× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eaf38dd3af249f5c4cbc8e0cb8c72de49ff246314dbaca13f2b764fc30a481aa
File name: vti-rescan
Detection ratio: 17 / 55
Analysis date: 2015-08-05 05:23:56 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2618956 20150805
Arcabit Trojan.Generic.D27F64C 20150805
Avira (no cloud) TR/Crypt.Xpack.42824 20150805
Baidu-International Trojan.Win32.Yakes.lhwc 20150804
BitDefender Trojan.GenericKD.2618956 20150805
Emsisoft Trojan.GenericKD.2618956 (B) 20150805
ESET-NOD32 Win32/Dridex.P 20150805
F-Secure Trojan.GenericKD.2618956 20150805
GData Trojan.GenericKD.2618956 20150805
K7GW Trojan ( 004cb6651 ) 20150805
Kaspersky Trojan.Win32.Yakes.lhwc 20150805
Malwarebytes Trojan.Agent.ED 20150805
Microsoft Backdoor:Win32/Drixed 20150805
eScan Trojan.GenericKD.2618956 20150805
Panda Generic Suspicious 20150804
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150805
Symantec Trojan.Cridex 20150805
AegisLab 20150804
Yandex 20150804
AhnLab-V3 20150805
Alibaba 20150803
ALYac 20150805
Antiy-AVL 20150805
Avast 20150805
AVG 20150805
AVware 20150805
Bkav 20150804
ByteHero 20150805
CAT-QuickHeal 20150805
ClamAV 20150804
Comodo 20150805
Cyren 20150805
DrWeb 20150805
F-Prot 20150805
Fortinet 20150804
Ikarus 20150805
Jiangmin 20150804
K7AntiVirus 20150804
Kingsoft 20150805
McAfee 20150805
McAfee-GW-Edition 20150805
NANO-Antivirus 20150805
nProtect 20150804
Rising 20150731
Sophos AV 20150805
SUPERAntiSpyware 20150805
Tencent 20150805
TheHacker 20150805
TrendMicro 20150805
TrendMicro-HouseCall 20150805
VBA32 20150803
VIPRE 20150805
ViRobot 20150805
Zillya 20150804
Zoner 20150805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-04 12:42:54
Entry Point 0x00001073
Number of sections 4
PE sections
PE imports
GetTextMetricsW
TextOutW
GetWindowOrgEx
CreatePen
SetICMProfileW
TranslateCharsetInfo
InvertRgn
GetICMProfileA
EnumMetaFile
EndDoc
GetMetaFileA
StartPage
FixBrushOrgEx
GdiComment
CreateEllipticRgn
CreateEllipticRgnIndirect
SetROP2
EnumEnhMetaFile
GetSystemPaletteUse
Arc
PolyTextOutW
SetRectRgn
GetStartupInfoA
GetProcAddress
GetModuleHandleA
ExitProcess
GetCurrentThreadId
PathGetCharTypeA
PathRenameExtensionW
PathIsPrefixA
StrStrNW
StrTrimW
PathIsLFNFileSpecA
AssocQueryStringA
PathIsRelativeA
StrCpyW
PathUnquoteSpacesA
StrRChrIA
UrlCombineW
StrPBrkA
PathFindExtensionW
PathSearchAndQualifyW
StrNCatA
StrSpnA
timeKillEvent
timeGetSystemTime
midiStreamRestart
mciGetYieldProc
midiOutGetErrorTextW
waveInGetID
timeGetTime
mciSendStringW
waveOutGetNumDevs
midiStreamOpen
midiOutCacheDrumPatches
joySetThreshold
waveInGetNumDevs
mmioClose
midiStreamPause
joyGetPosEx
mmioFlush
timeBeginPeriod
mciGetErrorStringW
GetPS2ColorRenderingDictionary
InstallColorProfileA
CheckBitmapBits
GetCountColorProfileElements
CreateMultiProfileTransform
InstallColorProfileW
GetColorDirectoryW
DisassociateColorProfileFromDeviceW
GetColorDirectoryA
CreateProfileFromLogColorSpaceW
GetColorProfileFromHandle
UninstallColorProfileA
DisassociateColorProfileFromDeviceA
RegisterCMMW
GetNamedProfileInfo
CheckColors
GetPS2ColorSpaceArray
SetColorProfileHeader
SetColorProfileElementReference
SetStandardColorSpaceProfileA
DeleteColorTransform
IsColorProfileValid
EnumColorProfilesW
CreateColorTransformW
TranslateColors
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:08:04 13:42:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
8.0

EntryPoint
0x1073

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 b742f59ac763be69a9dc23604434df95
SHA1 6601dd910d37d46095403fc395ed1eff8c847079
SHA256 eaf38dd3af249f5c4cbc8e0cb8c72de49ff246314dbaca13f2b764fc30a481aa
ssdeep
3072:ESVAFPvahDZTIP/xr9TtoP4czVmBUBcdHN:j7ZSaP4/B0CN

authentihash a3f2f6354d73907772bcb8554b35221b8cd1c087504a8ae6bcfef467c9c97451
imphash 7309645e4461d38509039c98e4c661ec
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-04 13:18:53 UTC ( 3 years, 3 months ago )
Last submission 2015-08-05 13:53:34 UTC ( 3 years, 3 months ago )
File names b742f59ac763be69a9dc23604434df95.EXE
uhn.exe
9.exe
uhn.malware
08-04-2015.Virus_File.JAMIE_SWINGLER
9.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R02KC0CHA15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.