× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 969bad4d52672e8b6475e88d266337906022c47966daba0c5dfedc1321885470
File name: calc.exe.bin
Detection ratio: 34 / 43
Analysis date: 2011-10-09 20:36:57 UTC ( 6 years, 1 month ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Buterat 20111009
AntiVir TR/Winwebsec.A.2757 20111009
Antiy-AVL Trojan/Win32.FraudLoad.gen 20111009
Avast Win32:Kryptik-FBB [Trj] 20111009
AVG SHeur4.DRW 20111007
BitDefender Trojan.Generic.6687209 20111009
CAT-QuickHeal TrojanDownloader.FraudLoad.zl 20111007
Comodo TrojWare.Win32.Trojan.Agent.Gen 20111009
DrWeb Trojan.Fakealert.25378 20111009
Emsisoft Trojan.Win32.Jorik!IK 20111009
eTrust-Vet Win32/FakeAV.UCR!genus 20111007
F-Secure Trojan.Generic.6687209 20111009
Fortinet W32/FraudLoad.OS!tr.dldr 20111009
GData Trojan.Generic.6687209 20111009
Ikarus Trojan.Win32.Jorik 20111009
Jiangmin Trojan/PersonalSheild.g 20111009
K7AntiVirus Trojan-Downloader 20111008
Kaspersky Trojan-Downloader.Win32.FraudLoad.zlqr 20111009
McAfee FakeAlert-SecurityTool.bt 20111009
McAfee-GW-Edition FakeAlert-SecurityTool.bt 20111009
Microsoft Rogue:Win32/Winwebsec 20111009
NOD32 a variant of Win32/Kryptik.TLM 20111009
Norman W32/Kryptik.ALN 20111009
nProtect Trojan/W32.Agent.421888.JF 20111009
Panda Adware/SecuritySphere2012 20111009
PCTools Trojan.FakeAV!rem 20111009
Sophos AV Mal/FakeAV-OS 20111009
SUPERAntiSpyware Trojan.Agent/Gen-FakeAV 20111008
Symantec Trojan.FakeAV 20111009
TheHacker Trojan/Kryptik.tlm 20111009
TrendMicro TROJ_GEN.F47C8J2 20111009
TrendMicro-HouseCall TROJ_GEN.F47C8J2 20111009
VIPRE Trojan.Win32.Generic!BT 20111009
VirusBuster Trojan.Kryptik!5BKiieatNNY 20111009
ByteHero 20110923
ClamAV 20111009
Commtouch 20111009
eSafe 20111006
F-Prot 20111009
Prevx 20111009
Rising 20111009
VBA32 20111007
ViRobot 20111009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-09-30 08:01:30
Entry Point 0x000050F8
Number of sections 5
PE sections
PE imports
AVIBuildFilterA
SelectObject
CreateBitmapIndirect
GetSystemTime
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GlobalFree
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
VirtualProtect
LoadLibraryA
GlobalAlloc
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
GetStartupInfoA
SizeofResource
LockResource
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
SuspendThread
FindResourceExA
CreateThread
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
FreeResource
TerminateProcess
GetEnvironmentStrings
LoadResource
lstrcpyA
VirtualQuery
VirtualFree
GetEnvironmentStringsW
Sleep
GetFileType
ExitProcess
GetVersion
FindResourceA
VirtualAlloc
HeapCreate
SetLastError
GetDesktopWindow
SetSysColors
IsWindowVisible
LoadIconA
WSAEventSelect
Number of PE resources by type
RT_ICON 3
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:09:30 09:01:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

FileAccessDate
2014:04:01 19:02:53+01:00

EntryPoint
0x50f8

InitializedDataSize
389120

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:01 19:02:53+01:00

UninitializedDataSize
0

File identification
MD5 7f92e63652c5ba7e29ed35ddf37afb4b
SHA1 29053e238220e3271c49dc61aacde4377e6ccd09
SHA256 969bad4d52672e8b6475e88d266337906022c47966daba0c5dfedc1321885470
ssdeep
6144:Y347zfXgbTqi8A2rxCn3l0HRC//uFGnW6BV5+ixggkJoIDFmIZNu5HugMc85WG3:Y34nyb5Qwn12g/4GnW69PgAqIUP

imphash 50539ec98248df99c8fcfd9b45662e96
File size 412.0 KB ( 421888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-09-30 09:23:37 UTC ( 6 years, 1 month ago )
Last submission 2014-04-01 17:55:35 UTC ( 3 years, 7 months ago )
File names 0.6224462083654585.exe
cLhr.xlsm
969bad4d52672e8b6475e88d266337906022c47966daba0c5dfedc1321885470
29053e238220e3271c49dc61aacde4377e6ccd09.bin
0.2556587377611057.exe
7f92e63652c5ba7e29ed35ddf37afb4b
0.647057968443863.exe
vtEB.msi
FA0ED20C00AF236E704C06B8BC198300B437AC92.dll
calc.exe.bin
contacts(2).exe
66
0.8698719730050336.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!