× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: f0d8834fb0e2d3c6e7c1fde7c6bcf9171e5deca119338e4fac21568e0bb70ab7
Nom du fichier : vti-rescan
Ratio de détection : 31 / 48
Date d'analyse : 2013-09-17 06:41:37 UTC (il y a 7 mois)
Antivirus Résultat Mise à jour
AVG Agent4.BCOG 20130916
AhnLab-V3 Trojan/Win32.Agent 20130917
AntiVir TR/Spy.48766 20130917
Antiy-AVL Trojan/Win32.Agentb 20130917
Avast Win32:Malware-gen 20130917
Baidu-International Trojan.Win32.Agent.PVY 20130916
BitDefender Gen:Trojan.Heur.JP.bq0@aaodCJci 20130917
ClamAV Win.Backdoor.Agent-3 20130917
Comodo UnclassifiedMalware 20130917
ESET-NOD32 Win32/Agent.PVY 20130916
Emsisoft Gen:Trojan.Heur.JP.bq0@aaodCJci (B) 20130917
F-Secure Gen:Trojan.Heur.JP.bq0@aaodCJci 20130917
Fortinet W32/Agent.PVY 20130917
GData Gen:Trojan.Heur.JP.bq0@aaodCJci 20130917
Ikarus Trojan.Agent4 20130917
K7AntiVirus Riskware 20130916
K7GW Riskware 20130916
Kaspersky Trojan.Win32.Agentb.acpa 20130917
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
McAfee Artemis!9263D4EC88E0 20130917
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20130917
MicroWorld-eScan Gen:Trojan.Heur.JP.bq0@aaodCJci 20130917
NANO-Antivirus Trojan.Win32.Agentb.cfajsq 20130916
Norman Troj_Generic.OZQAW 20130916
Panda Generic Malware 20130916
Sophos Mal/Behav-116 20130917
Symantec Backdoor.Trojan 20130917
TrendMicro TROJ_GEN.R047C0EI713 20130917
TrendMicro-HouseCall TROJ_GEN.R047C0EI713 20130917
VBA32 BScope.Trojan.SvcHorse.01643 20130916
VIPRE Trojan.Win32.Generic!BT 20130917
Agnitum 20130916
Bkav 20130917
ByteHero 20130916
CAT-QuickHeal 20130917
Commtouch 20130917
DrWeb 20130917
F-Prot 20130917
Jiangmin 20130903
Malwarebytes 20130917
Microsoft 20130917
PCTools 20130916
Rising 20130917
SUPERAntiSpyware 20130917
TheHacker 20130917
TotalDefense 20130916
ViRobot 20130917
nProtect 20130917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Version 0, 0, 0, 0
File version 0, 0, 0, 0
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-15 02:30:43
Entry Point 0x00003436
Number of sections 4
PE sections
PE imports
PeekNamedPipe
GetLastError
InitializeCriticalSection
EnterCriticalSection
ReleaseMutex
TerminateThread
WaitForSingleObject
SetEvent
ExitProcess
GetVersionExA
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
CreatePipe
GetCurrentProcess
GetVolumeInformationA
SetThreadPriority
SetProcessPriorityBoost
GetProcAddress
GetSystemInfo
GetCurrentThread
CreateMutexA
CreateThread
ReadFile
WriteFile
CloseHandle
GetComputerNameA
GlobalMemoryStatus
GetVersion
SetPriorityClass
FreeLibrary
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
CreateEventA
Sleep
GetCurrentThreadId
LeaveCriticalSection
__p__fmode
malloc
fgetc
fread
fclose
fopen
_except_handler3
fputc
??2@YAPAXI@Z
fwrite
fseek
ftell
exit
_XcptFilter
__setusermatherr
_controlfp
sprintf
_adjust_fdiv
__CxxFrameHandler
__p__commode
??3@YAXPAX@Z
free
__p___initenv
atol
__getmainargs
_initterm
_exit
__set_app_type
GetMessageA
GetInputState
PostThreadMessageA
wsprintfA
HttpSendRequestA
InternetSetOptionA
InternetWriteFile
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpSendRequestExA
Ord(115)
Ord(116)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
12288

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

MIMEType
application/octet-stream

FileVersion
0, 0, 0, 0

TimeStamp
2013:08:15 03:30:43+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0, 0, 0, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10240

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x3436

ObjectFileType
Executable application

File identification
MD5 9263d4ec88e0b5f051753871cb8255e7
SHA1 15d5634eb222543db0e5e1615e68f2fb7be66a17
SHA256 f0d8834fb0e2d3c6e7c1fde7c6bcf9171e5deca119338e4fac21568e0bb70ab7
ssdeep
384:nzJKkt6gGltTVmY7TUA0tGbnL4600w1efQsNgkCb:z0UGltk0ZMYcVIfZMb

File size 23.0 KB ( 23552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.9%)
Win64 Executable (generic) (36.2%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win32 Executable MS Visual FoxPro 7 (2.9%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-08-29 08:39:57 UTC (il y a 7 mois, 3 semaines)
Last submission 2013-09-11 10:18:37 UTC (il y a 7 mois, 1 semaine)
Noms du fichier favicon.exe
vti-rescan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !