× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 97a5412374a70610c9ed83eb4e202b0e8653384c3c8372bc63137c3a14e8fe0b
File name: Tax payment.exe
Detection ratio: 11 / 50
Analysis date: 2014-01-27 15:44:07 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140127
Commtouch W32/Trojan.WMOF-8205 20140127
DrWeb Trojan.DownLoad3.31556 20140127
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20140127
Ikarus Trojan.Injector 20140127
Kaspersky Trojan.Win32.Agentb.aofn 20140127
Malwarebytes Trojan.Downloader.Upatre 20140127
Sophos AV Troj/Wonton-J 20140127
Symantec Trojan.Zbot 20140127
TrendMicro TSPY_ZBOT.UJG 20140127
TrendMicro-HouseCall TSPY_ZBOT.UJG 20140127
Ad-Aware 20140127
Yandex 20140127
AhnLab-V3 20140127
AntiVir 20140127
Antiy-AVL 20140127
AVG 20140127
Baidu-International 20140127
BitDefender 20140127
Bkav 20140125
ByteHero 20140122
CAT-QuickHeal 20140127
ClamAV 20140127
CMC 20140122
Comodo 20140127
Emsisoft 20140127
F-Prot 20140127
F-Secure 20140127
Fortinet 20140127
GData 20140127
Jiangmin 20140127
K7AntiVirus 20140127
K7GW 20140127
Kingsoft 20130829
McAfee 20140127
McAfee-GW-Edition 20140127
Microsoft 20140127
eScan 20140127
NANO-Antivirus 20140127
Norman 20140127
nProtect 20140127
Panda 20140127
Qihoo-360 20140122
Rising 20140127
SUPERAntiSpyware 20140127
TheHacker 20140126
TotalDefense 20140127
VBA32 20140127
VIPRE 20140127
ViRobot 20140127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-25 14:53:20
Entry Point 0x00001D2B
Number of sections 3
PE sections
PE imports
GetStockObject
CreateFileA
GetStartupInfoA
GetModuleHandleA
_except_handler3
__p__fmode
_c_exit
_adjust_fdiv
_acmdln
__p__commode
__setusermatherr
__dllonexit
_onexit
_amsg_exit
exit
_XcptFilter
_cexit
__getmainargs
_initterm
_exit
_controlfp
__set_app_type
DrawTextA
CreateWindowExA
AppendMenuA
TranslateMessage
EndPaint
BeginPaint
GetMessageW
SetMenuItemInfoA
DefWindowProcW
MoveWindow
SendMessageA
GetFocus
DrawMenuBar
PostQuitMessage
ShowWindow
RegisterClassExA
DispatchMessageW
InsertMenuItemA
Number of PE resources by type
RT_ICON 1
RT_MENU 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:10:25 15:53:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4608

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1d2b

InitializedDataSize
12288

SubsystemVersion
5.0

ImageVersion
1.3

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 905fb5bfdaf2434323a1a79f558408e6
SHA1 478db6b6aa232f92fb6f17e6ecf87a7f230d37d4
SHA256 97a5412374a70610c9ed83eb4e202b0e8653384c3c8372bc63137c3a14e8fe0b
ssdeep
384:IWim5L6jraKgrKAqT9ypLdOnDvfGEBWLP:IWZwvaxW3kpLd0DvfGEA

authentihash a31665cc0334ec3f26f1fee7875a7c594b7785b31190e14f86c08e1096e18bec
imphash 5cfc874f1f3ce2bb6bf5e4be11af7797
File size 17.5 KB ( 17920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-27 08:36:13 UTC ( 5 years, 3 months ago )
Last submission 2019-01-31 13:34:33 UTC ( 3 months, 3 weeks ago )
File names Tax payment.exe
905fb5bfdaf2434323a1a79f558408e6.exe
Case_{_partorderb}.ex1
Case_{_partorderb}.ex2
905fb5bfdaf2434323a1a79f558408e6
c-e8777-1598-1391000342
Case_{_partorderb}.pe
Case_{_partorderb}.exe
vti-rescan
fbee67d0eadc50d496b14adad100cdbb62e887e7
file-6530799_
Tax payment.ex_
97a5412374a70610c9ed83eb4e202b0e8653384c3c8372bc63137c3a14e8fe0b.bin
Case.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!