× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: caaab1e0b1ece9f5f150b092d3bbce74a3dd573cdfdcf0e8bfbf8966ed66353e
File name: vti-rescan
Detection ratio: 0 / 48
Analysis date: 2013-11-27 22:07:17 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG 20131127
Ad-Aware 20131127
Agnitum 20131127
AhnLab-V3 20131127
AntiVir 20131127
Antiy-AVL 20131127
Avast 20131127
Baidu-International 20131127
BitDefender 20131127
Bkav 20131127
ByteHero 20131127
CAT-QuickHeal 20131127
ClamAV 20131127
Commtouch 20131127
Comodo 20131127
DrWeb 20131127
ESET-NOD32 20131127
Emsisoft 20131127
F-Prot 20131127
F-Secure 20131127
Fortinet 20131127
GData 20131127
Ikarus 20131127
Jiangmin 20131127
K7AntiVirus 20131127
K7GW 20131127
Kaspersky 20131127
Kingsoft 20130829
Malwarebytes 20131127
McAfee 20131127
McAfee-GW-Edition 20131127
MicroWorld-eScan 20131127
Microsoft 20131127
NANO-Antivirus 20131127
Norman 20131127
Panda 20131127
Rising 20131127
SUPERAntiSpyware 20131127
Sophos 20131127
Symantec 20131127
TheHacker 20131127
TotalDefense 20131126
TrendMicro 20131127
TrendMicro-HouseCall 20131127
VBA32 20131127
VIPRE 20131127
ViRobot 20131127
nProtect 20131127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block
Publisher We Build Toolbars LLC
Signature verification Signed file, verified signature
Signing date 1:08 AM 11/9/2013
Signers
[+] We Build Toolbars LLC
Status Valid
Valid from 1:00 AM 5/7/2013
Valid to 12:59 AM 3/5/2016
Valid usage Code Signing
Algorithm SHA1
Thumbrint 9CE9124312F77D2C69A504760755E9BAC43A3393
Serial number 43 21 DE 10 73 82 78 B9 36 83 CA 54 24 07 F1 03
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust
Status Valid
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine x64
Compilation timestamp 2013-11-09 00:08:34
Entry Point 0x00044344
Number of sections 5
PE sections
PE imports
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
DeleteService
CryptHashData
RegQueryValueExW
CryptCreateHash
CloseServiceHandle
OpenProcessToken
SetServiceStatus
RegOpenKeyExW
SetTokenInformation
CreateServiceW
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
GetUserNameW
RegisterServiceCtrlHandlerW
CryptAcquireContextW
CreateProcessAsUserW
CryptDestroyHash
RevertToSelf
StartServiceW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
QueryServiceStatusEx
StartServiceCtrlDispatcherW
ImpersonateLoggedOnUser
ChangeServiceConfigW
GetStdHandle
WaitForSingleObject
SetEndOfFile
EncodePointer
GetExitCodeProcess
CreatePipe
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
CreateEventW
OutputDebugStringW
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryExA
GetUserDefaultLCID
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
MoveFileExW
DeleteCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlPcToFileHeader
OpenProcess
GetDateFormatW
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTimeFormatW
RtlLookupFunctionEntry
IsValidLocale
DuplicateHandle
RtlUnwindEx
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
lstrlenW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
IsValidCodePage
CreateProcessW
Sleep
GetOEMCP
EnumProcesses
EnumProcessModules
GetModuleBaseNameW
GetUserProfileDirectoryW
socket
recv
send
WSACleanup
WSAStartup
gethostbyname
connect
htons
closesocket
WSAGetLastError
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

TimeStamp
2013:11:09 01:08:34+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
420352

LinkerVersion
11.0

FileAccessDate
2014:04:23 11:36:01+01:00

EntryPoint
0x44344

InitializedDataSize
225280

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:04:23 11:36:01+01:00

UninitializedDataSize
0

File identification
MD5 0f068f3591c1418708f77b424e825648
SHA1 0fcf6f43be2cafa35d086b0afcb8cd7e85770788
SHA256 caaab1e0b1ece9f5f150b092d3bbce74a3dd573cdfdcf0e8bfbf8966ed66353e
ssdeep
12288:3fD7HdYX5oU9Ycl/V0HOKIiDk6g6eiBuo6:vD7HsLYS0uybgtiAx

imphash a29b575663ca6ec95fb5bdf8358f4dda
File size 627.1 KB ( 642104 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
64bits peexe assembly signed

VirusTotal metadata
First submission 2013-11-14 14:59:10 UTC ( 5 months, 1 week ago )
Last submission 2014-04-23 10:35:25 UTC ( 12 hours, 50 minutes ago )
File names monitor.exe
monitor.exe
64-monitor.exe
444
caaab1e0b1ece9f5f150b092d3bbce74a3dd573cdfdcf0e8bfbf8966ed66353e
vti-rescan
monitor.ex_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!