home

oKalendarz.exe

oKalendarz

Private Certificate

The executable oKalendarz.exe, “Osobisty kalendarzyk z terminarzem dla Windows” has been detected as malware by 14 anti-virus scanners. While running, it connects to the Internet address tv.wp.pl on port 80 using the HTTP protocol.
Publisher:
P. Rusiecki 2006  (signed by Private Certificate)

Product:
oKalendarz

Description:
Osobisty kalendarzyk z terminarzem dla Windows

Version:
4.00

MD5:
8d4f228c0a66a5b74e32febe8e45dbfe

SHA-1:
c8327184b601ade219f25736b89b3ad1bce4e54e

SHA-256:
8fa530f4407f4840340f9430b22524cf027156adf2911171180ad4b05dc1cfd1

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
8/10/2025 4:43:49 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Agent
2010.07.09

Avira AntiVirus
TR/Agent.djwc
8.2.4.10

Bitdefender
Trojan.Generic.4315432
1.0.20.160

Clam AntiVirus
PUA.Packed.ASPack
0.98/170.3

ESET NOD32
Win32/Agent (variant)
10.5263

F-Secure
Trojan.Generic.4315432
11.2016-01-02_2

G Data
Trojan.Generic.4315432
16.2.21

IKARUS anti.virus
Trojan.Win32.Agent
t3scan.1.1.84.0

Kaspersky
Trojan.Win32.Agent
14.0.0.727

nProtect
Trojan/W32.Agent.749128
10.07.08.01

Panda Antivirus
Suspicious file
16.02.01.03

Quick Heal
Trojan.Agent.djwc
2.16.11.00

Trend Micro
PAK_Generic.008
10.465.01

Vba32 AntiVirus
Trojan.VBO.010229
3.12.12.6

File size:
731.6 KB (749,128 bytes)

Product version:
4.00

Copyright:
P. Rusiecki 2006

Trademarks:
P. Rusiecki 2006

Original file name:
oKalendarz.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\okalendarz\okalendarz.exe

Digital Signature
Signed by:
Private Certificate

Authority:
Unizeto Sp. z o.o.

Valid from:
5/24/2006 9:01:02 PM

Valid to:
8/22/2006 9:01:02 PM

Subject:
CN=Przemek Rusiecki, O=Private Certificate, C=PL

Issuer:
CN=Certum Level I, O=Unizeto Sp. z o.o., C=PL

Serial number:
033635

File PE Metadata
Compilation timestamp:
7/20/2006 8:46:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:d2j+8dlnKqnYL0d2zow13gLYL640iB9/NOYMCkJ7fj4e25mO3WvY6TETCBs:denOLM43gUH0u/NOYMCkVMVJ3z6aCy

Entry address:
0x26C001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, C0, 26, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72...
 
[+]

Packer / compiler:
ASPack v2.12

Code size:
2.3 MB (2,375,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tv.wp.pl  (212.77.100.224:80)

TCP (HTTP):
Connects to bi.gazeta.pl  (80.252.0.134:80)

Remove oKalendarz.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.