× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07a399cb61b31d9f86f3f20ff13d6acc8e967f64b7e1d16d5badc46c642e434b
File name: calc.mp3
Detection ratio: 32 / 56
Analysis date: 2016-11-07 05:20:04 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3672452 20161107
AegisLab Troj.W32.Gen.lNNz 20161107
AhnLab-V3 Trojan/Win32.Razy.N2147438852 20161106
ALYac Trojan.GenericKD.3672452 20161107
Antiy-AVL Trojan/Win32.Razy 20161107
Arcabit Trojan.Generic.D380984 20161107
Avast Win32:Malware-gen 20161107
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161107
BitDefender Trojan.GenericKD.3672452 20161107
Bkav HW32.Packed.27BD 20161105
CAT-QuickHeal (Suspicious) - DNAScan 20161105
Comodo Heur.Packed.Unknown 20161107
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
ESET-NOD32 a variant of Win32/Kryptik.FJDI 20161107
F-Secure Trojan.GenericKD.3672452 20161107
Fortinet W32/Kryptik.FJDI!tr 20161107
GData Trojan.GenericKD.3672452 20161107
Ikarus Trojan.Win32.Crypt 20161106
Sophos ML backdoor.win32.drixed.m 20161018
K7GW Trojan ( 004fc68e1 ) 20161107
Kaspersky Trojan.Win32.Razy.cex 20161107
McAfee Artemis!8FE620FB2D04 20161107
McAfee-GW-Edition BehavesLike.Win32.BadFile.ch 20161107
Microsoft Trojan:Win32/Dynamer!ac 20161107
eScan Trojan.GenericKD.3672452 20161107
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161107
Sophos AV Mal/Generic-S 20161107
Symantec Heur.AdvML.B 20161107
Tencent Win32.Trojan.Kryptik.Egos 20161107
TrendMicro TROJ_GEN.R01BC0DK616 20161107
TrendMicro-HouseCall TROJ_GEN.R01BC0DK616 20161107
Yandex Trojan.Kryptik!0011XrcwKCs 20161106
Alibaba 20161107
AVG 20161107
Avira (no cloud) 20161106
AVware 20161107
ClamAV 20161107
CMC 20161106
Cyren 20161107
DrWeb 20161107
F-Prot 20161107
Jiangmin 20161107
K7AntiVirus 20161106
Kingsoft 20161107
Malwarebytes 20161106
NANO-Antivirus 20161107
nProtect 20161107
Panda 20161106
Rising 20161107
SUPERAntiSpyware 20161107
TheHacker 20161106
TotalDefense 20161106
VBA32 20161105
VIPRE 20161107
ViRobot 20161106
Zillya 20161105
Zoner 20161107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-04 17:37:28
Entry Point 0x0000B8C0
Number of sections 6
PE sections
PE imports
GetComputerNameW
GetLastError
RaiseException
InitAtomTable
GetProcessShutdownParameters
LocalAlloc
InterlockedExchange
WriteConsoleW
FindActCtxSectionGuid
LoadLibraryA
GetProcAddress
FreeLibrary
MprAdminTransportGetInfo
Ord(179)
_chkstk
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:11:04 18:37:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
18.1

EntryPoint
0xb8c0

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
3.1

UninitializedDataSize
0

File identification
MD5 8fe620fb2d0461983ea85b71d793e096
SHA1 c82977c1fd7302b0217613e5328c1775823212ca
SHA256 07a399cb61b31d9f86f3f20ff13d6acc8e967f64b7e1d16d5badc46c642e434b
ssdeep
3072:xJ1lS0Df+AcJTJegpLWob/6BwKi6gfZ6Jp+jH7xOBL9As1Fx:/1l/mA2TJegpKoL/Kiz0p+jHEpPFx

authentihash 0df70cf7cf3b693ba05aa609747e4cc908002feba648afffc1fe67e0c00b46d5
imphash cf4c5cac8c4842f2af9abb3fdd821d0d
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-04 14:20:59 UTC ( 2 years, 4 months ago )
Last submission 2016-12-17 03:09:16 UTC ( 2 years, 3 months ago )
File names calc.mp3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
UDP communications