× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5aa610a046132f43e3efeb47a0edce10c2d99a641eda8e1d6635f8b9dab44d3
File name: vti-rescan
Detection ratio: 25 / 44
Analysis date: 2012-12-27 06:41:27 UTC ( 5 years, 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Dropper/Win32.Injector 20121226
AntiVir TR/FakeAV.92.391 20121226
Avast Win32:FakeAV-EEX [Trj] 20121227
AVG Dropper.Generic7.TIN 20121226
BitDefender Gen:Variant.FakeAV.92 20121227
CAT-QuickHeal TrojanDropper.Injector.ggbl 20121227
Comodo UnclassifiedMalware 20121227
ESET-NOD32 a variant of Win32/Injector.YYR 20121226
F-Secure Gen:Variant.FakeAV.92 20121227
Fortinet W32/Injector.YYR 20121227
GData Gen:Variant.FakeAV.92 20121227
Ikarus Trojan.SuspectCRC 20121227
K7AntiVirus Riskware 20121226
Kaspersky Trojan-Dropper.Win32.Injector.ggbl 20121227
McAfee Artemis!2E1814CCCF0C 20121227
McAfee-GW-Edition Artemis!2E1814CCCF0C 20121226
eScan Gen:Variant.FakeAV.92 20121227
Norman W32/Troj_Generic.FPNGA 20121226
Panda Trj/CI.A 20121226
Symantec WS.Reputation.1 20121227
TrendMicro TROJ_GEN.RCBZ7LB 20121227
TrendMicro-HouseCall TROJ_GEN.RCBZ7LB 20121227
VBA32 Trojan-Dropper.Injector.ggbl 20121226
VIPRE Trojan.Win32.Generic!BT 20121227
ViRobot Dropper.A.Injector.17949744 20121227
Yandex 20121226
Antiy-AVL 20121226
ByteHero 20121226
Commtouch 20121227
DrWeb 20121227
Emsisoft 20121227
F-Prot 20121226
Jiangmin 20121221
Kingsoft 20121225
Malwarebytes 20121227
Microsoft 20121227
NANO-Antivirus 20121227
nProtect 20121226
PCTools 20121227
Rising 20121227
Sophos AV 20121227
SUPERAntiSpyware 20121227
TheHacker 20121226
TotalDefense 20121226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright Info Network Worldwide

Product UDPDNSEvent
Original name UDPDNSEvent.exe
Internal name UDPDNSEvent
File version 0.12.11.11
Description UDPDNSEvent
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-27 17:08:50
Entry Point 0x00046FAF
Number of sections 4
PE sections
Overlays
MD5 7107e784fc2c636db456310efb85144a
File type ASCII text
Offset 3411968
Size 14537776
Entropy 0.00
PE imports
GetDeviceCaps
TranslateCharsetInfo
MoveToEx
GetTextExtentExPointA
SetBkMode
CreateFontA
CreatePen
GetBkMode
GetCharWidthW
GetCharWidth32W
CreateFontIndirectA
ExtTextOutA
IntersectClipRect
SetBkColor
GetPixel
Rectangle
GetCharWidthA
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
VerifyVersionInfoW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FormatMessageW
InitializeCriticalSection
TlsGetValue
SetLastError
GetModuleFileNameW
SetConsoleActiveScreenBuffer
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateSemaphoreW
TerminateProcess
VirtualQuery
GetCurrentThreadId
SleepEx
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetProcAddress
CompareStringW
WriteFile
GetBinaryTypeW
FindFirstFileA
CompareStringA
GetBinaryTypeA
EscapeCommFunction
GetPrivateProfileSectionW
LocalSize
GetCurrencyFormatA
GetFileType
TlsSetValue
ExitProcess
GetCurrencyFormatW
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
SetConsoleMode
GetSystemInfo
LCMapStringA
GetEnvironmentStringsW
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
SetCommBreak
CloseHandle
GetACP
IsBadStringPtrW
HeapCreate
OpenSemaphoreA
VirtualFree
Sleep
IsBadReadPtr
IsBadStringPtrA
GetProcessVersion
VirtualAlloc
CommandLineToArgvW
SetFocus
GetMessageA
GetCaretBlinkTime
SystemParametersInfoA
HideCaret
CheckRadioButton
GetClipboardOwner
PostQuitMessage
DefWindowProcA
FindWindowA
SetClassLongA
IsWindow
EnableWindow
RegisterClipboardFormatA
PostMessageA
ReleaseCapture
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetKeyboardState
GetSysColor
SetActiveWindow
ReleaseDC
ShowCaret
SetDlgItemTextA
GetWindowPlacement
SendMessageA
CreateWindowExA
WinHelpA
EnableMenuItem
RegisterClassA
DeleteMenu
GetWindowLongA
CreateMenu
DefDlgProcA
CheckDlgButton
SetForegroundWindow
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
2904064

ImageVersion
0.0

ProductName
UDPDNSEvent

FileVersionNumber
7.7.2.1

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
7.1

FileTypeExtension
exe

OriginalFileName
UDPDNSEvent.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.12.11.11

TimeStamp
2010:04:27 18:08:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UDPDNSEvent

ProductVersion
0.12.11.11

FileDescription
UDPDNSEvent

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright Info Network Worldwide

MachineType
Intel 386 or later, and compatibles

CompanyName
Info Network Worldwide

CodeSize
507904

FileSubtype
0

ProductVersionNumber
2.8.8.0

EntryPoint
0x46faf

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2e1814cccf0c3bb2cc32e0a0671c0891
SHA1 21ff7e6c1bc9fb2977f45cde72599a831be3af03
SHA256 d5aa610a046132f43e3efeb47a0edce10c2d99a641eda8e1d6635f8b9dab44d3
ssdeep
49152:5SB8vdBAlNNTE74MWBp9EJrXw1nb0TebuHCNi:5SqYNTE74VuBw2aO

authentihash 1c77054a0cc775a2b88d49e4ca94967be0a16ca742e34121247c8c2068a84c63
imphash 7ec983e48b3da5b047af6d52a991bcde
File size 17.1 MB ( 17949744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Executable MS Visual C++ (generic) (26.5%)
Win64 Executable (generic) (23.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-11-21 00:03:16 UTC ( 6 years ago )
Last submission 2018-11-10 05:42:58 UTC ( 1 month ago )
File names Coldplay-Live_2012-2012-BriBerY.exe_
Coldplay-Live_2012-2012-BriBerY.exe
Coldplay-Live_2012-2012-BriBerY.ex
Coldplay-Live_2012-2012-BriBerY.exe
UDPDNSEvent.exe
UDPDNSEvent
Coldplay-Live_2012-2012-BriBerY.exe_
vti-rescan
Coldplay-Live_2012-2012-BriBerY.exe
Coldplay-Live_2012-2012-BriBerY.exe_
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs