× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff92206215115c867789dbd5a95132a2bd153bb1e5a1ef66e539f382f2ce30dc
File name: vti-rescan
Detection ratio: 39 / 57
Analysis date: 2015-03-12 08:18:34 UTC ( 2 weeks, 3 days ago )
Antivirus Result Update
ALYac Trojan.Generic.9811535 20150312
AVG PSW.Agent 20150312
AVware Trojan.Win32.Generic!BT 20150312
Ad-Aware Trojan.Generic.9811535 20150312
AegisLab Troj.Win64.Agent 20150312
Agnitum Trojan.Agent!CL2Mc8yR8ww 20150311
AhnLab-V3 Trojan/Win64.Napolar 20150311
Antiy-AVL Trojan/Win64.Agent 20150312
Avast Win32:NapolarPlugin-B [Trj] 20150312
Avira TR/BitCoinMiner.O.3 20150312
Baidu-International Trojan.Win64.Agent.APWw 20150312
BitDefender Trojan.Generic.9811535 20150312
CAT-QuickHeal Trojan.Win64.r8 20150312
Comodo TrojWare.Win32.Agent.~AGOP 20150312
Cyren W64/Trojan.LGRA-5901 20150312
DrWeb Trojan.Napolar.6 20150312
ESET-NOD32 Win64/Napolar.A 20150312
Emsisoft Trojan.Win64.Napolar (A) 20150312
F-Secure Trojan.Generic.9811535 20150312
GData Trojan.Generic.9811535 20150312
Ikarus Trojan.Win64 20150312
Kaspersky Trojan.Win64.Agent.cj 20150312
Malwarebytes Trojan.Walletsteal 20150312
McAfee RDN/Generic.dx!djp 20150312
McAfee-GW-Edition RDN/Generic.dx!djp 20150312
MicroWorld-eScan Trojan.Generic.9811535 20150312
NANO-Antivirus Trojan.Win64.Napolar.cxabfg 20150312
Norman Agent.AYHNJ 20150312
Panda Trj/CI.A 20150311
Qihoo-360 Win32/Trojan.720 20150312
Symantec Trojan.Gen 20150312
Tencent Win64.Trojan.Agent.Lnev 20150312
TrendMicro TROJ_SPNR.3AJ113 20150312
TrendMicro-HouseCall TROJ_SPNR.3AJ113 20150312
VBA32 Trojan.Win64.Agent 20150311
VIPRE Trojan.Win32.Generic!BT 20150312
ViRobot Trojan.Win64.S.Agent.66048[h] 20150312
Zillya Trojan.Napolar.Win64.1 20150312
nProtect Trojan.Generic.9811535 20150312
Alibaba 20150312
Bkav 20150311
ByteHero 20150312
CMC 20150312
ClamAV 20150312
F-Prot 20150312
Fortinet 20150312
Jiangmin 20150311
K7AntiVirus 20150312
K7GW 20150312
Kingsoft 20150312
Microsoft 20150312
Rising 20150311
SUPERAntiSpyware 20150312
Sophos 20150312
TheHacker 20150310
TotalDefense 20150311
Zoner 20150311
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2013-08-29 14:01:23
Link date 3:01 PM 8/29/2013
Entry Point 0x0000CBE0
Number of sections 8
PE sections
PE imports
SHGetFolderPathW
SetThreadLocale
GetLastError
HeapFree
GetStdHandle
VirtualAllocEx
GetSystemInfo
GetVersionExW
FreeLibrary
HeapAlloc
TlsAlloc
LoadLibraryA
GetCommandLineW
RtlUnwind
lstrcatW
DeleteCriticalSection
LocalAlloc
lstrcatA
GetModuleHandleW
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
RaiseException
WideCharToMultiByte
TlsFree
ReadFile
GetCurrentThreadId
WriteFile
CloseHandle
GetACP
RtlUnwindEx
LocalFree
InitializeCriticalSection
CreateFileW
VirtualQuery
VirtualFree
TlsGetValue
Sleep
TlsSetValue
ExitProcess
GetVersion
VirtualAlloc
GetFileSize
SysFreeString
MessageBoxA
HttpSendRequestA
InternetOpenW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
PE exports
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

TimeStamp
2013:08:29 15:01:23+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
48640

LinkerVersion
8.0

EntryPoint
0xcbe0

InitializedDataSize
16384

SubsystemVersion
5.2

ImageVersion
5.2

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 37f9f243c5d3251ac244675c227de649
SHA1 ade1b543a3e90a4b7636dc7a1949407ee7e14ac7
SHA256 ff92206215115c867789dbd5a95132a2bd153bb1e5a1ef66e539f382f2ce30dc
ssdeep
768:Oayg1Gz7PTOTLh2uWG5kt55/C0s3RpW7:OauzbTOTlQp5/2W7

authentihash 45e1670236e68a6c912c617982b4cffbcc0587a9aa51f111d8e41e5bbfa061c7
imphash 4c8a8000e26c053415f64cc3983f1560
File size 64.5 KB ( 66048 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2013-09-02 00:35:22 UTC ( 1 year, 6 months ago )
Last submission 2013-10-09 22:07:08 UTC ( 1 year, 5 months ago )
File names WalletSteal.dll
file-6025972_dll
37F9F243C5D3251AC244675C227DE649
vti-rescan
37F9F243C5D3251AC244675C227DE649.exe
37F9F243C5D3251AC244675C227DE649.ex
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!