× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e791718c0141e3829608142fb0f0d35c9af270f78ae0b72fce2edd07a9684568
File name: vti-rescan
Detection ratio: 44 / 57
Analysis date: 2016-11-11 05:23:27 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.95025 20161111
AegisLab Troj.W32.Generic!c 20161111
AhnLab-V3 Trojan/Win32.Blacken.N1193972312 20161111
ALYac Gen:Variant.Zusy.95025 20161111
Antiy-AVL Trojan[Backdoor]/Win32.Blakken 20161111
Arcabit Trojan.Zusy.D17331 20161111
Avast Win32:Necurs-R [Rtk] 20161111
AVG Hider.ZLW 20161111
Avira (no cloud) RKIT/Agent.Kryptik.ZA 20161110
AVware Trojan.Win32.Generic!BT 20161111
BitDefender Gen:Variant.Zusy.95025 20161111
Comodo UnclassifiedMalware 20161111
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Backdoor.BL.gen!Eldorado 20161111
DrWeb BackDoor.BlackEnergy.73 20161111
Emsisoft Gen:Variant.Zusy.95025 (B) 20161111
ESET-NOD32 a variant of Win32/Rootkit.Kryptik.ZA 20161111
F-Prot W32/Backdoor.BL.gen!Eldorado 20161111
F-Secure Backdoor:W32/BlackEnergy.A 20161111
Fortinet W32/Rootkit_Kryptik.ZA!tr 20161111
GData Gen:Variant.Zusy.95025 20161111
Ikarus Backdoor.Win32.Blakken 20161110
Invincea trojan.win32.dorv.c!rfn 20161018
K7AntiVirus RootKit ( 0049b7981 ) 20161111
K7GW RootKit ( 0049b7981 ) 20161111
Kaspersky HEUR:Trojan.Win32.Generic 20161111
McAfee Trojan-FFFP!462860910526 20161111
McAfee-GW-Edition BehavesLike.Win32.Suspicious.qc 20161110
Microsoft Worm:Win32/Phdet.B 20161111
eScan Gen:Variant.Zusy.95025 20161111
NANO-Antivirus Trojan.Win32.Blakken.dawkzv 20161111
nProtect Backdoor/W32.Blakken.60416.B 20161111
Panda Trj/OCJ.F 20161110
Qihoo-360 Win32/Backdoor.f38 20161111
Rising Trojan.Generic-ybIdklKNLFR (cloud) 20161111
Sophos Mal/BlackEn-C 20161110
Symantec Backdoor.Lancafdo.A 20161111
Tencent Win32.Backdoor.Blakken.Pavo 20161111
TrendMicro BKDR_BLACKEN.A 20161111
TrendMicro-HouseCall BKDR_BLACKEN.A 20161111
VIPRE Trojan.Win32.Generic!BT 20161111
ViRobot Trojan.Win32.Agent.60416.AS[h] 20161111
Yandex Backdoor.Blakken!wJ5/NQpRD38 20161110
Zillya Backdoor.Blakken.Win32.156 20161110
Alibaba 20161110
Baidu 20161111
Bkav 20161111
CAT-QuickHeal 20161111
ClamAV 20161111
CMC 20161111
Jiangmin 20161111
Kingsoft 20161111
Malwarebytes 20161111
SUPERAntiSpyware 20161110
TheHacker 20161111
TotalDefense 20161111
VBA32 20161110
Zoner 20161111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009

