× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6e124cd893c83783eb7e5d5c284cd2e77cf6d74e81a342c4b45e3cb27dbce51
File name: FK-11-JRT2911.pif.dat
Detection ratio: 3 / 55
Analysis date: 2015-11-30 14:46:16 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/PSW.Papras.EK 20151130
Kaspersky UDS:DangerousObject.Multi.Generic 20151130
Qihoo-360 QVM07.1.Malware.Gen 20151130
Ad-Aware 20151130
AegisLab 20151130
Yandex 20151129
AhnLab-V3 20151130
Alibaba 20151130
ALYac 20151130
Antiy-AVL 20151130
Arcabit 20151130
Avast 20151130
AVG 20151130
Avira (no cloud) 20151130
AVware 20151130
Baidu-International 20151130
BitDefender 20151130
Bkav 20151130
ByteHero 20151130
CAT-QuickHeal 20151130
ClamAV 20151130
CMC 20151130
Comodo 20151130
Cyren 20151130
DrWeb 20151130
Emsisoft 20151130
F-Prot 20151130
F-Secure 20151130
Fortinet 20151130
GData 20151130
Ikarus 20151130
Jiangmin 20151129
K7AntiVirus 20151130
K7GW 20151130
Malwarebytes 20151130
McAfee 20151130
McAfee-GW-Edition 20151130
Microsoft 20151130
eScan 20151130
NANO-Antivirus 20151130
nProtect 20151130
Panda 20151130
Rising 20151129
Sophos AV 20151130
SUPERAntiSpyware 20151130
Symantec 20151129
Tencent 20151130
TheHacker 20151127
TrendMicro 20151130
TrendMicro-HouseCall 20151130
VBA32 20151130
VIPRE 20151130
ViRobot 20151130
Zillya 20151130
Zoner 20151130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-06-24 00:01:11
Entry Point 0x00054E82
Number of sections 5
PE sections
PE imports
ImageList_DrawEx
CreateRoundRectRgn
GetCharacterPlacementA
GlobalSize
GetStartupInfoA
EraseTape
GetModuleHandleA
GetWindowsDirectoryW
CreateMutexW
GetTimeFormatA
FoldStringW
FreeEnvironmentStringsW
GetConsoleTitleA
GetCurrentThreadId
GetExpandedNameA
__p__fmode
_acmdln
_read
__p__commode
__setusermatherr
_mbspbrk
_mbctombb
_eof
_initterm
_controlfp
_commit
_adjust_fdiv
__set_app_type
StrSpnW
PathParseIconLocationW
PathFindExtensionW
PathIsPrefixW
PathRemoveArgsW
SHRegGetUSValueA
PathIsSystemFolderW
PathRelativePathToA
PathStripToRootW
PathMakeSystemFolderW
StrCSpnW
PathRelativePathToW
SHQueryInfoKeyW
PathRemoveFileSpecW
PathSetDlgItemPathW
PathRemoveFileSpecA
PathMatchSpecW
StrDupW
PathQuoteSpacesW
PathMatchSpecA
PathAddExtensionW
PathGetArgsW
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 6
RT_MENU 4
RT_STRING 3
RT_RCDATA 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 17
ENGLISH US 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.127.174.91

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
376832

EntryPoint
0x54e82

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
26, 199, 62, 243

TimeStamp
2006:06:24 00:01:11+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cancellations

ProductVersion
175, 141, 71, 80

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Euro Plus d.o.o.

CodeSize
348160

ProductName
Calibrate Badlands

ProductVersionNumber
0.126.164.10

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5b52daed21f7ddbcef83128e820c9492
SHA1 b31cdb26d5aa736c460db5804eea807bec0ac4d4
SHA256 e6e124cd893c83783eb7e5d5c284cd2e77cf6d74e81a342c4b45e3cb27dbce51
ssdeep
12288:2Qb7fCJZqYTb+OmzBen2U7HGy4UtgpoWOGIhP7:2Q+M+k1e2xUtRWg9

authentihash 61e5a71545362e136b4b59a52856a39a3c1504027c23c4716cfa9893083b1d25
imphash 0a65b54d6a2fe3b5a4419962121dc4a7
File size 520.0 KB ( 532480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-30 13:29:24 UTC ( 2 years, 8 months ago )
Last submission 2015-11-30 14:46:16 UTC ( 2 years, 8 months ago )
File names FK-11-JRT2911.pif
FK-11-JRT2911.pif.dat
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00XC0RL215.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Searched windows
Opened service managers
Runtime DLLs
HTTP requests
DNS requests
TCP connections