× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e03e38fd95379d951d3a020e9576397d736ee2c1219ac73d123f21008c6b9185
File name: vti-rescan
Detection ratio: 4 / 56
Analysis date: 2016-04-12 22:15:43 UTC ( 3 years ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/AD.Teerac.Y.icfs 20160412
McAfee-GW-Edition BehavesLike.Win32.Backdoor.hc 20160412
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160412
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160412
Ad-Aware 20160412
AegisLab 20160412
AhnLab-V3 20160412
Alibaba 20160412
ALYac 20160412
Antiy-AVL 20160412
Arcabit 20160412
Avast 20160412
AVG 20160412
AVware 20160412
Baidu 20160412
Baidu-International 20160412
BitDefender 20160412
Bkav 20160412
CAT-QuickHeal 20160412
ClamAV 20160412
CMC 20160412
Comodo 20160412
Cyren 20160412
DrWeb 20160412
Emsisoft 20160412
ESET-NOD32 20160412
F-Prot 20160412
F-Secure 20160412
Fortinet 20160404
GData 20160412
Ikarus 20160412
Jiangmin 20160412
K7AntiVirus 20160412
K7GW 20160404
Kaspersky 20160412
Kingsoft 20160412
Malwarebytes 20160412
McAfee 20160412
Microsoft 20160412
eScan 20160412
NANO-Antivirus 20160412
nProtect 20160412
Panda 20160412
Sophos AV 20160412
SUPERAntiSpyware 20160412
Symantec 20160412
Tencent 20160412
TheHacker 20160412
TrendMicro 20160412
TrendMicro-HouseCall 20160412
VBA32 20160412
VIPRE 20160412
ViRobot 20160412
Yandex 20160412
Zillya 20160412
Zoner 20160412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-29 01:52:26
Entry Point 0x00016B8A
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegRestoreKeyA
GetServiceKeyNameA
QueryServiceConfigA
OpenServiceW
QueryServiceConfigW
LsaNtStatusToWinError
DeleteService
RegSetValueW
LsaOpenPolicy
OpenSCManagerA
RegisterEventSourceW
DeregisterEventSource
OpenEventLogA
RegisterEventSourceA
ChangeServiceConfig2A
ClearEventLogA
NotifyBootConfigStatus
InitiateSystemShutdownA
CreateProcessAsUserA
CloseEventLog
RegisterServiceCtrlHandlerW
LockServiceDatabase
LsaAddAccountRights
RegisterServiceCtrlHandlerA
LsaClose
LsaQueryInformationPolicy
RegDeleteValueW
NotifyChangeEventLog
RegSetValueExW
PrivilegeCheck
OpenSCManagerW
BackupEventLogA
RegSetValueExA
QueryServiceLockStatusW
RegDeleteValueA
CloseServiceHandle
ChangeServiceConfigW
SetDIBits
GetTextCharsetInfo
Polygon
GetSystemPaletteEntries
OffsetRgn
GetBkMode
CreateFontIndirectA
CreateICW
SetDeviceGammaRamp
CreateRectRgnIndirect
CombineRgn
GetClipBox
GetObjectA
LineTo
GetTextExtentPointA
DeleteObject
CreateDCW
GetICMProfileW
CreateHatchBrush
GetBrushOrgEx
SetEnhMetaFileBits
DescribePixelFormat
MoveToEx
GetStockObject
CreateDIBitmap
GetRgnBox
ExtTextOutA
GdiFlush
CreateRoundRectRgn
RoundRect
EnumFontFamiliesExA
GetBkColor
GetPaletteEntries
GetTextCharacterExtra
Polyline
ExtCreatePen
SetPixelV
GetViewportExtEx
GetTextExtentPoint32W
CreateCompatibleBitmap
DeviceIoControl
GetStartupInfoA
EnterCriticalSection
FlushConsoleInputBuffer
GetModuleHandleA
ExitProcess
Process32Next
GetLogicalDrives
CreateFileMappingA
CancelIo
GetCurrentThread
SendNotifyMessageA
SetPropA
CreateDialogParamW
DefWindowProcA
FindWindowA
DrawFrameControl
DdeCreateDataHandle
CharLowerA
GetClipboardFormatNameA
SetRectEmpty
SetDlgItemInt
MessageBoxA
PeekMessageA
CharLowerW
DestroyCursor
SetKeyboardState
SetActiveWindow
GetDC
GetAsyncKeyState
GetClipCursor
LoadStringA
GetLastActivePopup
GetWindowPlacement
DefFrameProcA
SubtractRect
DdeConnect
CharLowerBuffA
VkKeyScanW
IsCharUpperA
LoadAcceleratorsA
GetScrollRange
EnumDisplaySettingsA
GetKeyboardLayout
SetWindowTextW
CreateIconFromResourceEx
CreateIconFromResource
DispatchMessageW
GetWindowLongW
ModifyMenuA
AppendMenuW
SetCursor
Number of PE resources by type
RT_ICON 7
RT_DIALOG 4
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 9
JAPANESE DEFAULT 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.164.139.13

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2568192

EntryPoint
0x16b8a

OriginalFileName
Vibrating.exe

MIMEType
application/octet-stream

LegalCopyright
Blush Conservatives 2010

FileVersion
2014

TimeStamp
2012:07:29 02:52:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cortex

FileDescription
Basil

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Luis Cobian

CodeSize
90112

ProductName
Luis Cobian Billing

ProductVersionNumber
0.215.80.181

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 faf825375bb6e13338dc16376deca6cf
SHA1 a2c1806eff5b241a5ddadb11ecbb0e7074026d9d
SHA256 e03e38fd95379d951d3a020e9576397d736ee2c1219ac73d123f21008c6b9185
ssdeep
6144:Umpz8bEjM96yzPMytB4FocXZAJmmFCH24mImU3ScrWAwJhyZOkyJ6C4imdFVwmtI:ppzgzM6gOJm2oRz4crWRJAIfmFhteMl

authentihash 73a8fc1553336ca83da0b05d40a67ef9b27b1a8799a6e2bd98f0f23ec45d3400
imphash 15702b89fee033bac138532ea6c9e751
File size 528.0 KB ( 540672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-12 17:27:48 UTC ( 3 years ago )
Last submission 2016-04-12 22:15:43 UTC ( 3 years ago )
File names spedizione_19852.exe
Informacje_przesylce.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!