× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e46ad827327bdcf841d0eea03675e2f7b3eafbe3a9b8fab96a9e3df586480870
File name: vti-rescan
Detection ratio: 21 / 44
Analysis date: 2012-12-27 06:41:47 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Dropper/Win32.Injector 20121226
AntiVir TR/Crypt.XPACK.Gen7 20121226
Avast Win32:FakeAV-EEX [Trj] 20121227
AVG Dropper.Generic7.SWO 20121226
BitDefender Gen:Variant.FakeAV.92 20121227
Comodo UnclassifiedMalware 20121227
ESET-NOD32 a variant of Win32/Injector.YYR 20121226
F-Secure Gen:Variant.FakeAV.92 20121227
Fortinet W32/Injector.GGHC!tr 20121227
GData Gen:Variant.FakeAV.92 20121227
Ikarus Trojan.SuspectCRC 20121227
K7AntiVirus Riskware 20121226
Kaspersky Trojan-Dropper.Win32.Injector.gghc 20121227
McAfee Artemis!5375FB5E8676 20121227
McAfee-GW-Edition Artemis!5375FB5E8676 20121226
Norman W32/Suspicious_Gen5.IXKW 20121226
Panda Trj/CI.A 20121226
Symantec WS.Reputation.1 20121227
TrendMicro TROJ_GEN.RCBZ7LH 20121227
TrendMicro-HouseCall TROJ_GEN.RCBZ7LH 20121227
VIPRE Trojan.Win32.Generic!BT 20121227
Yandex 20121226
Antiy-AVL 20121226
ByteHero 20121226
CAT-QuickHeal 20121227
Commtouch 20121227
DrWeb 20121227
Emsisoft 20121227
eSafe 20121226
F-Prot 20121226
Jiangmin 20121221
Kingsoft 20121225
Malwarebytes 20121227
Microsoft 20121227
eScan 20121227
NANO-Antivirus 20121227
nProtect 20121226
PCTools 20121227
Rising 20121227
Sophos AV 20121227
SUPERAntiSpyware 20121227
TheHacker 20121226
TotalDefense 20121226
ViRobot 20121227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright Limited Energy Software

Publisher Limited Energy Software
Product UDPTrustedWPCActivate
Original name UDPTrustedWPCActivate.exe
Internal name UDPTrustedWPCActivate
File version 13.9.2.5
Description UDPTrustedWPCActivate
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-07-05 00:41:33
Entry Point 0x00049DD8
Number of sections 4
PE sections
PE imports
GetDeviceCaps
GetObjectA
LineTo
ExtTextOutW
SetMapMode
CreateBitmap
MoveToEx
GetStockObject
GetCharWidthW
UpdateColors
TextOutA
CreateFontIndirectA
Polyline
SetPaletteEntries
SetBkColor
CreateCompatibleDC
GetPixel
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
VerifyVersionInfoW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FormatMessageW
InitializeCriticalSection
TlsGetValue
SetLastError
GetModuleFileNameW
SetConsoleActiveScreenBuffer
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateSemaphoreW
TerminateProcess
VirtualQuery
GetCurrentThreadId
SleepEx
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetProcAddress
CompareStringW
WriteFile
GetBinaryTypeW
FindFirstFileA
CompareStringA
GetBinaryTypeA
EscapeCommFunction
GetPrivateProfileSectionW
LocalSize
GetCurrencyFormatA
GetFileType
TlsSetValue
ExitProcess
GetCurrencyFormatW
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
SetConsoleMode
GetSystemInfo
LCMapStringA
GetEnvironmentStringsW
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
SetCommBreak
CloseHandle
GetACP
IsBadStringPtrW
HeapCreate
OpenSemaphoreA
VirtualFree
Sleep
IsBadReadPtr
IsBadStringPtrA
GetProcessVersion
VirtualAlloc
CommandLineToArgvW
GetMessageA
DrawEdge
EndDialog
BeginPaint
SetCaretPos
CreateCaret
FindWindowA
DefWindowProcA
ShowWindow
SetWindowPos
IsWindow
SetWindowPlacement
PostMessageA
GetDlgItemTextA
PeekMessageA
DialogBoxParamA
GetSysColor
SetScrollInfo
MapDialogRect
SystemParametersInfoA
SetWindowTextA
ShowCaret
GetQueueStatus
GetWindowPlacement
SendMessageA
EnableMenuItem
UpdateWindow
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
GetKeyboardState
CloseClipboard
DestroyWindow
IsDialogMessageA
SetCursor
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.9.3.6

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
2916352

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright Limited Energy Software

FileVersion
13.9.2.5

TimeStamp
2008:07:05 01:41:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UDPTrustedWPCActivate

ProductVersion
13.9.2.5

FileDescription
UDPTrustedWPCActivate

OSVersion
4.0

OriginalFilename
UDPTrustedWPCActivate.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Limited Energy Software

CodeSize
520192

ProductName
UDPTrustedWPCActivate

ProductVersionNumber
8.0.1.1

EntryPoint
0x49dd8

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 5375fb5e867680ffb8e72d29db9abbd5
SHA1 f1e0d587b28ce77a1a5502ab5fd1de83cea40e06
SHA256 e46ad827327bdcf841d0eea03675e2f7b3eafbe3a9b8fab96a9e3df586480870
ssdeep
98304:TGOVzMCqoTjxJaJ1+xJjM882tEEIvzQHud:7RMCqoSuELvEm

authentihash 292ef4628edf0404908adf5748db620b0b85fbddedcbbb63a91be28f3917a918
imphash 7e382b447010d490217d1bb32e70b06e
File size 15.0 MB ( 15730458 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.9%)
Win32 Executable MS Visual C++ (generic) (27.0%)
Win64 Executable (generic) (23.9%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.9%)
Tags
peexe

VirusTotal metadata
First submission 2012-11-21 21:26:45 UTC ( 5 years, 8 months ago )
Last submission 2015-04-25 09:01:03 UTC ( 3 years, 2 months ago )
File names UDPTrustedWPCActivate
FileMaker_Server_Advanced_v12.0.1_MULTiLANGUAGE-CYGiSO.ex
FileMaker_Server_Advanced_v12.0.1_MULTiLANGUAGE-CYGiSO.exe_
FileMaker_Server_Advanced_v12.0.1_MULTiLANGUAGE-CYGiSO.exe
vti-rescan
FileMaker_Server_Advanced_v12.0.1_MULTiLANGUAGE-CYGiSO.exe
UDPTrustedWPCActivate.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs