home

vtt_ar_v9.exe

Beijing ELEX Technology Co.,Ltd

The application vtt_ar_v9.exe by Beijing ELEX Technology Co.,Ltd has been detected as a potentially unwanted program by 5 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Beijing ELEX Technology Co.,Ltd  (signed and verified)

Version:
2.0.2.2627

MD5:
1c72e027f201db3b5f23333a4a59d6e6

SHA-1:
c3ac722bfa06f9743c573f2ac9f41e7aad450a63

SHA-256:
bbd2bb08cc42885cfeb2946ee159a7aae6fb57ba04a8f0adf61acb5641a89b5a

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:51:11 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Staser
2013.09.23

Bkav FE
HW32.CDB
1.3.0.4246

Malwarebytes
PUP.Optional.Elex
v2015.01.29.02

Reason Heuristics
PUP.ELEX
15.1.29.14

Trend Micro House Call
TROJ_GEN.F47V0905
7.2.29

File size:
468.6 KB (479,888 bytes)

Product version:
2.0.2.2627

Copyright:
Copyright (C) 2013

Original file name:
iXB.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\vtt_ar_v9.exe

Digital Signature
Signed by:
Beijing ELEX Technology Co.,Ltd

Authority:
GlobalSign nv-sa

Valid from:
7/26/2013 2:54:20 AM

Valid to:
7/27/2014 2:54:20 AM

Subject:
CN="Beijing ELEX Technology Co.,Ltd", O="Beijing ELEX Technology Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112131F67BDEA1D6D12E11D656C8BE509ECE

File PE Metadata
Compilation timestamp:
8/29/2013 4:33:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:cSeYSGnP4Q055HkZx6dEMHLPkliXvFnHk46W:cSjdPS5H+IHHLP/Xvq46W

Entry address:
0x1000

Entry point:
68, 01, A0, 4B, 00, E8, 01, 00, 00, 00, C3, C3, 69, C8, 9B, BC, FC, 29, 17, 06, 33, AB, FE, 9F, BB, 44, F7, 9E, 48, C8, 25, C8, 6F, 30, B0, A7, C9, 86, E7, C6, 22, 94, EA, 3D, B4, E6, BC, 38, 6B, 6D, 45, BA, 46, 7E, F6, C1, 53, 15, 7B, 31, 83, DD, 59, 25, 4C, 6B, 55, BE, 3F, 84, AC, B5, F1, 3C, AA, F6, 66, 02, CD, EF, 99, 49, 39, 01, 14, 01, 1D, D8, 88, 6F, 8B, 1E, 10, 1D, 5B, 62, 32, E6, 84, BF, AA, 43, BE, D2, 3F, 40, A2, 42, 05, 8E, 0F, D6, 7C, EA, 7B, 88, 38, 42, 15, 5C, 7B, 3B, F5, 12, 28, 6B, 6E, 59...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
494 KB (505,856 bytes)

Remove vtt_ar_v9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.