× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c0c33a4985b8663d527bee198fbd8c2f934e124462b7e40f5448aabf21620f6b
File name: bettle.exe
Detection ratio: 4 / 53
Analysis date: 2015-12-23 14:04:28 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.DC7C 20151223
ESET-NOD32 a variant of Win32/Injector.COYV 20151223
Kaspersky UDS:DangerousObject.Multi.Generic 20151223
Sophos AV Mal/Generic-S 20151223
Ad-Aware 20151223
AegisLab 20151223
Yandex 20151220
AhnLab-V3 20151223
Alibaba 20151208
ALYac 20151223
Antiy-AVL 20151223
Arcabit 20151223
Avast 20151223
AVG 20151223
Avira (no cloud) 20151223
AVware 20151223
Baidu-International 20151223
BitDefender 20151223
ByteHero 20151223
CAT-QuickHeal 20151223
ClamAV 20151222
CMC 20151217
Comodo 20151223
Cyren 20151223
DrWeb 20151223
Emsisoft 20151223
F-Prot 20151223
F-Secure 20151223
Fortinet 20151223
GData 20151223
Ikarus 20151223
Jiangmin 20151223
K7AntiVirus 20151223
K7GW 20151223
Malwarebytes 20151223
McAfee 20151223
McAfee-GW-Edition 20151223
Microsoft 20151223
eScan 20151223
NANO-Antivirus 20151223
nProtect 20151223
Panda 20151222
Rising 20151223
SUPERAntiSpyware 20151223
Symantec 20151222
TheHacker 20151223
TrendMicro 20151223
TrendMicro-HouseCall 20151223
VBA32 20151223
VIPRE 20151219
ViRobot 20151223
Zillya 20151223
Zoner 20151223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2011

Product TotalChaxun
Original name TotalChaxun.exe
Internal name TotalChaxun
File version 1, 0, 0, 1
Description TotalChaxun
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-21 16:42:22
Entry Point 0x0000285C
Number of sections 6
PE sections
PE imports
RegDeleteKeyA
TextOutA
GetObjectA
TextOutW
GetObjectW
GetStartupInfoA
GlobalMemoryStatus
CreateThread
GetModuleFileNameW
GetModuleHandleA
OpenProcess
ReadFile
VirtualQuery
SetEvent
GetCPInfo
ClearCommBreak
FindNextFileW
CreateFileW
DeleteFileW
Ord(1775)
Ord(2358)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(693)
Ord(6375)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(6366)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4402)
Ord(3640)
Ord(5199)
Ord(567)
Ord(1134)
Ord(4465)
Ord(609)
Ord(2863)
Ord(5300)
Ord(4425)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(2581)
Ord(5307)
Ord(4441)
Ord(4401)
Ord(4424)
Ord(540)
Ord(3639)
Ord(4078)
Ord(2554)
Ord(4376)
Ord(6376)
Ord(1727)
Ord(3370)
Ord(823)
Ord(2642)
Ord(2379)
Ord(2725)
Ord(1776)
Ord(4998)
Ord(5981)
Ord(4219)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2413)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2370)
Ord(1771)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(6052)
Ord(4160)
Ord(3574)
Ord(3402)
Ord(2582)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3092)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(2024)
Ord(692)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
_except_handler3
__p__fmode
fread
_XcptFilter
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
strcmp
_setmbcp
__dllonexit
_onexit
exit
free
__getmainargs
_initterm
_controlfp
fopen
_adjust_fdiv
__set_app_type
CreateDialogParamW
PeekMessageW
GetSystemMetrics
LoadIconA
EnableWindow
DefDlgProcA
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
SetDlgItemTextW
AppendMenuA
Number of PE resources by type
RT_ICON 4
RT_VERSION 2
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
RUSSIAN 1
ENGLISH CAN 1
GREEK DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Japanese

FileFlagsMask
0x003f

CharacterSet
Windows, Hebrew

InitializedDataSize
188416

EntryPoint
0x285c

OriginalFileName
TotalChaxun.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2011

FileVersion
1, 0, 0, 1

TimeStamp
2015:12:21 17:42:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TotalChaxun

ProductVersion
1, 0, 0, 1

FileDescription
TotalChaxun

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
7356416

ProductName
TotalChaxun

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 265f3b610aed3745ba19fd795a748e57
SHA1 a2723e3a6f1d7293e0d0f1f15ead8eda2da5e822
SHA256 c0c33a4985b8663d527bee198fbd8c2f934e124462b7e40f5448aabf21620f6b
ssdeep
3072:UNVn+946cMRDDJqY56ILWiZEMS6/+JufhWwvwmxF1UwJdY0fSFkQIw0IyB:UNV+94LM/qYdSc+8Et0DfTQIVL

authentihash 9ab804236b1f28c6b98b93f245c067e202c3799f5577500838fd38dfce743eab
imphash 0b025ff39559839647e02add9264cbdb
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-23 11:24:35 UTC ( 1 year, 11 months ago )
Last submission 2016-04-08 15:36:53 UTC ( 1 year, 7 months ago )
File names TotalChaxun.exe
bettle.php
volvo_120.exe
test.exe
c0c33a4985b8663d527bee198fbd8c2f934e124462b7e40f5448aabf21620f6b.exe
bettle.exe.2460.dr
265f3b610aed3745ba19fd795a748e57.exe
a2723e3a6f1d7293e0d0f1f15ead8eda2da5e822.exe
TotalChaxun
bettle.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!