× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d196dee5901989918b258541552a12a841c0c01b811d2ae62dd25fbd8cecddd5
File name: vti-rescan
Detection ratio: 30 / 41
Analysis date: 2012-09-12 23:36:56 UTC ( 5 years, 7 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Diple 20120910
AntiVir TR/Crypt.ASPM.Gen7 20120910
Avast Win32:Malware-gen 20120910
AVG Generic28.CGVW 20120910
BitDefender Gen:Variant.Zusy.12323 20120910
CAT-QuickHeal (Suspicious) - DNAScan 20120910
Commtouch W32/Zbot.FY.gen!Eldorado 20120909
Comodo Packed.Win32.MNSP.Gen 20120910
Emsisoft Trojan-PWS.Win32.Zbot!IK 20120910
ESET-NOD32 a variant of Win32/Kryptik.AJMB 20120910
F-Prot W32/Zbot.FY.gen!Eldorado 20120909
F-Secure Gen:Variant.Zusy.12323 20120910
Fortinet W32/Kryptik.AIJU!tr 20120830
GData Gen:Variant.Zusy.12323 20120910
Ikarus Trojan-PWS.Win32.Zbot 20120910
Jiangmin Trojan/Generic.ajhzn 20120910
K7AntiVirus Riskware 20120907
Kaspersky HEUR:Trojan.Win32.Generic 20120910
McAfee PWS-Zbot.gen.aie 20120910
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20120910
Microsoft PWS:Win32/Zbot.gen!Y 20120910
Norman W32/Troj_Generic.DJTZA 20120909
Panda Generic Trojan 20120910
Symantec Trojan.Gen.2 20120910
TheHacker Trojan/Kryptik.aiju 20120910
TrendMicro TROJ_GEN.R47C7HD 20120910
TrendMicro-HouseCall TROJ_GEN.R47C7HD 20120910
VBA32 BScope.Trojan.Zbot.9812 20120910
VIPRE Trojan.Win32.Generic!BT 20120910
VirusBuster Trojan.Kryptik!nlGP1yVW2YA 20120910
Antiy-AVL 20120910
ByteHero 20120830
ClamAV 20120910
DrWeb 20120910
eSafe 20120907
nProtect 20120910
Rising 20120910
Sophos AV 20120910
SUPERAntiSpyware 20120910
TotalDefense 20120910
ViRobot 20120910
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file for the Windows GUI subsystem.
Packers identified
Command Aspack, Aspack
F-PROT Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-02-15 05:15:27
Entry Point 0x00151000
Number of sections 7
PE sections
PE imports
GdipFree
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
VariantChangeTypeEx
IsWindowEnabled
GetForegroundWindow
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1997:02:14 21:15:27-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6656

LinkerVersion
9.75

EntryPoint
0x151000

InitializedDataSize
11776

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 550dd1001bc8e65a7d852579528c689b
SHA1 4b4ccc5a06ee06832acb563eee808590bdfe96e7
SHA256 d196dee5901989918b258541552a12a841c0c01b811d2ae62dd25fbd8cecddd5
ssdeep
6144:SqvyU4wi8OoRhYoS+JZGCC520g4TDAYPSl6XKXzFSGd1Cn+aCyIK3ccnMxjY1egZ:SqvyU4wvhHS+JQCCc09AYqlBVCW1K3Db

File size 357.5 KB ( 366080 bytes )
File type DOS EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
Tags
peexe asprotect aspack mz

VirusTotal metadata
First submission 2012-08-10 10:51:15 UTC ( 5 years, 8 months ago )
Last submission 2012-09-12 23:36:56 UTC ( 5 years, 7 months ago )
File names 23html.html
hVLNe.bmp
23
366080_550dd1001bc8e65a7d852579528c689b.exe
550DD1001BC8E65A7D852579528C689B
2mwUkWscYj.odt
f8366dde07b95fb010961e090df9b7a8
vti-rescan
1344689659.550DD1001BC8E65A7D852579528C689B
file-4352095_
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications