× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49079d6f8dd4ee2b1aa7fef9404342dea50dfc64d509dd8a337989ab0a7c5364
File name: Cal
Detection ratio: 42 / 68
Analysis date: 2018-09-18 00:08:13 UTC ( 2 days, 12 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40379147 20180917
AhnLab-V3 Trojan/Win32.Kryptik.C2656279 20180917
ALYac Trojan.GenericKD.40379147 20180918
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20180917
Avast Win32:Malware-gen 20180918
AVG Win32:Malware-gen 20180918
BitDefender Trojan.GenericKD.40379147 20180918
CAT-QuickHeal Trojan.IGENERIC 20180917
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Cybereason malicious.3bc783 20180225
Cylance Unsafe 20180918
Cyren W32/Trojan.HWKO-9373 20180918
Emsisoft Trojan.GenericKD.40379147 (B) 20180918
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJQK 20180917
F-Secure Trojan.GenericKD.40379147 20180918
Fortinet W32/Kryptik.EJXP!tr 20180918
GData Trojan.GenericKD.40379147 20180918
Ikarus Trojan.Crypt 20180917
Sophos ML heuristic 20180717
Jiangmin Backdoor.Androm.abde 20180917
K7AntiVirus Trojan ( 00539e261 ) 20180917
K7GW Trojan ( 00539e261 ) 20180917
Kaspersky Backdoor.Win32.Androm.qfdo 20180917
Malwarebytes Spyware.LokiBot 20180917
MAX malware (ai score=100) 20180918
McAfee Generic.dxl 20180918
McAfee-GW-Edition BehavesLike.Win32.Ransom.gc 20180917
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180917
eScan Trojan.GenericKD.40379147 20180918
Palo Alto Networks (Known Signatures) generic.ml 20180918
Panda Trj/GdSda.A 20180917
Qihoo-360 Win32/Backdoor.0c0 20180918
Rising Backdoor.Androm!8.113 (CLOUD) 20180918
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/Generic-S 20180917
Symantec Trojan.Gen.2 20180917
Tencent Win32.Backdoor.Androm.Dvpt 20180918
TrendMicro TROJ_GEN.R002C0DH918 20180917
TrendMicro-HouseCall TROJ_GEN.R002C0DH918 20180917
VBA32 Backdoor.Androm 20180917
ZoneAlarm by Check Point Backdoor.Win32.Androm.qfdo 20180917
AegisLab 20180917
Alibaba 20180713
Arcabit 20180918
Avast-Mobile 20180917
Avira (no cloud) 20180917
AVware 20180918
Babable 20180907
Baidu 20180914
Bkav 20180917
ClamAV 20180917
CMC 20180917
Comodo 20180917
DrWeb 20180917
eGambit 20180918
F-Prot 20180918
Kingsoft 20180918
NANO-Antivirus 20180917
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180917
TheHacker 20180914
TotalDefense 20180915
Trustlook 20180918
VIPRE 20180917
ViRobot 20180917
Webroot 20180918
Yandex 20180917
Zillya 20180917
Zoner 20180917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c). All rights reserved.