Product Microsoft Windows Operating System
File version 5.1.2600.5512 (xpsp.080413-0852)
Description IDE Port Driver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0000B635
Number of sections 5
PE sections
PE imports
KfReleaseSpinLock
KfLowerIrql
KfAcquireSpinLock
ExReleaseFastMutex
KfRaiseIrql
ExAcquireFastMutex
KeStallExecutionProcessor
HalGetBusData
KeGetCurrentIrql
ZwOpenKey
_allmul
IoSetDeviceInterfaceState
RtlCreateSecurityDescriptor
PoCallDriver
_snwprintf
IoDisconnectInterrupt
IoIsWdmVersionAvailable
IoInvalidateDeviceState
SeExports
MmGetSystemRoutineAddress
KeTickCount
KeCancelTimer
PsGetVersion
RtlAddAccessAllowedAce
PsTerminateSystemThread
IoDeleteSymbolicLink
KeSetEvent
READ_REGISTER_UCHAR
RtlFreeUnicodeString
KdDebuggerNotPresent
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
MmAllocatePagesForMdl
ObOpenObjectByPointer
RtlLengthSecurityDescriptor
IoWMIWriteEvent
MmAllocateContiguousMemorySpecifyCache
ObfReferenceObject
_purecall
MmUnmapIoSpace
RtlGetSaclSecurityDescriptor
_wcsnicmp
SeCaptureSecurityDescriptor
ExInterlockedPushEntrySList
RtlUnicodeToMultiByteN
ExReleaseFastMutexUnsafe
IoCreateDevice
IoDeleteDevice
IoReleaseCancelSpinLock
IoFreeWorkItem
ExInterlockedFlushSList
KeInitializeTimerEx
ExDeleteNPagedLookasideList
MmMapIoSpace
WRITE_REGISTER_ULONG
KeResetEvent
MmGetPhysicalAddress
IoAttachDeviceToDeviceStack
ExInitializeNPagedLookasideList
PoRequestPowerIrp
KeEnterCriticalRegion
ZwQueryValueKey
DbgBreakPoint
MmFreeContiguousMemorySpecifyCache
RtlSetDaclSecurityDescriptor
PsCreateSystemThread
IoDeviceObjectType
READ_REGISTER_USHORT
ZwSetSecurityObject
ZwSetValueKey
IoWMIRegistrationControl
RtlCompareMemory
IoQueueWorkItem
KeQuerySystemTime
RtlInitUnicodeString
IoDetachDevice
IoAllocateIrp
RtlAbsoluteToSelfRelativeSD
KeInitializeEvent
MmMapLockedPagesSpecifyCache
IoInvalidateDeviceRelations
RtlUnwind
IoCancelIrp
IoGetDriverObjectExtension
READ_REGISTER_ULONG
WRITE_REGISTER_UCHAR
MmFreePagesFromMdl
KeClearEvent
ExAcquireFastMutexUnsafe
ExAllocatePoolWithTag
IoFreeIrp
KeGetCurrentThread
RtlGetDaclSecurityDescriptor
wcschr
KeSetTimer
KeInitializeSpinLock
KeWaitForSingleObject
KeInitializeDpc
RtlLengthSid
WRITE_REGISTER_USHORT
PoStartNextPowerIrp
KdDebuggerEnabled
IoOpenDeviceRegistryKey
PoSetPowerState
IoAllocateWorkItem
IoAllocateDriverObjectExtension
KeQueryTimeIncrement
swprintf
DbgPrint
RtlQueryRegistryValues
ZwCreateKey
IoConnectInterrupt
MmUnmapLockedPages
RtlGetOwnerSecurityDescriptor
IofCompleteRequest
KeLeaveCriticalRegion
KeInitializeTimer
IofCallDriver
ExFreePoolWithTag
RtlGetGroupSecurityDescriptor
ExInterlockedPopEntrySList
IoGetAttachedDeviceReference
KeInsertQueueDpc
ObReferenceObjectByHandle
KeBugCheckEx
KeDelayExecutionThread
ObfDereferenceObject
ZwClose
IoFreeMdl
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.2

LinkerVersion
7.1

ImageVersion
5.2

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
2560

EntryPoint
0xb635

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.1.2600.5512

FileDescription
IDE Port Driver

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
53248

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
exe

ObjectFileType
Driver

Compressed bundles
File identification
MD5 462860910526904ef8334ee17acbbbe5
SHA1 26b9816b3f9e2f350cc92ef4c30a097c6fec7798
SHA256 e791718c0141e3829608142fb0f0d35c9af270f78ae0b72fce2edd07a9684568
ssdeep
1536:KTUjDnv37xf4patQDfexEtyxb7Ld0tDb0SuyeC:7H37SpLDWg2b7Lyt30Suy

authentihash 684b30e9b4d1efc56a1e20ae8ca6d05ed0f1857d300a7b7e82b028793cecaf02
imphash a324b0a2d4bbbbe61d86cb047877c722
File size 59.0 KB ( 60416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe native

VirusTotal metadata
First submission 2014-06-04 12:48:15 UTC ( 2 years, 9 months ago )
Last submission 2014-10-31 18:27:59 UTC ( 2 years, 4 months ago )
File names 26b9816b3f9e2f350cc92ef4c30a097c6fec7798
aic78u2.sys
adp94xx.sys123
1.exe
462860910526904EF8334EE17ACBBBE5
adpu320.sys
vti-rescan
e791718c0141e3829608142fb0f0d35c9af270f78ae0b72fce2edd07a9684568
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!