× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a
File name: malware.exe
Detection ratio: 5 / 56
Analysis date: 2016-04-21 09:50:07 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lMJ4 20160421
K7GW Trojan ( 700001211 ) 20160421
McAfee Suspect-AN!EC58A876AC1E 20160421
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160421
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160421
Ad-Aware 20160421
AhnLab-V3 20160420
Alibaba 20160421
ALYac 20160421
Antiy-AVL 20160421
Arcabit 20160421
Avast 20160421
AVG 20160421
Avira (no cloud) 20160421
AVware 20160421
Baidu 20160421
Baidu-International 20160421
BitDefender 20160421
Bkav 20160420
CAT-QuickHeal 20160421
ClamAV 20160421
CMC 20160415
Comodo 20160421
Cyren 20160421
DrWeb 20160421
Emsisoft 20160421
ESET-NOD32 20160421
F-Prot 20160421
F-Secure 20160421
Fortinet 20160421
GData 20160421
Ikarus 20160421
Jiangmin 20160421
K7AntiVirus 20160421
Kaspersky 20160421
Kingsoft 20160421
Malwarebytes 20160421
McAfee-GW-Edition 20160421
Microsoft 20160420
eScan 20160421
NANO-Antivirus 20160421
nProtect 20160420
Panda 20160419
Sophos AV 20160421
SUPERAntiSpyware 20160421
Symantec 20160421
Tencent 20160421
TheHacker 20160421
TrendMicro 20160421
TrendMicro-HouseCall 20160421
VBA32 20160420
VIPRE 20160421
ViRobot 20160421
Yandex 20160420
Zillya 20160420
Zoner 20160421
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Rastapi.dll
Internal name Rpstapi.dll
File version 5.3.3703.5512 (xpsp.080413-0852)
Description Remote Access TAPI Compliance Layer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 02:16:34
Entry Point 0x00028A90
Number of sections 17
PE sections
PE imports
Heap32ListFirst
GetNamedPipeInfo
FileTimeToSystemTime
GetModuleFileNameW
GetDriveTypeA
HeapAlloc
WriteProcessMemory
SetupComm
UnlockFile
TerminateThread
LCMapStringW
lstrcatA
SetVolumeMountPointA
GetWindowsDirectoryA
LoadModule
FlushInstructionCache
GetCurrentThread
QueryDepthSList
CompareStringW
LocalFlags
LoadLibraryW
IsSystemResumeAutomatic
GetFirmwareEnvironmentVariableA
SetConsoleTitleA
FreeConsole
lstrcmpA
lstrcmpW
GetDiskFreeSpaceA
GetGeoInfoW
GetProcessAffinityMask
SearchPathW
OpenJobObjectW
GetNumberFormatA
FatalExit
SearchPathA
FindAtomA
WriteProfileSectionW
GetFullPathNameW
GetFileAttributesExA
GetSystemWindowsDirectoryW
SetMailslotInfo
ReadFileScatter
VarUI2FromR4
VarUI2FromStr
DragQueryFileW
GetWindowLongA
SetPropW
PtInRect
setvbuf
PdhGetFormattedCounterArrayA
PdhLookupPerfNameByIndexW
ReleaseBindInfo
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.32

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.3.3703.5512

UninitializedDataSize
7168

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
42753

EntryPoint
0x28a90

OriginalFileName
Rastapi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.3.3703.5512 (xpsp.080413-0852)

TimeStamp
1970:01:01 03:16:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rpstapi.dll

ProductVersion
5.3.3703.5512

FileDescription
Remote Access TAPI Compliance Layer

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.3703.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ec58a876ac1e14db49727ec5961c60d9
SHA1 d9730dde7aeb86dae12538f3fac4c2d6bd7ab8b3
SHA256 fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a
ssdeep
3072:+Ku5X5NKGzuUMKRI92ykvw629vozmffgKOaqD0GNKF4y5:+15X53ujwIHkYD1v6l0F4y

authentihash b868d2ccf0c668a965ce7c0e62561f65497df3e1db4aff314629cb2e99d96768
imphash 2d70c849209ba5575ab8638f5c4cbb1c
File size 151.0 KB ( 154624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-21 09:37:57 UTC ( 1 year, 3 months ago )
Last submission 2016-04-25 17:09:07 UTC ( 1 year, 2 months ago )
File names 9uhg5vd3
Rpstapi.dll
9uhg5vd3.exe
fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a.exe
malware.exe
uJGGJAEI.exe
Rastapi.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs