× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 006118bf1ea457baa2c10a851fcd9628c323e4970ff2319f1789062b88fff389
Имя файла: vti-rescan
Показатель выявления: 39 / 48
Дата анализа: 2013-11-28 03:04:50 UTC (3 лет, 8 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware Gen:Variant.Graftor.111627 20131128
Yandex Trojan.Agentb!/VuIy4wmtNc 20131127
AhnLab-V3 Trojan/Win32.Agentb 20131127
AntiVir TR/Graftor.111627.2 20131128
Antiy-AVL Trojan/Win32.Agentb 20131127
Avast Win32:Malware-gen 20131128
AVG BackDoor.Generic17.CDUF 20131128
BitDefender Gen:Variant.Graftor.111627 20131128
CAT-QuickHeal TrojanSpy.Hanove 20131127
Commtouch W32/Agent.WDBM-4646 20131128
Comodo UnclassifiedMalware 20131128
DrWeb Trojan.DownLoader10.40779 20131128
Emsisoft Gen:Variant.Graftor.111627 (B) 20131128
ESET-NOD32 a variant of Win32/Agent.QBC 20131128
F-Prot W32/Agent.KFJ 20131128
F-Secure Gen:Variant.Graftor.111627 20131128
Fortinet W32/BDoor.FBKI!tr.bdr 20131128
GData Gen:Variant.Graftor.111627 20131128
Ikarus Trojan-Spy.Win32.Hanove 20131128
K7AntiVirus Trojan ( 0001140e1 ) 20131127
K7GW Trojan ( 0001140e1 ) 20131127
Kaspersky Trojan.Win32.Agentb.aehm 20131128
Kingsoft Win32.Troj.Agentb.ad.(kcloud) 20130829
Malwarebytes Trojan.FakeMS 20131128
McAfee BackDoor-FBKI!920FEFDC36DA 20131128
McAfee-GW-Edition BackDoor-FBKI!920FEFDC36DA 20131127
Microsoft TrojanSpy:Win32/Hanove.F 20131127
eScan Gen:Variant.Graftor.111627 20131128
Norman Suspicious_Gen5.AHRZP 20131127
nProtect Trojan/W32.Agentb.250368.B 20131127
Panda Generic Malware 20131127
Sophos AV Troj/20133906-A 20131128
Symantec Trojan.Gen.2 20131128
TheHacker Trojan/Agent.qbc 20131127
TrendMicro TROJ_AGENTB.EG 20131128
TrendMicro-HouseCall TROJ_AGENTB.EG 20131128
VBA32 Trojan.Agentb 20131127
VIPRE Trojan.Win32.Generic!BT 20131128
ViRobot Trojan.Win32.Agent.250368.H 20131127
Baidu-International 20131127
Bkav 20131128
ByteHero 20131127
ClamAV 20131128
Jiangmin 20131127
NANO-Antivirus 20131128
Rising 20131128
SUPERAntiSpyware 20131127
TotalDefense 20131128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2011

Publisher Microsoft Organization
Product Windows NT Application
Original name wincert.exe
Internal name wincert
File version 5,2, 0, 12
Description Windows NT Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-29 10:31:08
Entry Point 0x00010E58
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
SetFileAttributesW
SetLastError
GlobalFindAtomW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomW
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GlobalDeleteAtom
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetComputerNameW
GlobalReAlloc
lstrcmpA
InterlockedIncrement
IsValidLocale
lstrcmpW
GlobalLock
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetSpecialFolderPathW
ShellExecuteW
MapWindowPoints
RegisterWindowMessageW
GetForegroundWindow
GetClassInfoExW
IsIconic
ReleaseDC
DrawTextExW
GetPropW
LoadBitmapW
SetWindowTextW
DefWindowProcW
CopyRect
GetCapture
GetMenuState
KillTimer
MessageBoxW
DestroyMenu
GetMessageW
PostQuitMessage
GetMessagePos
SetPropW
GetParent
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
SetWindowLongW
GetMenuCheckMarkDimensions
PeekMessageW
GrayStringW
GetWindowRect
EnableWindow
SetMenu
SetWindowPos
AdjustWindowRectEx
GetMessageTime
GetWindow
PostMessageW
GetSysColor
SendMessageW
SetMenuItemBitmaps
GetDC
GetKeyState
GetMenuItemCount
SystemParametersInfoA
GetDlgCtrlID
CheckMenuItem
GetMenu
GetClassLongW
RegisterClassW
WinHelpW
GetWindowPlacement
IsWindowEnabled
GetClassInfoW
GetDlgItem
RemovePropW
DrawTextW
IsWindow
EnableMenuItem
ClientToScreen
CallNextHookEx
GetSubMenu
SetTimer
CallWindowProcW
GetClassNameW
LoadStringW
GetMenuItemID
GetTopWindow
ModifyMenuW
GetClientRect
GetWindowTextW
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetFocus
CreateWindowExW
TabbedTextOutW
GetWindowLongW
SetForegroundWindow
PtInRect
GetLastActivePopup
UnhookWindowsHookEx
DispatchMessageW
DestroyWindow
HttpQueryInfoW
InternetQueryDataAvailable
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenUrlW
InternetAttemptConnect
InternetOpenW
HttpOpenRequestW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
50688

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011

FileVersion
5,2, 0, 12

TimeStamp
2013:10:29 11:31:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wincert

FileAccessDate
2014:12:18 22:49:25+01:00

ProductVersion
5,2, 0, 12

FileDescription
Windows NT Application

OSVersion
5.0

FileCreateDate
2014:12:18 22:49:25+01:00

OriginalFilename
wincert.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Organization

CodeSize
198656

ProductName
Windows NT Application

ProductVersionNumber
1.0.0.1

EntryPoint
0x10e58

ObjectFileType
Executable application

File identification
MD5 920fefdc36da03ce9b06fc5267664406
SHA1 dc68022183db24c996707445c602e61a7b45980c
SHA256 006118bf1ea457baa2c10a851fcd9628c323e4970ff2319f1789062b88fff389
ssdeep
6144:PxaYJlEnFBbSaDZAJR/I6E+i7IPpDrB9T6pFzmEMN3Qm8ENv:PxaYJlEbhZAJNrL4F6EMNaE1

authentihash 2482faf7c78e4b99db8a5cd29ce1119515ca69da96bf1dbb4a68673280aab9a3
imphash 063af06032084dad2689673d33265bb4
Размер файла 244.5 KБ ( 250368 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-05 23:02:29 UTC (3 лет, 9 месяцев назад)
Last submission 2014-03-31 21:22:57 UTC (3 лет, 4 месяцев назад)
Имена файлов 12
vti-rescan
Updates.exe
wincert.exe
dc68022183db24c996707445c602e61a7b45980c_Updates.ex
wincert
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections