× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 276de439d900d6fc8a589bad01bf71e4379c3ce0228d57ec0620542b51d2e76d
File name: calc.jpg
Detection ratio: 6 / 56
Analysis date: 2016-04-06 14:35:04 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.E779 20160406
Fortinet W32/Kryptik.ESXL!tr 20160404
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160406
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160406
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160406
Sophos AV Mal/Ransom-EG 20160406
Ad-Aware 20160406
AegisLab 20160406
AhnLab-V3 20160406
Alibaba 20160406
ALYac 20160406
Antiy-AVL 20160406
Arcabit 20160406
Avast 20160406
AVG 20160406
Avira (no cloud) 20160406
AVware 20160406
Baidu 20160405
Baidu-International 20160406
BitDefender 20160406
CAT-QuickHeal 20160406
ClamAV 20160405
CMC 20160404
Comodo 20160406
Cyren 20160406
DrWeb 20160406
Emsisoft 20160406
ESET-NOD32 20160406
F-Prot 20160406
F-Secure 20160406
GData 20160406
Ikarus 20160406
Jiangmin 20160406
K7AntiVirus 20160406
K7GW 20160404
Kaspersky 20160406
Kingsoft 20160406
Malwarebytes 20160406
McAfee 20160406
Microsoft 20160406
eScan 20160406
NANO-Antivirus 20160406
nProtect 20160406
Panda 20160405
SUPERAntiSpyware 20160406
Symantec 20160331
Tencent 20160406
TheHacker 20160405
TrendMicro 20160406
TrendMicro-HouseCall 20160406
VBA32 20160406
VIPRE 20160406
ViRobot 20160406
Yandex 20160405
Zillya 20160405
Zoner 20160406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-09 20:29:39
Entry Point 0x000275D1
Number of sections 4
PE sections
PE imports
CheckSumMappedFile
SymGetSymFromAddr
SymSetOptions
SymGetModuleInfo
ImageDirectoryEntryToData
MapDebugInformation
ImageGetCertificateHeader
GetTimestampForLoadedLibrary
MapFileAndCheckSumA
ImagehlpApiVersionEx
ImageGetDigestStream
SymInitialize
MakeSureDirectoryPathExists
SymEnumerateModules
CreateEventW
GetShortPathNameW
GetStringTypeA
GetModuleHandleA
ReadFile
HeapDestroy
CreateFileW
FlushFileBuffers
Number of PE resources by type
RT_ACCELERATOR 3
RT_DIALOG 3
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
KYRGYZ DEFAULT 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.79.241.195

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
163840

EntryPoint
0x275d1

OriginalFileName
Witter.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018

FileVersion
145, 7, 94, 114

TimeStamp
2013:07:09 21:29:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bramble

ProductVersion
4, 13, 113, 171

FileDescription
Swapper

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Chrontel, Inc.

CodeSize
159744

FileSubtype
0

ProductVersionNumber
0.117.175.206

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 71b3d2ffdbf162434cc6b3daab3f29b9
SHA1 ab8bd52bbc1dfe3099df73fafc8504f4fa5e1430
SHA256 276de439d900d6fc8a589bad01bf71e4379c3ce0228d57ec0620542b51d2e76d
ssdeep
3072:fCvt6zHHoCHi3dP/q288hz6j6XHDoSujdD6pIpXeXx6yVhJ/U0cDPbn:6t4HJCtP9thzT30j8p3Uez/wTb

authentihash d7faf2cb70ed4aaf4ce97b7549a872713e18ef678494c37b964d272f4d0a2dfd
imphash 03c4f2b5c3b97bb0539e12ad127a71d9
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-06 13:30:29 UTC ( 2 years, 6 months ago )
Last submission 2016-09-12 08:09:43 UTC ( 2 years, 1 month ago )
File names artifact-276de439d900d6fc8a589bad01bf71e4379c3ce0228d57ec0620542b51d2e76d
calc.exe
galax_exe
calc.jpg
276de439d900d6fc8a589bad01bf71e4379c3ce0228d57ec0620542b51d2e76d.exe.000
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications