× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d94c8829f2947112e13848b4519db2a24c16dbb93947f6121d25a8073f4c1d34
File name: vti-rescan
Detection ratio: 39 / 55
Analysis date: 2014-11-17 13:34:23 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.26215 20141117
Yandex Trojan.Injector!b+/OnIMXcAo 20141117
AhnLab-V3 Trojan/Win32.Necurs 20141117
Antiy-AVL Trojan/Win32.Bublik 20141117
Avast Win32:GenMalicious-ANP [Trj] 20141117
AVG Inject2.BBDG 20141117
Avira (no cloud) TR/Spy.ZBot.xbbeicr 20141117
AVware Trojan.Win32.Generic!BT 20141117
Baidu-International Trojan.Win32.Bublik.Aseu 20141107
BitDefender Trojan.GenericKDZ.26215 20141117
Bkav HW32.Packed.3F93 20141117
DrWeb Trojan.DownLoader11.37237 20141117
Emsisoft Trojan.GenericKDZ.26215 (B) 20141117
ESET-NOD32 a variant of Win32/Injector.BNNU 20141117
F-Prot W32/A-ad99632f!Eldorado 20141117
F-Secure Trojan.GenericKDZ.26215 20141116
Fortinet W32/BNNU!tr 20141117
GData Trojan.GenericKDZ.26215 20141117
Ikarus Trojan-Ransom.CryptoWall 20141117
K7AntiVirus Trojan ( 004af40d1 ) 20141117
K7GW Trojan ( 004af40d1 ) 20141117
Kaspersky Trojan.Win32.Bublik.cvdi 20141117
McAfee RDN/Generic.dx!dgl 20141117
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20141117
eScan Trojan.GenericKDZ.26215 20141117
NANO-Antivirus Trojan.Win32.Bublik.dhmwnq 20141117
Norman Suspicious_Gen4.HDVWH 20141117
nProtect Trojan.GenericKDZ.26215 20141117
Panda Trj/CI.A 20141116
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20141117
Sophos Mal/Agent-APO 20141117
SUPERAntiSpyware Trojan.Agent/Gen-Zusy 20141116
Symantec WS.Reputation.1 20141117
Tencent Win32.Backdoor.Bp-generic.Oayz 20141117
TrendMicro TSPY_ZEMOT.SMN0 20141117
TrendMicro-HouseCall Suspicious_GEN.F47V1104 20141117
VBA32 Trojan.Bublik 20141117
VIPRE Trojan.Win32.Generic!BT 20141117
ViRobot Trojan.Win32.Agent.84992.JC 20141117
AegisLab 20141117
ByteHero 20141117
CAT-QuickHeal 20141117
ClamAV 20141117
CMC 20141117
Comodo 20141117
Cyren 20141117
Jiangmin 20141116
Kingsoft 20141117
Malwarebytes 20141117
Microsoft 20141117
Rising 20141116
TheHacker 20141115
TotalDefense 20141117
Zillya 20141117
Zoner 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-01 17:21:07
Entry Point 0x00001E20
Number of sections 4
PE sections
PE imports
GetUserNameA
RegOpenKeyExW
GetUserNameW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetWindowsDirectoryW
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetCommandLineW
GetCPInfo
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetProcAddress
EncodePointer
GetProcessHeap
GetComputerNameW
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemDirectoryW
DeleteCriticalSection
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
GetDesktopWindow
IsIconic
GetForegroundWindow
LoadBitmapA
GetWindowLongW
Number of PE resources by type
RT_ICON 3
RT_MESSAGETABLE 1
RT_VXD 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:01 18:21:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
21504

LinkerVersion
1.1

FileAccessDate
2014:11:17 14:35:25+01:00

EntryPoint
0x1e20

InitializedDataSize
283648

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
1.1

FileCreateDate
2014:11:17 14:35:25+01:00

UninitializedDataSize
0

File identification
MD5 e28509c353ac17f849fe60acfddcbf85
SHA1 a34711655c8a288dd74f57ec85d4f0a0b325b387
SHA256 d94c8829f2947112e13848b4519db2a24c16dbb93947f6121d25a8073f4c1d34
ssdeep
6144:pIx2Bj6v88w/qgVXe5Gn+o9Jh9SWe5YgS/Zj26eMs2mV5b2PUqZm+m:G0BjA88w/9le5y0zShj/s2m+Ndm

authentihash 5932a21c9de7cb7b3ceab0a56e1763db0b8960002ee4a4996e447e6fc937f3cf
imphash 9011d81d05ea2bf404eb5e96503122c3
File size 299.0 KB ( 306176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-21 10:33:28 UTC ( 2 years, 5 months ago )
Last submission 2014-10-29 01:51:19 UTC ( 2 years, 4 months ago )
File names vti-rescan
vt-upload-ZuS0z
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.