× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: f0d8834fb0e2d3c6e7c1fde7c6bcf9171e5deca119338e4fac21568e0bb70ab7
Nom du fichier : vti-rescan
Ratio de détection : 33 / 55
Date d'analyse : 2016-04-18 08:42:25 UTC (il y a 3 mois, 1 semaine)
Antivirus Résultat Mise à jour
AVG Agent4.BCOG 20160418
Ad-Aware Gen:Trojan.Heur.JP.bq0@aaodCJci 20160418
AegisLab Troj.W32.Agentb!c 20160418
AhnLab-V3 Trojan/Win32.Agent 20160418
Antiy-AVL Trojan/Win32.Agentb 20160418
Arcabit Trojan.Heur.JP.ECC2EC 20160418
Avira (no cloud) TR/Spy.48766 20160418
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160418
Baidu-International Trojan.Win32.Agentb.acpa 20160417
BitDefender Gen:Trojan.Heur.JP.bq0@aaodCJci 20160418
CAT-QuickHeal Trojan.Agent.r4 20160418
ClamAV Win.Trojan.Agent-872377 20160418
Comodo UnclassifiedMalware 20160418
DrWeb BackDoor.Bulknet.1182 20160418
ESET-NOD32 Win32/Agent.PVY 20160418
Emsisoft Gen:Trojan.Heur.JP.bq0@aaodCJci (B) 20160418
F-Secure Gen:Trojan.Heur.JP.bq0@aaodCJci 20160418
Fortinet W32/Agent.PVY 20160418
GData Gen:Trojan.Heur.JP.bq0@aaodCJci 20160418
K7AntiVirus Trojan ( 004719b71 ) 20160418
K7GW Trojan ( 004719b71 ) 20160418
Kaspersky Trojan.Win32.Agentb.acpa 20160418
McAfee Artemis!9263D4EC88E0 20160417
McAfee-GW-Edition Artemis!Trojan 20160418
eScan Gen:Trojan.Heur.JP.bq0@aaodCJci 20160418
NANO-Antivirus Trojan.Win32.Agentb.dvuaoe 20160418
Panda Generic Malware 20160417
Qihoo-360 Win32/Trojan.8ea 20160418
Sophos Mal/Behav-116 20160418
Symantec Backdoor.Bosonha 20160418
Tencent Win32.Trojan.Agentb.Hrol 20160418
VIPRE Trojan.Win32.Generic!BT 20160418
Yandex Trojan.Agentb!mjtNZnCR4y4 20160416
ALYac 20160418
Alibaba 20160418
Avast 20160418
Bkav 20160415
CMC 20160415
Cyren 20160418
F-Prot 20160418
Ikarus 20160417
Jiangmin 20160418
Kingsoft 20160418
Malwarebytes 20160418
Microsoft 20160418
Rising 20160418
SUPERAntiSpyware 20160418
TheHacker 20160417
TrendMicro 20160418
TrendMicro-HouseCall 20160418
VBA32 20160418
ViRobot 20160418
Zillya 20160417
Zoner 20160418
nProtect 20160415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 0, 0, 0, 0
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-15 02:30:43
Entry Point 0x00003436
Number of sections 4
PE sections
PE imports
PeekNamedPipe
GetLastError
InitializeCriticalSection
EnterCriticalSection
ReleaseMutex
TerminateThread
WaitForSingleObject
SetEvent
ExitProcess
GetVersionExA
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
CreatePipe
GetCurrentProcess
GetVolumeInformationA
SetThreadPriority
SetProcessPriorityBoost
GetProcAddress
GetSystemInfo
GetCurrentThread
CreateMutexA
CreateThread
ReadFile
WriteFile
CloseHandle
GetComputerNameA
GlobalMemoryStatus
GetVersion
SetPriorityClass
FreeLibrary
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
CreateEventA
Sleep
GetCurrentThreadId
LeaveCriticalSection
__p__fmode
malloc
fgetc
fread
fclose
fopen
_except_handler3
fputc
??2@YAPAXI@Z
fwrite
fseek
ftell
exit
_XcptFilter
__setusermatherr
_controlfp
sprintf
_adjust_fdiv
__CxxFrameHandler
__p__commode
??3@YAXPAX@Z
free
__p___initenv
atol
__getmainargs
_initterm
_exit
__set_app_type
GetMessageA
GetInputState
PostThreadMessageA
wsprintfA
HttpSendRequestA
InternetSetOptionA
InternetWriteFile
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpSendRequestExA
WSAStartup
WSACleanup
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x3436

MIMEType
application/octet-stream

FileVersion
0, 0, 0, 0

TimeStamp
2013:08:15 03:30:43+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0, 0, 0, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10240

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9263d4ec88e0b5f051753871cb8255e7
SHA1 15d5634eb222543db0e5e1615e68f2fb7be66a17
SHA256 f0d8834fb0e2d3c6e7c1fde7c6bcf9171e5deca119338e4fac21568e0bb70ab7
ssdeep
384:nzJKkt6gGltTVmY7TUA0tGbnL4600w1efQsNgkCb:z0UGltk0ZMYcVIfZMb

authentihash b08d6062bf2fb27cac1d740f2ec60f64d0b9fa5a3a76b6befbaa4d4f5361db61
imphash 53d4889ed7265d3c3d2f80515e167813
File size 23.0 KB ( 23552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.9%)
Win64 Executable (generic) (36.2%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win32 Executable MS Visual FoxPro 7 (2.9%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-08-29 08:39:57 UTC (il y a 2 ans, 11 mois)
Last submission 2016-04-18 08:42:25 UTC (il y a 3 mois, 1 semaine)
Noms du fichier favicon.exe
vti-rescan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.