53 20151104
McAfee-GW-Edition BehavesLike.Win32.Sality.kh 20151104
MicroWorld-eScan Trojan.GenericKD.1019800 20151104
Microsoft Trojan:Win32/Yayih.C 20151104
NANO-Antivirus Trojan.Win32.Agent.cylzin 20151104
Panda Trj/Genetic.gen 20151104
Rising PE:Trojan.Win32.Generic.150DEBD3!353233875 [F] 20151104
Sophos Troj/Agent-ABUA 20151104
Symantec Trojan.Krast.B 20151104
Tencent Win32.Trojan-downloader.Agent.Dxmt 20151104
TrendMicro TROJ_SPNR.0BFD13 20151104
TrendMicro-HouseCall TROJ_SPNR.0BFD13 20151104
VBA32 TrojanDownloader.Agent 20151104
VIPRE Trojan.Win32.Generic!BT 20151104
ViRobot Trojan.Win32.Downloader.66560.CO[h] 20151104
nProtect Trojan.GenericKD.1019800 20151104
AegisLab 20151104
Alibaba 20151104
Bkav 20151104
ByteHero 20151104
CMC 20151102
ClamAV 20151103
Cyren 20151104
ESET-NOD32 20151104
F-Prot 20151104
Malwarebytes 20151104
SUPERAntiSpyware 20151104
TheHacker 20151103
TotalDefense 20151104
Zillya 20151104
Zoner 20151104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-15 06:42:49
Link date 7:42 AM 5/15/2013
Entry Point 0x00004F60
Number of sections 4
PE sections
PE imports
PeekNamedPipe
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
SetEvent
LCMapStringA
CopyFileA
HeapAlloc
IsBadWritePtr
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetACP
FreeEnvironmentStringsA
CreatePipe
GetStartupInfoA
GetEnvironmentStrings
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
UnhandledExceptionFilter
DeleteFileA
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
IsBadCodePtr
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
LeaveCriticalSection
CreateMutexA
GetModuleHandleA
IsBadReadPtr
CreateThread
GetStringTypeA
SetFilePointer
DeleteCriticalSection
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
ReadFile
SetStdHandle
GetComputerNameA
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
HeapDestroy
GetOEMCP
LocalFree
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
HeapCreate
VirtualFree
CreateEventA
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
InterlockedIncrement
VirtualAlloc
GetFileSize
SetLastError
CloseHandle
PathFileExistsA
wsprintfA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA
WSAStartup
gethostbyname
inet_ntoa
WSACleanup
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:05:15 07:42:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40448

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
31232

SubsystemVersion
4.0

EntryPoint
0x4f60

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 832f5e01be536da71d5b3f7e41938cfb
SHA1 8bea77d1bb18050d74445ffafdf300527308df95
SHA256 c77afbe515536773777afebf500088e5b61cf23a6f527e6e39c0895e7be223c7
ssdeep
768:hGdAgG/Sl+PRtijUC50BgUxTQw5UCeWeqxn09hP5H0Ng25mS8nlu5M1pgC2LX0:hGdAYldUm0BgUxTFBeunGFntlu+1iCK

authentihash bc1902babe09745391830b4837cdbf3cf957dc6b049c710b856724a1838633ad
imphash ebc6892c8504022198d28cf056171bbd
File size 65.0 KB ( 66560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-05-31 20:57:50 UTC ( 2 years, 8 months ago )
Last submission 2015-11-02 17:45:13 UTC ( 3 months, 1 week ago )
File names myScript.js.vir
cefad9dca9fc1e029acad7cfbf181a13-cefad9dca9fc1e029acad7cfbf181a13-1370034012
VirusShare_832f5e01be536da71d5b3f7e41938cfb
output.11658020.txt
832f5e01be536da71d5b3f7e41938cfb
VirusShare_832f5e01be536da71d5b3f7e41938cfb
myscript.js
vti-rescan
832f5e01be536da71d5b3f7e41938cfb.exe
css.css
VirusShare_832f5e01be536da71d5b3f7e41938cfb
11658019
myScript.js
11658020
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications