× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b90dd26a14956789c87d4779acc503467f35263df99c09defba0d84f322a5de0
File name: newcalc.exe
Detection ratio: 21 / 42
Analysis date: 2011-10-25 15:25:24 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
AVG PSW.Generic9.AFMV 20111025
AntiVir TR/PSW.Zbot.Y.2890 20111025
BitDefender Trojan.Generic.KD.384797 20111025
ByteHero Trojan.Win32.Heur.Gen 20110923
Comodo UnclassifiedMalware 20111025
DrWeb Trojan.PWS.Panda.655 20111025
Emsisoft Trojan-Spy.Win32.Zbot!IK 20111025
F-Secure Trojan.Generic.KD.384797 20111025
GData Trojan.Generic.KD.384797 20111025
Ikarus Trojan-Spy.Win32.Zbot 20111025
K7AntiVirus Spyware 20111025
Kaspersky Trojan-Spy.Win32.Zbot.clpj 20111025
McAfee Artemis!C60A3292AC07 20111025
McAfee-GW-Edition Artemis!C60A3292AC07 20111025
Microsoft PWS:Win32/Zbot.gen!Y 20111025
NOD32 a variant of Win32/Kryptik.UKV 20111025
Panda Trj/CI.A 20111025
Sophos Mal/EncPk-ABK 20111025
Symantec WS.Reputation.1 20111025
VIPRE Trojan.Win32.Generic!BT 20111025
ViRobot Trojan.Win32.Zbot.190464.E 20111025
AhnLab-V3 20111024
Antiy-AVL 20111025
Avast 20111025
CAT-QuickHeal 20111025
ClamAV 20111025
Commtouch 20111025
F-Prot 20111025
Fortinet 20111025
Jiangmin 20111025
PCTools 20111025
Prevx 20111025
Rising 20111025
SUPERAntiSpyware 20111025
TheHacker 20111025
TrendMicro 20111025
TrendMicro-HouseCall 20111025
VBA32 20111025
VirusBuster 20111024
eSafe 20111024
eTrust-Vet 20111025
nProtect 20111025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Asses © Aspen Amy 2002-2010

Publisher Radialpoint Inc.
Product Whew Pout Signal Asses
Version 5.10
Original name Powder.exe
Internal name Dublin Aha Diary Brag
File version 5.10
Description Visa Girth Brass Danny
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-28 01:40:42
Link date 2:40 AM 6/28/2011
Entry Point 0x0003D080
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_FONT 6
RT_DIALOG 5
RT_VERSION 1
Number of PE resources by language
ENGLISH US 12
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.5

ImageVersion
10.3

FileSubtype
0

FileVersionNumber
5.10.0.0

UninitializedDataSize
61440

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Asses Aspen Amy 2002-2010

FileVersion
5.1

TimeStamp
2011:06:28 02:40:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dublin Aha Diary Brag

FileAccessDate
2013:05:29 23:55:43+01:00

ProductVersion
5.1

FileDescription
Visa Girth Brass Danny

OSVersion
8.1

FileCreateDate
2013:05:29 23:55:43+01:00

OriginalFilename
Powder.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Radialpoint Inc.

CodeSize
188416

ProductName
Whew Pout Signal Asses

ProductVersionNumber
5.10.0.0

EntryPoint
0x3d080

ObjectFileType
Executable application

File identification
MD5 c60a3292ac0701e066c1c0f414eb0770
SHA1 9486db513f5172e2ad34dd35c200c3be656d2a81
SHA256 b90dd26a14956789c87d4779acc503467f35263df99c09defba0d84f322a5de0
ssdeep
3072:TYdY4uAGSujrtiJbjKk7HJXd+9N0pA8769b4szHz4mrdIPQrF+ZlCaLQlyBjot6j:llAlugJbemJXh57E/mLslyxd

File size 186.0 KB ( 190464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (8.7%)
Generic Win/DOS Executable (2.6%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-10-25 07:02:16 UTC ( 2 years, 6 months ago )
Last submission 2013-05-29 22:55:10 UTC ( 10 months, 4 weeks ago )
File names c60a3292ac0701e066c1c0f414eb0770.exe
9486db513f5172e2ad34dd35c200c3be656d2a81.bin
Dublin Aha Diary Brag
Powder.exe
zeusbin_c60a3292ac0701e066c1c0f414eb0770.ex0
newcalc (2).exe
C60A3292AC0701E066C1C0F414EB0770
smona131961076757236657652
newcalc.exe
c60a3292ac0701e066c1c0f414eb0770
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!