Product Cal
Original name Cal
Internal name Cal
File version 4.1.7.2
Description 1970 Ferns Stupid Sctti
Comments 1970 Ferns Stupid Sctti
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-07 22:58:28
Entry Point 0x000114F2
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
CryptGenRandom
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
capGetDriverDescriptionA
Ord(6)
InitCommonControlsEx
CreatePen
SaveDC
CreateFontIndirectA
SetStretchBltMode
GetPixel
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
EndDoc
StartPage
BitBlt
CreateBitmapIndirect
SetTextColor
GetObjectA
DescribePixelFormat
MoveToEx
GetStockObject
CreateCompatibleDC
EndPage
SelectObject
StartDocA
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
GetTextExtentPoint32A
ImmDisableTextFrameService
ImmGetCompositionStringA
ImmEnumInputContext
ImmGetContext
GetStdHandle
GetConsoleOutputCP
GetOverlappedResult
WaitForSingleObject
HeapDestroy
DebugBreak
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
LoadResource
TlsGetValue
OutputDebugStringA
SetLastError
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
LoadLibraryExA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
SetFilePointer
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
WriteConsoleA
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetFileSize
GetProcAddress
GetProcessHeap
CreateFileMappingW
lstrcmpA
lstrcpyA
ResetEvent
GetProcessWorkingSetSize
GlobalLock
CreateFileW
GetConsoleWindow
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GlobalAlloc
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
CancelIo
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
CloseHandle
lstrcpynA
GetACP
SizeofResource
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
FindResourceA
VirtualAlloc
TransparentBlt
GradientFill
NetServerGetInfo
NetApiBufferFree
LoadRegTypeLib
OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringLen
VariantClear
SysAllocString
LoadTypeLib
SysFreeString
VariantInit
VarUI4FromStr
UuidToStringA
RpcStringFreeA
UuidCreate
SHGetPathFromIDListA
SHParseDisplayName
PathFileExistsW
StrChrA
SetFocus
RedrawWindow
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
GetDC
GetCursorPos
DrawTextA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetMenuDefaultItem
LoadAcceleratorsA
GetWindowTextLengthA
GetActiveWindow
ShowCursor
LoadImageA
GetMenuItemCount
GetWindowTextA
InvalidateRgn
RegisterClassExA
DestroyWindow
GetMessageA
GetParent
EnumWindows
GetClassInfoExA
ShowWindow
SetClassLongA
DrawFrameControl
GetClipboardFormatNameA
PeekMessageA
TranslateMessage
GetWindow
GetIconInfo
LoadStringA
LoadStringW
TrackPopupMenuEx
DrawFocusRect
CreateWindowExA
FillRect
MonitorFromPoint
CopyRect
CreateAcceleratorTableA
IsChild
MapWindowPoints
DrawEdge
SetCapture
BeginPaint
OffsetRect
ReleaseCapture
GetMonitorInfoA
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
SetClipboardViewer
GetSystemMetrics
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
CreatePopupMenu
CheckMenuItem
GetWindowLongA
PtInRect
SetTimer
GetDlgItem
CreateDialogParamA
ClientToScreen
LoadCursorA
LoadIconA
GetMenuItemInfoA
DestroyAcceleratorTable
GetDesktopWindow
OpenClipboard
EmptyClipboard
ReleaseDC
EndDialog
LoadMenuA
CharNextA
ScreenToClient
SetWindowTextA
MessageBeep
RemoveMenu
AppendMenuA
SetDlgItemTextA
MoveWindow
ChangeClipboardChain
DialogBoxParamA
GetSysColor
CopyImage
SystemParametersInfoA
DestroyIcon
IsWindowVisible
SetRect
InvalidateRect
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
SetWindowTheme
UnlockUrlCacheEntryFileA
ReadUrlCacheEntryStream
GetOpenFileNameA
PrintDlgA
GetSaveFileNameA
ChooseFontA
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromString
CreateDataAdviseHolder
CoTaskMemAlloc
CoCreateInstance
ReleaseStgMedium
RegisterDragDrop
CLSIDFromProgID
CoTaskMemRealloc
OleUninitialize
CreateDataCache
RevokeDragDrop
OleGetClipboard
OleInitialize
CoTaskMemFree
StringFromGUID2
CoGetClassObject
PdhGetFormattedCounterValue
PdhBrowseCountersA
Number of PE resources by type
RT_ICON 8
TEMPLATES 4
GIF 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
CodeSize
188416

SubsystemVersion
4.0

Comments
1970 Ferns Stupid Sctti

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.7.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
1970 Ferns Stupid Sctti

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
253952

PrivateBuild
4.1.7.2

EntryPoint
0x114f2

OriginalFileName
Cal

MIMEType
application/octet-stream

LegalCopyright
(c). All rights reserved.

FileVersion
4.1.7.2

TimeStamp
2018:08:07 23:58:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cal

ProductVersion
4.1.7.2

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Soft4Boost Ltd.

LegalTrademarks
(c). All rights reserved.

ProductName
Cal

ProductVersionNumber
4.1.7.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1345d293bc78373f0e2cf927380a2e6a
SHA1 1bfd68642ea8668846fbfde158f1e62bce09abf1
SHA256 49079d6f8dd4ee2b1aa7fef9404342dea50dfc64d509dd8a337989ab0a7c5364
ssdeep
6144:O7cI5+B66v+3MOP1kRO+rlb819dAbA82QGVU3mKjXZGwCKMQfg3fb:eB+46m3MOP1kRP581nAbAZKmUuQfgPb

authentihash fbcd019f9023ec9687e078dcb5585aeb2c532b883118615479070b8758c6ca25
imphash 7cde136d648d51f3fe45fda72df06ac6
File size 436.0 KB ( 446464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-08 06:55:55 UTC ( 1 month, 1 week ago )
Last submission 2018-08-08 06:55:55 UTC ( 1 month, 1 week ago )
File names PDF_SAUDI ARAMCO QUOTATION REQUEST NO. 6200895160.exe
Cal
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications