× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d522750877e21e1faa50f00dc88db3e607d7e742c233e74a4b6f4ac96cbb9974
File name: vti-rescan
Detection ratio: 29 / 46
Analysis date: 2013-08-19 14:24:10 UTC ( 5 years, 8 months ago ) View latest
Antivirus Result Update
Yandex Rootkit.Avatar!zxLckezYJ+A 20130819
AhnLab-V3 Backdoor/Win32.Avatar 20130819
AntiVir TR/Crypt.Xpack.20575 20130819
Avast Win32:Malware-gen 20130819
AVG BackDoor.Generic17.ADJB 20130819
BitDefender Gen:Variant.Kazy.224808 20130819
CAT-QuickHeal Trojan.Meredrop 20130819
Comodo UnclassifiedMalware 20130819
DrWeb Trojan.Siggen5.35969 20130819
Emsisoft Gen:Variant.Kazy.224808 (B) 20130819
ESET-NOD32 Win32/Rootkit.Avatar 20130819
F-Secure Gen:Variant.Kazy.224879 20130819
Fortinet W32/Kryptik.BBAA!tr 20130819
GData Gen:Variant.Kazy.224808 20130819
Ikarus Rootkit.Win32.Avatar 20130819
Kaspersky Rootkit.Win32.Avatar.i 20130819
Malwarebytes Trojan.Agent 20130819
McAfee RDN/Generic Dropper!qq 20130819
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20130819
Microsoft Trojan:Win32/Meredrop 20130819
eScan Gen:Variant.Kazy.224808 20130819
Norman Suspicious_Gen4.EHEJB 20130819
Panda Trj/CI.A 20130819
Sophos AV Mal/ZAccess-BP 20130819
Symantec WS.Reputation.1 20130819
TrendMicro TROJ_SPNR.15HD13 20130819
TrendMicro-HouseCall TROJ_SPNR.15HD13 20130819
VBA32 Rootkit.Avatar 20130819
VIPRE Lookslike.Win32.Sirefef.wa (v) 20130819
Antiy-AVL 20130819
ByteHero 20130817
ClamAV 20130819
Commtouch 20130819
F-Prot 20130819
Jiangmin 20130819
K7AntiVirus 20130817
K7GW 20130816
Kingsoft 20130723
NANO-Antivirus 20130819
nProtect 20130816
PCTools 20130819
Rising 20130819
SUPERAntiSpyware 20130819
TheHacker 20130819
TotalDefense 20130816
ViRobot 20130819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
MolyINCER © SoftWare © 2012

Product MolyINCER © SoftWare
Original name zgkcryw.exe
Internal name zgkcryw
File version a 8 RC127.121710112.931
Description MolyINCER © SoftWare
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-20 13:25:36
Entry Point 0x0000351F
Number of sections 6
PE sections
PE imports
DirectPlay8Create
GetTextColor
GetTextFaceA
GetStdHandle
HeapDestroy
GetVolumePathNameA
GetConsoleCommandHistoryA
GetProcessId
CreatePipe
Heap32Next
GetLocaleInfoA
LocalAlloc
GetConsoleCursorInfo
OpenFileMappingA
SetErrorMode
GetVolumePathNamesForVolumeNameA
SetDefaultCommConfigA
GetTempPathA
GetThreadTimes
GetSystemTimes
ConnectNamedPipe
SetFileAttributesA
TransmitCommChar
GetThreadPriority
SetLocaleInfoA
BeginUpdateResourceA
HeapSummary
GetNumberOfConsoleInputEvents
DeleteTimerQueueEx
GetModuleFileNameA
FlushViewOfFile
Heap32First
Module32First
SetFileShortNameA
TerminateJobObject
CreateMutexA
CreateDirectoryExW
SetUnhandledExceptionFilter
SetDllDirectoryA
ClearCommError
ReadConsoleA
GetThreadSelectorEntry
FillConsoleOutputCharacterA
LZOpenFileA
GetOEMCP
GetTickCount
ReadConsoleOutputCharacterA
FlushFileBuffers
EndUpdateResourceA
UnlockFile
GetWindowsDirectoryA
VirtualAllocEx
GetConsoleAliasesA
GetProcessHeap
GetComputerNameExA
CreateFileMappingW
GetDllDirectoryA
GetProcessWorkingSetSize
FindFirstFileExW
DuplicateConsoleHandle
GetConsoleWindow
SetConsoleInputExeNameA
SetConsoleActiveScreenBuffer
OpenJobObjectA
GetConsoleAliasesLengthA
GetShortPathNameW
FindFirstChangeNotificationA
GetEnvironmentStringsA
GlobalGetAtomNameA
GetThreadLocale
GetDevicePowerState
CreateNamedPipeA
RemoveDirectoryA
GetCommTimeouts
LockResource
BuildCommDCBAndTimeoutsW
GetConsoleTitleA
ReleaseSemaphore
MapViewOfFile
GetModuleHandleA
ReadFile
UnlockFileEx
SetThreadExecutionState
SetCommConfig
UnmapViewOfFile
WriteConsoleOutputCharacterA
Sleep
IsBadReadPtr
ReadFileEx
IsBadCodePtr
OpenEventA
glEdgeFlagPointer
SetFocus
GetAppCompatFlags2
SendMessageCallbackA
IsWinEventHookInstalled
GetMenuInfo
IntersectRect
SetMenuItemBitmaps
EnumWindows
MoveWindow
BroadcastSystemMessageA
RegisterTasklist
ClientThreadSetup
GetClassInfoExA
PostQuitMessage
SetMenuContextHelpId
GetForegroundWindow
MessageBeep
PrivateExtractIconsA
FlashWindowEx
SetClassLongA
LoadKeyboardLayoutEx
GetWindowThreadProcessId
MessageBoxExA
CharToOemBuffA
QuerySendMessage
DefRawInputProc
GetScrollBarInfo
ChangeDisplaySettingsExW
InflateRect
CreateDesktopA
DrawAnimatedRects
SetMenuItemInfoA
CharUpperBuffA
GetMessagePos
UnregisterHotKey
MessageBoxA
CascadeWindows
CharToOemBuffW
GetClassLongA
GetFocus
ActivateKeyboardLayout
GetWindowWord
GetDC
UnregisterMessagePumpHook
EndDeferWindowPos
MapDialogRect
CharNextExA
MenuItemFromPoint
SetWindowWord
GetQueueStatus
SetDlgItemTextA
SendMessageTimeoutA
IsServerSideWindow
CloseWindow
IsZoomed
SetMenuDefaultItem
GetClipboardFormatNameA
RealGetWindowClassA
TabbedTextOutA
GetMouseMovePointsEx
GetWindowTextLengthA
NotifyWinEvent
CopyAcceleratorTableA
GetKeyboardState
CountClipboardFormats
BlockInput
DrawFrame
UnhookWindowsHook
RegisterServicesProcess
GetDialogBaseUnits
EnumClipboardFormats
CreateDialogIndirectParamA
GetClassNameA
ReuseDDElParam
ToUnicode
SendDlgItemMessageA
CharToOemA
DialogBoxIndirectParamA
DestroyWindow
Number of PE resources by type
VARION 4
RT_VERSION 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.71

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.3.69

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
136704

EntryPoint
0x351f

OriginalFileName
zgkcryw.exe

MIMEType
application/octet-stream

LegalCopyright
MolyINCER SoftWare 2012

FileVersion
a 8 RC127.121710112.931

TimeStamp
2013:06:20 14:25:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
zgkcryw

ProductVersion
8141.8134 RelC

FileDescription
MolyINCER SoftWare

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MolyINCER SoftWare

CodeSize
10752

ProductName
MolyINCER SoftWare

ProductVersionNumber
3.0.101.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5cd391b2c4d5895a09230ab2184c7196
SHA1 d68ffd63702e34dbade04e7775f36ac8474ae1e1
SHA256 d522750877e21e1faa50f00dc88db3e607d7e742c233e74a4b6f4ac96cbb9974
ssdeep
3072:Dy8CxYaGAugAM7wWOkBUjoZ5HXTjryfZstZ0E9eDbxxVo9FL:Dy8onGAugAMpBUSyf08e9FL

authentihash 94bd4a497e2eda7a550bb4854010e75b141cb8905d7276d8ed229c14d8b5be59
imphash 7d83068690ece0661d786ad251399fc2
File size 145.0 KB ( 148480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-04 03:40:47 UTC ( 5 years, 9 months ago )
Last submission 2015-06-12 11:23:38 UTC ( 3 years, 10 months ago )
File names 5cd391b2c4d5895a09230ab2184c7196_dropper2
007029044
6031.tmp
zgkcryw.exe
E.tmp.exe
vti-rescan
zgkcryw
1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!