× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: f0d8834fb0e2d3c6e7c1fde7c6bcf9171e5deca119338e4fac21568e0bb70ab7
Nom du fichier : vti-rescan
Ratio de détection : 35 / 56
Date d'analyse : 2015-08-28 14:16:11 UTC (il y a 1 semaine, 1 jour)
Antivirus Résultat Mise à jour
AVG Agent4.BCOG 20150828
AVware Trojan.Win32.Generic!BT 20150828
Ad-Aware Gen:Trojan.Heur.JP.bq0@aaodCJci 20150828
AhnLab-V3 Trojan/Win32.Agent 20150828
Antiy-AVL Trojan/Win32.Agentb 20150828
Arcabit Trojan.Heur.JP.ECC2EC 20150828
Avast Win32:Malware-gen 20150828
Avira TR/Spy.48766 20150828
Baidu-International Trojan.Win32.Agentb.acpa 20150828
BitDefender Gen:Trojan.Heur.JP.bq0@aaodCJci 20150828
CAT-QuickHeal Trojan.Agent.r4 20150828
ClamAV Win.Backdoor.Agent-3 20150828
Comodo UnclassifiedMalware 20150828
DrWeb BackDoor.Bulknet.1182 20150828
ESET-NOD32 Win32/Agent.PVY 20150828
Emsisoft Gen:Trojan.Heur.JP.bq0@aaodCJci (B) 20150828
F-Secure Gen:Trojan.Heur.JP.bq0@aaodCJci 20150828
Fortinet W32/Agent.PVY 20150828
GData Gen:Trojan.Heur.JP.bq0@aaodCJci 20150828
Ikarus Trojan.Agent4 20150828
K7AntiVirus Riskware ( 0040eff71 ) 20150828
K7GW Riskware ( 0040eff71 ) 20150828
Kaspersky Trojan.Win32.Agentb.acpa 20150828
Kingsoft Win32.Troj.Undef.(kcloud) 20150828
McAfee Artemis!9263D4EC88E0 20150828
McAfee-GW-Edition BehavesLike.Win32.Downloader.mh 20150828
MicroWorld-eScan Gen:Trojan.Heur.JP.bq0@aaodCJci 20150828
NANO-Antivirus Trojan.Win32.Agentb.cfajsq 20150828
Panda Generic Malware 20150828
Qihoo-360 Win32/Trojan.8ea 20150828
Sophos Mal/Behav-116 20150828
Symantec Backdoor.Bosonha 20150827
Tencent Win32.Trojan.Agentb.Hrol 20150828
VBA32 BScope.Trojan.SvcHorse.01643 20150828
VIPRE Trojan.Win32.Generic!BT 20150828
ALYac 20150828
AegisLab 20150828
Agnitum 20150827
Alibaba 20150828
Bkav 20150828
ByteHero 20150828
CMC 20150827
Cyren 20150828
F-Prot 20150828
Jiangmin 20150827
Malwarebytes 20150828
Microsoft 20150828
Rising 20150826
SUPERAntiSpyware 20150826
TheHacker 20150828
TrendMicro 20150828
TrendMicro-HouseCall 20150828
ViRobot 20150828
Zillya 20150828
Zoner 20150828
nProtect 20150828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 0, 0, 0, 0
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-15 02:30:43
Link date 3:30 AM 8/15/2013
Entry Point 0x00003436
Number of sections 4
PE sections
PE imports
PeekNamedPipe
GetLastError
InitializeCriticalSection
EnterCriticalSection
ReleaseMutex
TerminateThread
WaitForSingleObject
SetEvent
ExitProcess
GetVersionExA
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
CreatePipe
GetCurrentProcess
GetVolumeInformationA
SetThreadPriority
SetProcessPriorityBoost
GetProcAddress
GetSystemInfo
GetCurrentThread
CreateMutexA
CreateThread
ReadFile
WriteFile
CloseHandle
GetComputerNameA
GlobalMemoryStatus
GetVersion
SetPriorityClass
FreeLibrary
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
CreateEventA
Sleep
GetCurrentThreadId
LeaveCriticalSection
__p__fmode
malloc
fgetc
fread
fclose
fopen
_except_handler3
fputc
??2@YAPAXI@Z
fwrite
fseek
ftell
exit
_XcptFilter
__setusermatherr
_controlfp
sprintf
_adjust_fdiv
__CxxFrameHandler
__p__commode
??3@YAXPAX@Z
free
__p___initenv
atol
__getmainargs
_initterm
_exit
__set_app_type
GetMessageA
GetInputState
PostThreadMessageA
wsprintfA
HttpSendRequestA
InternetSetOptionA
InternetWriteFile
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpSendRequestExA
WSAStartup
WSACleanup
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x3436

MIMEType
application/octet-stream

FileVersion
0, 0, 0, 0

TimeStamp
2013:08:15 03:30:43+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0, 0, 0, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10240

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9263d4ec88e0b5f051753871cb8255e7
SHA1 15d5634eb222543db0e5e1615e68f2fb7be66a17
SHA256 f0d8834fb0e2d3c6e7c1fde7c6bcf9171e5deca119338e4fac21568e0bb70ab7
ssdeep
384:nzJKkt6gGltTVmY7TUA0tGbnL4600w1efQsNgkCb:z0UGltk0ZMYcVIfZMb

authentihash b08d6062bf2fb27cac1d740f2ec60f64d0b9fa5a3a76b6befbaa4d4f5361db61
imphash 53d4889ed7265d3c3d2f80515e167813
File size 23.0 KB ( 23552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.9%)
Win64 Executable (generic) (36.2%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win32 Executable MS Visual FoxPro 7 (2.9%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-08-29 08:39:57 UTC (il y a 2 ans)
Last submission 2015-08-28 14:16:11 UTC (il y a 1 semaine, 1 jour)
Noms du fichier favicon.exe
vti-rescan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.