× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: f0d8834fb0e2d3c6e7c1fde7c6bcf9171e5deca119338e4fac21568e0bb70ab7
Nom du fichier : vti-rescan
Ratio de détection : 35 / 51
Date d'analyse : 2014-06-04 10:07:19 UTC (il y a 10 mois)
Antivirus Résultat Mise à jour
AVG Agent4.BCOG 20140604
Ad-Aware Gen:Trojan.Heur.JP.bq0@aaodCJci 20140604
AhnLab-V3 Trojan/Win32.Agent 20140603
AntiVir TR/Spy.48766 20140604
Antiy-AVL Trojan/Win32.Agentb 20140603
Avast Win32:Malware-gen 20140604
Baidu-International Trojan.Win32.Agent.Alb 20140604
BitDefender Gen:Trojan.Heur.JP.bq0@aaodCJci 20140604
CAT-QuickHeal Trojan.Agent.r4 20140604
ClamAV Win.Backdoor.Agent-3 20140603
Comodo UnclassifiedMalware 20140604
DrWeb BackDoor.Bulknet.1182 20140604
ESET-NOD32 Win32/Agent.PVY 20140604
Emsisoft Gen:Trojan.Heur.JP.bq0@aaodCJci (B) 20140604
F-Secure Gen:Trojan.Heur.JP.bq0@aaodCJci 20140604
Fortinet W32/Agent.PVY 20140604
GData Gen:Trojan.Heur.JP.bq0@aaodCJci 20140604
Ikarus Trojan.Agent4 20140604
K7AntiVirus Riskware ( 0040eff71 ) 20140603
K7GW Riskware ( 0040eff71 ) 20140603
Kaspersky Trojan.Win32.Agentb.acpa 20140604
Kingsoft Win32.Troj.Undef.(kcloud) 20140604
McAfee RDN/Generic.dx!cqz 20140604
McAfee-GW-Edition RDN/Generic.dx!cqz 20140603
MicroWorld-eScan Gen:Trojan.Heur.JP.bq0@aaodCJci 20140604
NANO-Antivirus Trojan.Win32.Agentb.cfajsq 20140604
Norman Troj_Generic.OZQAW 20140604
Panda Generic Malware 20140604
Qihoo-360 Win32/Trojan.Spy.145 20140604
Sophos Mal/Behav-116 20140604
Symantec Backdoor.Bosonha 20140604
TrendMicro TROJ_GEN.R047C0EI713 20140604
TrendMicro-HouseCall TROJ_GEN.R047C0EI713 20140604
VBA32 BScope.Trojan.SvcHorse.01643 20140604
VIPRE Trojan.Win32.Generic!BT 20140604
AegisLab 20140604
Agnitum 20140602
Bkav 20140603
ByteHero 20140604
CMC 20140604
Commtouch 20140604
F-Prot 20140604
Malwarebytes 20140604
Microsoft 20140604
Rising 20140603
SUPERAntiSpyware 20140604
Tencent 20140604
TheHacker 20140602
TotalDefense 20140603
ViRobot 20140604
nProtect 20140604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
File version 0, 0, 0, 0
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-15 02:30:43
Link date 3:30 AM 8/15/2013
Entry Point 0x00003436
Number of sections 4
PE sections
PE imports
PeekNamedPipe
GetLastError
InitializeCriticalSection
EnterCriticalSection
ReleaseMutex
TerminateThread
WaitForSingleObject
SetEvent
ExitProcess
GetVersionExA
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
CreatePipe
GetCurrentProcess
GetVolumeInformationA
SetThreadPriority
SetProcessPriorityBoost
GetProcAddress
GetSystemInfo
GetCurrentThread
CreateMutexA
CreateThread
ReadFile
WriteFile
CloseHandle
GetComputerNameA
GlobalMemoryStatus
GetVersion
SetPriorityClass
FreeLibrary
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
CreateEventA
Sleep
GetCurrentThreadId
LeaveCriticalSection
__p__fmode
malloc
fgetc
fread
fclose
fopen
_except_handler3
fputc
??2@YAPAXI@Z
fwrite
fseek
ftell
exit
_XcptFilter
__setusermatherr
_controlfp
sprintf
_adjust_fdiv
__CxxFrameHandler
__p__commode
??3@YAXPAX@Z
free
__p___initenv
atol
__getmainargs
_initterm
_exit
__set_app_type
GetMessageA
GetInputState
PostThreadMessageA
wsprintfA
HttpSendRequestA
InternetSetOptionA
InternetWriteFile
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpSendRequestExA
WSAStartup
WSACleanup
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
12288

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

MIMEType
application/octet-stream

FileVersion
0, 0, 0, 0

TimeStamp
2013:08:15 03:30:43+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:06:04 11:09:34+01:00

ProductVersion
0, 0, 0, 0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:06:04 11:09:34+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10240

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x3436

ObjectFileType
Executable application

File identification
MD5 9263d4ec88e0b5f051753871cb8255e7
SHA1 15d5634eb222543db0e5e1615e68f2fb7be66a17
SHA256 f0d8834fb0e2d3c6e7c1fde7c6bcf9171e5deca119338e4fac21568e0bb70ab7
ssdeep
384:nzJKkt6gGltTVmY7TUA0tGbnL4600w1efQsNgkCb:z0UGltk0ZMYcVIfZMb

imphash 53d4889ed7265d3c3d2f80515e167813
File size 23.0 KB ( 23552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.9%)
Win64 Executable (generic) (36.2%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win32 Executable MS Visual FoxPro 7 (2.9%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-08-29 08:39:57 UTC (il y a 1 an, 7 mois)
Last submission 2013-09-11 10:18:37 UTC (il y a 1 an, 6 mois)
Noms du fichier favicon.exe
vti-rescan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.