× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a
File name: vti-rescan
Detection ratio: 36 / 56
Analysis date: 2016-04-22 23:17:06 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3169510 20160422
AegisLab Troj.W32.Gen.lMJ4 20160422
AhnLab-V3 Trojan/Win32.Dridex 20160422
Antiy-AVL Trojan/Win32.TSGeneric 20160422
Arcabit Trojan.Generic.D305CE6 20160422
Avast Win32:Malware-gen 20160422
AVG Crypt_s.LBJ 20160422
Avira (no cloud) TR/Crypt.Xpack.urrc 20160422
AVware Win32.Malware!Drop 20160422
BitDefender Trojan.GenericKD.3169510 20160422
CAT-QuickHeal Trojan.Yakes.r11 20160422
DrWeb Trojan.Dridex.394 20160422
Emsisoft Trojan.Win32.Dridex (A) 20160422
ESET-NOD32 Win32/Dridex.AA 20160423
F-Secure Trojan.GenericKD.3169510 20160422
GData Trojan.GenericKD.3169510 20160422
Ikarus Trojan-Spy.Agent 20160422
K7AntiVirus Riskware ( 0040eff71 ) 20160422
K7GW Riskware ( 0040eff71 ) 20160422
Kaspersky Trojan.Win32.Yakes.pntn 20160422
Malwarebytes Trojan.Dridex 20160422
McAfee Artemis!EC58A876AC1E 20160422
McAfee-GW-Edition BehavesLike.Win32.Sality.cc 20160423
Microsoft Backdoor:Win32/Drixed 20160423
eScan Trojan.GenericKD.3169510 20160423
nProtect Trojan.Agent.BSSP 20160422
Panda Trj/CI.A 20160422
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160423
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160422
Sophos AV Troj/Agent-ARAL 20160423
Symantec Trojan.Cridex 20160422
Tencent Win32.Trojan.Yakes.Alsi 20160423
TrendMicro TSPY_DRIDEX.BYX 20160422
TrendMicro-HouseCall TSPY_DRIDEX.BYX 20160422
VIPRE Win32.Malware!Drop 20160422
ViRobot Trojan.Win32.Agent.154624.Y[h] 20160422
Alibaba 20160422
ALYac 20160422
Baidu 20160422
Baidu-International 20160422
Bkav 20160422
ClamAV 20160422
CMC 20160421
Comodo 20160422
Cyren 20160422
F-Prot 20160422
Fortinet 20160422
Jiangmin 20160422
Kingsoft 20160423
NANO-Antivirus 20160423
SUPERAntiSpyware 20160423
TheHacker 20160422
VBA32 20160421
Yandex 20160422
Zillya 20160422
Zoner 20160422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Rastapi.dll
Internal name Rpstapi.dll
File version 5.3.3703.5512 (xpsp.080413-0852)
Description Remote Access TAPI Compliance Layer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 02:16:34
Entry Point 0x00028A90
Number of sections 17
PE sections
PE imports
Heap32ListFirst
GetNamedPipeInfo
FileTimeToSystemTime
GetModuleFileNameW
GetDriveTypeA
HeapAlloc
WriteProcessMemory
SetupComm
UnlockFile
TerminateThread
LCMapStringW
lstrcatA
SetVolumeMountPointA
GetWindowsDirectoryA
LoadModule
FlushInstructionCache
GetCurrentThread
QueryDepthSList
CompareStringW
LocalFlags
LoadLibraryW
IsSystemResumeAutomatic
GetFirmwareEnvironmentVariableA
SetConsoleTitleA
FreeConsole
lstrcmpA
lstrcmpW
GetDiskFreeSpaceA
GetGeoInfoW
GetProcessAffinityMask
SearchPathW
OpenJobObjectW
GetNumberFormatA
FatalExit
SearchPathA
FindAtomA
WriteProfileSectionW
GetFullPathNameW
GetFileAttributesExA
GetSystemWindowsDirectoryW
SetMailslotInfo
ReadFileScatter
VarUI2FromR4
VarUI2FromStr
DragQueryFileW
GetWindowLongA
SetPropW
PtInRect
setvbuf
PdhGetFormattedCounterArrayA
PdhLookupPerfNameByIndexW
ReleaseBindInfo
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
7168

LinkerVersion
2.32

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.3.3703.5512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Remote Access TAPI Compliance Layer

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug

CharacterSet
Unicode

InitializedDataSize
42753

EntryPoint
0x28a90

OriginalFileName
Rastapi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.3.3703.5512 (xpsp.080413-0852)

TimeStamp
1970:01:01 03:16:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rpstapi.dll

ProductVersion
5.3.3703.5512

SubsystemVersion
4.0

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.3703.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ec58a876ac1e14db49727ec5961c60d9
SHA1 d9730dde7aeb86dae12538f3fac4c2d6bd7ab8b3
SHA256 fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a
ssdeep
3072:+Ku5X5NKGzuUMKRI92ykvw629vozmffgKOaqD0GNKF4y5:+15X53ujwIHkYD1v6l0F4y

authentihash b868d2ccf0c668a965ce7c0e62561f65497df3e1db4aff314629cb2e99d96768
imphash 2d70c849209ba5575ab8638f5c4cbb1c
File size 151.0 KB ( 154624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-21 09:37:57 UTC ( 2 years, 10 months ago )
Last submission 2018-05-08 03:57:42 UTC ( 9 months, 2 weeks ago )
File names 9uhg5vd3
Rpstapi.dll
9uhg5vd3.exe
fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a.exe
malware.exe
uJGGJAEI.exe
Rastapi.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs