× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9ce6f4953f82f694e0dcc8d3e0442b0de02424d374c2d3fde76cdb00889b04f
File name: vti-rescan
Detection ratio: 2 / 46
Analysis date: 2012-12-03 09:50:04 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
Sophos AV Troj/Trackr-Gen 20121203
TrendMicro-HouseCall TROJ_GEN.R47H1HK 20121203
Yandex 20121202
AhnLab-V3 20121203
AntiVir 20121203
Antiy-AVL 20121202
Avast 20121203
AVG 20121203
BitDefender 20121203
ByteHero 20121130
CAT-QuickHeal 20121203
ClamAV 20121202
Commtouch 20121203
Comodo 20121203
DrWeb 20121203
Emsisoft 20121203
eSafe 20121202
ESET-NOD32 20121203
F-Prot 20121202
F-Secure 20121203
Fortinet 20121203
GData 20121203
Ikarus 20121203
Jiangmin 20121203
K7AntiVirus 20121130
Kaspersky 20121203
Kingsoft 20121119
Malwarebytes 20121203
McAfee 20121203
McAfee-GW-Edition 20121203
Microsoft 20121203
eScan 20121203
NANO-Antivirus 20121203
Norman 20121203
nProtect 20121203
Panda 20121202
PCTools 20121203
Rising 20121203
SUPERAntiSpyware 20121202
Symantec 20121203
TheHacker 20121202
TotalDefense 20121202
TrendMicro 20121203
VBA32 20121130
VIPRE 20121203
ViRobot 20121203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001BA88
Number of sections 8
PE sections
Overlays
MD5 a47eccb696a1b33420f51a3140f593a1
File type data
Offset 129536
Size 3851
Entropy 5.84
PE imports
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
QueryServiceStatus
RegQueryValueExA
ControlService
DeleteService
RegOpenKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetLastError
EnumCalendarInfoA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetStringTypeExA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
OpenProcess
VirtualQueryEx
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
ReadProcessMemory
GetCommandLineA
GetProcAddress
GetCurrentThread
SuspendThread
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
FormatMessageA
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
FindNextFileA
GetACP
GetDiskFreeSpaceA
GetCurrentThreadId
FileTimeToLocalFileTime
GetFullPathNameA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
LoadStringA
CharLowerA
CharNextA
CharUpperBuffA
MessageBoxA
CharUpperA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_STRING 7
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
110080

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
18432

SubsystemVersion
4.0

EntryPoint
0x1ba88

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 bc955511e9382c0bea565d2c35fc98b5
SHA1 e45390f42a1caa4eff5a4897a7066e03042eff72
SHA256 e9ce6f4953f82f694e0dcc8d3e0442b0de02424d374c2d3fde76cdb00889b04f
ssdeep
3072:PYiTB+rWkDOt4ZGM+OCe07/gp+Qou4/4DQFu/U3buRKlemZ9DnGAe/kliajAHYiJ:Ac0OmZ/4Kq/4DQFu/U3buRKlemZ9DnGd

authentihash 82122ed7ff65b4e742a3a9189edcf43f8776a2064a774574df8a372dab4d1f19
imphash 3cdbb277cb0481b6fba8ca7d32331bf3
File size 130.3 KB ( 133387 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (95.4%)
Win32 Executable Delphi generic (2.0%)
Win32 Dynamic Link Library (generic) (0.9%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-08-20 14:10:25 UTC ( 6 years, 7 months ago )
Last submission 2016-08-18 12:27:31 UTC ( 2 years, 7 months ago )
File names bc955511e9382c0bea565d2c35fc98b5.exe
BC955511E9382C0BEA565D2C35FC98B5.ex
e9ce6f4953f82f694e0dcc8d3e0442b0de02424d374c2d3fde76cdb00889b04f.exe
MDSHTTPService5.exe
e9ce6f4953f82f694e0dcc8d3e0442b0de02424d374c2d3fde76cdb00889b04f
bc955511e9382c0bea565d2c35fc98b5
file-4395785_exe
vti-rescan
e9ce6f4953
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files