× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 672b549b291160bdda36efbfe795b2146fa3481b9db31bfb469f548122c697a4
File name: calc.ex
Detection ratio: 1 / 43
Analysis date: 2012-02-06 20:24:42 UTC ( 7 years ago ) View latest
Antivirus Result Update
DrWeb Trojan.PWS.SpySweep.143 20120206
AhnLab-V3 20120206
AntiVir 20120206
Antiy-AVL 20120206
Avast 20120206
AVG 20120206
BitDefender 20120206
ByteHero 20120126
CAT-QuickHeal 20120206
ClamAV 20120206
Commtouch 20120206
Comodo 20120206
Emsisoft 20120206
eSafe 20120202
eTrust-Vet 20120206
F-Prot 20120201
F-Secure 20120206
Fortinet 20120206
GData 20120206
Ikarus 20120206
Jiangmin 20120206
K7AntiVirus 20120206
Kaspersky 20120206
McAfee 20120206
McAfee-GW-Edition 20120206
Microsoft 20120206
NOD32 20120206
Norman 20120206
nProtect 20120206
Panda 20120206
PCTools 20120205
Prevx 20120206
Rising 20120206
Sophos AV 20120206
SUPERAntiSpyware 20120206
Symantec 20120206
TheHacker 20120206
TrendMicro 20120206
TrendMicro-HouseCall 20120206
VBA32 20120206
VIPRE 20120206
ViRobot 20120206
VirusBuster 20120206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Number of sections 4
PE sections
PE imports
[+] GDI32.dll
GetCharWidthA
[+] KERNEL32.dll
GetProcAddress, MultiByteToWideChar, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, HeapDestroy, HeapCreate, VirtualFree, HeapFree, VirtualAlloc, HeapReAlloc, RtlUnwind, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, WriteFile, GetLastError, CloseHandle, GetCPInfo, GetACP, GetOEMCP, LoadLibraryA, SetStdHandle, FlushFileBuffers, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetFilePointer
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:06 16:42:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
129024

LinkerVersion
7.1

EntryPoint
0x1d876

InitializedDataSize
245248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 35a28a83fdb9303e4afe4c17768c1ff6
SHA1 adb93905b473402f18593cfd1521961aaf8aafb0
SHA256 672b549b291160bdda36efbfe795b2146fa3481b9db31bfb469f548122c697a4
ssdeep
6144:9epUytLLbuumxThLC6G6hic8EthxvlQ8MHT0SUcN51H66:9epTLHNAThLfhic/JvlmAShu6

File size 366.5 KB ( 375296 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (69.2%)
Win32 Executable MS Visual C++ (generic) (19.3%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)
Win16/32 Executable Delphi generic (1.0%)
VirusTotal metadata
First submission 2012-02-06 20:24:42 UTC ( 7 years ago )
Last submission 2012-02-29 04:52:51 UTC ( 6 years, 11 months ago )
File names calc.ex
adb93905b473402f18593cfd1521961aaf8aafb0.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy