× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cdf3cdb3fdb9dfe32638217fe34d1862d6c165973ab4396912525ec9e5c881fa
File name: vti-rescan
Detection ratio: 21 / 55
Analysis date: 2016-03-03 15:40:56 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3078792 20160303
AhnLab-V3 Trojan/Win32.Dridex 20160303
Arcabit Trojan.Generic.D2EFA88 20160303
AVG Crypt5.AMQF 20160303
Avira (no cloud) TR/Injector.18600 20160303
BitDefender Trojan.GenericKD.3078792 20160303
ESET-NOD32 Win32/Dridex.AA 20160303
F-Secure Trojan.GenericKD.3078792 20160303
GData Trojan.GenericKD.3078792 20160303
Ikarus Trojan-Spy.Agent 20160303
Kaspersky Backdoor.Win32.Cridex.dd 20160303
McAfee RDN/Trojan-FHYZ 20160303
McAfee-GW-Edition BehavesLike.Win32.Rootkit.cm 20160303
eScan Trojan.GenericKD.3078792 20160303
Panda Trj/CI.A 20160302
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160303
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160302
Sophos AV Troj/Dridex-QN 20160303
Symantec Suspicious.Cloud.9 20160302
TrendMicro TSPY_DRIDEX.BYX 20160303
TrendMicro-HouseCall TSPY_DRIDEX.BYX 20160303
AegisLab 20160303
Yandex 20160302
Alibaba 20160303
ALYac 20160303
Antiy-AVL 20160303
Avast 20160303
AVware 20160303
Baidu-International 20160303
Bkav 20160303
ByteHero 20160303
CAT-QuickHeal 20160303
ClamAV 20160302
CMC 20160303
Comodo 20160303
Cyren 20160303
DrWeb 20160303
Emsisoft 20160229
F-Prot 20160303
Fortinet 20160303
Jiangmin 20160303
K7AntiVirus 20160303
K7GW 20160303
Malwarebytes 20160303
Microsoft 20160303
NANO-Antivirus 20160303
nProtect 20160303
SUPERAntiSpyware 20160303
Tencent 20160303
TheHacker 20160302
VBA32 20160303
VIPRE 20160303
ViRobot 20160303
Zillya 20160303
Zoner 20160303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name h323msp.dll
Internal name h323msp.dll
File version 5.1.2600.5512 (xpsp.080413-0852)
Description Поставщик службы медиа H.323 (Microsoft)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-01 23:40:17
Entry Point 0x0000105A
Number of sections 12
PE sections
PE imports
SetConsoleTitleW
MoveFileExA
FreeUserPhysicalPages
GetConsoleCursorInfo
FreeConsole
CreateFileMappingA
GetProcAddress
lstrcmpW
GetModuleHandleW
MprAdminMIBEntrySet
localeconv
fputws
isdigit
iswalpha
isprint
_chkstk
sin
Number of PE resources by type
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
H.323 (Microsoft)

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
151040

EntryPoint
0x105a

OriginalFileName
h323msp.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
2016:03:02 00:40:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
h323msp.dll

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
54272

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 0c95722ec4fdcc5e94e690150edf6cf0
SHA1 ad8a4919fab1795bf12720868aab54a32a3ea8b6
SHA256 cdf3cdb3fdb9dfe32638217fe34d1862d6c165973ab4396912525ec9e5c881fa
ssdeep
3072:audlMf+yisEWmEas7mwbIMf/pyL25Ngnl628+k8oi45JykCbZxP:acD9sDmEas6wEMfQy52Ql7ykgZx

authentihash 033e4a4c90cd9c6990e149addce15e82ddfc45fd340074fc8bdd88720193cdd5
imphash bdd17d867544a55e189538c73a4916e9
File size 186.0 KB ( 190464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-02 08:48:34 UTC ( 2 years, 10 months ago )
Last submission 2018-10-09 17:10:03 UTC ( 3 months, 1 week ago )
File names 53530.exe
383848.exe
404048.exe
0c95722ec4fdcc5e94e690150edf6cf0.virobj
h323msp.dll
393948.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications