× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e3c36ab150c496264ccc084b2acede19d1f119baf089d7df97cb20f0c66d12d7
File name: vti-rescan
Detection ratio: 35 / 56
Analysis date: 2016-06-17 10:41:01 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3315441 20160617
AegisLab Generic.R.Jyc!c 20160617
AhnLab-V3 Trojan/Win32.Upbot 20160617
ALYac Trojan.GenericKD.3315441 20160617
Antiy-AVL Trojan/Win32.TSGeneric 20160617
Arcabit Trojan.Generic.D3296F1 20160617
Avast Win32:Crypt-SMG [Trj] 20160617
AVG Generic_r.JYC 20160617
Avira (no cloud) TR/Crypt.ZPACK.kzoq 20160617
AVware Trojan.Win32.Generic!BT 20160617
Baidu Win32.Trojan.Kryptik.aiz 20160616
BitDefender Trojan.GenericKD.3315441 20160617
Cyren W32/S-e2e07e9d!Eldorado 20160616
DrWeb Trojan.DownLoader20.15150 20160617
Emsisoft Trojan.GenericKD.3315441 (B) 20160617
ESET-NOD32 a variant of Win32/Kryptik.EZZU 20160617
F-Prot W32/S-e2e07e9d!Eldorado 20160617
F-Secure Trojan.GenericKD.3315441 20160617
Fortinet W32/Kryptik.EZYD!tr 20160617
GData Trojan.GenericKD.3315441 20160617
Ikarus Trojan.Win32.Crypt 20160617
Jiangmin TrojanProxy.Lethic.na 20160617
K7AntiVirus Trojan ( 004f20731 ) 20160617
Kaspersky Backdoor.Win32.Androm.jysv 20160617
McAfee Artemis!D0A1055F2A95 20160617
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fm 20160617
Microsoft VirTool:Win32/CeeInject.GF 20160617
eScan Trojan.GenericKD.3315441 20160617
nProtect Trojan.GenericKD.3315441 20160617
Panda Trj/GdSda.A 20160616
Qihoo-360 QVM09.0.Malware.Gen 20160617
Sophos AV Mal/Generic-S 20160617
Symantec Trojan Horse 20160617
Tencent Win32.Backdoor.Androm.Wqcn 20160617
VIPRE Trojan.Win32.Generic!BT 20160615
Alibaba 20160617
Baidu-International 20160614
Bkav 20160617
CAT-QuickHeal 20160617
ClamAV 20160617
CMC 20160616
Comodo 20160616
K7GW 20160616
Kingsoft 20160617
Malwarebytes 20160617
NANO-Antivirus 20160617
SUPERAntiSpyware 20160617
TheHacker 20160616
TotalDefense 20160616
TrendMicro 20160617
TrendMicro-HouseCall 20160617
VBA32 20160616
ViRobot 20160617
Yandex 20160616
Zillya 20160616
Zoner 20160617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-14 20:02:54
Entry Point 0x00007DB0
Number of sections 4
PE sections
PE imports
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
HeapDestroy
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
FindResourceExA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
CreateMutexA
SetFilePointer
SetFileAttributesW
LockFileEx
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
SetCurrentDirectoryW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
ConvertFiberToThread
GetStartupInfoA
UnlockFile
GetFileSize
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
GetModuleFileNameW
FreeEnvironmentStringsW
FindFirstFileA
CompareStringA
FindFirstFileW
IsValidLocale
GetUserDefaultLCID
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
lstrlenA
LCMapStringA
FindNextFileW
GetThreadLocale
GetEnvironmentStringsW
WaitForSingleObjectEx
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
SetThreadAffinityMask
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetFileAttributesExW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
ResetEvent
RedrawWindow
GetMessagePos
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
CharUpperBuffW
VkKeyScanW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
SendMessageW
UnregisterClassA
SendMessageA
UnregisterClassW
GetMenuItemInfoW
AllowSetForegroundWindow
CharLowerBuffA
SetScrollPos
CallNextHookEx
GetKeyboardState
GetTopWindow
GetWindowTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
GetParent
UpdateWindow
SetPropA
CharPrevW
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
PeekMessageW
TranslateMDISysAccel
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
RegisterClassW
InsertMenuItemA
GetIconInfo
LoadStringA
SetParent
SetClipboardData
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
IsDialogMessageW
CharNextA
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
GetGUIThreadInfo
GetMenuStringW
IsChild
IsDialogMessageA
SetFocus
CharPrevA
MapVirtualKeyA
GetKeyboardLayoutNameA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
MapVirtualKeyW
RegisterWindowMessageA
ToAsciiEx
MapWindowPoints
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
SetWindowLongA
PostMessageW
GetKeyNameTextW
RemovePropA
SetWindowTextA
GetSubMenu
GetLastActivePopup
SetWindowTextW
CreateWindowExA
BringWindowToTop
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
AttachThreadInput
GetMenuState
ShowOwnedPopups
GetSystemMenu
GetDC
SetForegroundWindow
OpenClipboard
CharLowerBuffW
IntersectRect
GetScrollInfo
GetKeyboardLayout
WaitMessage
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
GetMenu
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetWindowDC
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
GetKeyNameTextA
IsWindowVisible
CharToOemA
GetDCEx
MonitorFromWindow
SetRect
InvalidateRect
CharNextW
CallWindowProcW
SetWindowsHookExW
IsRectEmpty
GetFocus
SetMenu
SetCursor
Number of PE resources by type
RT_DIALOG 4
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
TAMIL DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:06:14 21:02:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68608

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
254976

SubsystemVersion
5.0

EntryPoint
0x7db0

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d0a1055f2a954c96ec8ea6816a2ce1c8
SHA1 ffc1e9a3414ee6d6b53e9daf0bbbb87376ccf184
SHA256 e3c36ab150c496264ccc084b2acede19d1f119baf089d7df97cb20f0c66d12d7
ssdeep
6144:DzJOKkWv7W7SG9EGISpkQwWoHroee4eEQkoUKFMoN:MKk/7SGRB2A93RUGMoN

authentihash de90da8470b7a51bfe1740db35d2a42adcaee91919d503883adee404c5638102
imphash 55c3f63a28a249b464aaf2e6e5439f63
File size 317.0 KB ( 324608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-14 20:41:24 UTC ( 2 years, 8 months ago )
Last submission 2016-06-15 06:10:27 UTC ( 2 years, 8 months ago )
File names winhlp32.exe
nut885.exe
nut50a885.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications