× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0eb5dd62e32bc6480bae638967320957419ba70330f0b9ad5759c2d3f25753dd
File name: Payment reeceipt.exe
Detection ratio: 10 / 46
Analysis date: 2013-04-30 11:01:38 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
ByteHero Virus.Win32.Heur.i 20130424
Commtouch W32/Trojan.EOWG-0398 20130430
ESET-NOD32 a variant of Win32/Kryptik.AZXF 20130430
F-Prot W32/Trojan3.CEH 20130430
F-Secure Trojan-Spy:W32/Zbot.BBHU 20130430
Ikarus Trojan-PWS.Multi 20130430
Kaspersky Trojan-Spy.Win32.Zbot.kyvt 20130430
Panda Suspicious file 20130429
TrendMicro-HouseCall TROJ_GEN.F47V0430 20130430
VBA32 BScope.Trojan.Zbot.27417 20130430
AVG 20130430
Agnitum 20130429
AhnLab-V3 20130430
AntiVir 20130430
Antiy-AVL 20130430
Avast 20130430
BitDefender 20130430
CAT-QuickHeal 20130430
ClamAV 20130430
Comodo 20130430
DrWeb 20130430
Emsisoft 20130430
Fortinet 20130430
GData 20130430
Jiangmin 20130430
K7AntiVirus 20130429
K7GW 20130429
Kingsoft 20130422
Malwarebytes 20130430
McAfee 20130430
McAfee-GW-Edition 20130430
MicroWorld-eScan 20130430
Microsoft 20130430
NANO-Antivirus 20130430
Norman 20130430
PCTools 20130430
SUPERAntiSpyware 20130430
Sophos 20130430
Symantec 20130430
TheHacker 20130430
TotalDefense 20130430
TrendMicro 20130430
VIPRE 20130430
ViRobot 20130430
eSafe 20130423
nProtect 20130430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© 2003 Aqoxylo Xugeh. Aty Rofap Ruju.

Publisher Avanquest Software USA, Inc.
Product Iwom
Original name 2uo7gbqjtp4h.exe
Description Upu Ocejedi Ket
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-02 22:39:12
Link date 11:39 PM 4/2/2011
Entry Point 0x0001952F
Number of sections 4
PE sections
PE imports
LocalCompact
ReplaceFileA
CreateJobObjectA
lstrlenA
lstrcmpiA
PurgeComm
HeapDestroy
ExitProcess
SetFileApisToANSI
FlushFileBuffers
PostQueuedCompletionStatus
VerifyVersionInfoW
TlsAlloc
EnumTimeFormatsW
SizeofResource
SetFileTime
EnumTimeFormatsA
SetDefaultCommConfigA
WaitForMultipleObjects
FlushInstructionCache
GetThreadPriorityBoost
IsBadStringPtrA
WritePrivateProfileStructA
GetCommConfig
GlobalFlags
MulDiv
GetSystemTimeAsFileTime
EnumResourceLanguagesA
FindFirstFileExW
GetModuleHandleW
GetPrivateProfileSectionW
FreeUserPhysicalPages
ReadDirectoryChangesW
SetCurrentDirectoryW
GlobalHandle
DebugActiveProcess
FindNextChangeNotification
SetVolumeLabelA
LocalUnlock
SleepEx
AllowSetForegroundWindow
DdeAccessData
SetWindowPos
DdeCreateStringHandleA
CharUpperBuffA
SetMenuItemBitmaps
GetCursorPos
CharLowerBuffW
DdeInitializeA
SendMessageW
UnregisterClassA
SendMessageA
GetClassInfoW
PackDDElParam
GetNextDlgTabItem
IsClipboardFormatAvailable
CopyAcceleratorTableA
UserHandleGrantAccess
LoadAcceleratorsW
InvalidateRgn
DdeDisconnectList
SetPropA
EqualRect
CallMsgFilterA
ShowWindow
CallMsgFilterW
GetNextDlgGroupItem
SetWindowWord
PeekMessageW
TranslateMDISysAccel
DdeKeepStringHandle
GetWindow
DestroyCaret
SetParent
IsCharLowerW
InvertRect
TabbedTextOutA
EnumPropsA
UnhookWinEvent
ShowOwnedPopups
ReuseDDElParam
CharNextA
WaitForInputIdle
DdeCreateDataHandle
ToUnicode
IsDialogMessageA
SetFocus
RegisterWindowMessageW
SwitchDesktop
DefWindowProcW
GetScrollPos
TrackMouseEvent
ClipCursor
SendNotifyMessageW
SetMenuContextHelpId
EnumChildWindows
SetWindowLongA
WINNLSEnableIME
SetWindowTextA
SetClassLongW
DrawIconEx
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
InsertMenuA
GetKeyboardState
DialogBoxIndirectParamW
IsDlgButtonChecked
GetDesktopWindow
CreateIconFromResource
GetSystemMenu
FindWindowExW
SetForegroundWindow
GetMenuItemInfoW
GetCaretBlinkTime
GetScrollBarInfo
MapDialogRect
SetLayeredWindowAttributes
GetScrollInfo
LoadMenuA
HideCaret
GetShellWindow
LoadMenuW
MessageBoxW
DdeUninitialize
GetKBCodePage
RegisterClipboardFormatA
DialogBoxParamW
SetSysColors
FrameRect
RealGetWindowClassA
CallWindowProcA
GetKeyboardType
Number of PE resources by type
RT_BITMAP 192
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ARABIC QATAR 198
ExifTool file metadata
hUCRP2hiEL
skpwUB7wCOvEE3hmD37

UninitializedDataSize
0

IPaNQkHib5p3p
1cVDaanTrCk7vDSOfFg

InitializedDataSize
262656

hl2uyTK4LDo22P3PFo
rVH3BJuivwB6FILnw

ImageVersion
0.0

c3bJsuEEyBQTb
FA3w3APAKwW1BnA

ProductName
Iwom

tTlobExXCMg
u8ajpOfJnPhwYYi

Tag2eMPSvrImTT7
GYxQupLwwox56

te8q4uHKofWRkTkjin5
oaBhnqgfXG7GVQCR

u48SgqchAjJn3Xubsc
JxWOsyvfB56q

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

U3US1tgVpb7bmM
6j6E4dXWBuykSj

CharacterSet
Unicode

Tag22IqQEd8NAp6e3
nE3UkPWPUSuJf65VpqIA

LinkerVersion
4.0

XmVkKLHXWi3bOa
nJe7EdtSQEupHsXrt

OriginalFilename
2uo7gbqjtp4h.exe

f2RACODfWC
Ngu5o4vnWtJuElwX8P

hP52hQ1JDJHS
sOAIQ6K5eWBHtB85wuP

MIMEType
application/octet-stream

Subsystem
Windows GUI

T3NPRyMjOddEOWTWkPO1
pPwgXIOI6fkImgheydn

i5NIJuYRiQuHRRNm
6WcgFQRdGgFpBD2hQINe

hKiW3DrbyTHY2r4
qNHt4KpnTynHjRWkwIr

TimeStamp
2011:04:02 23:39:12+01:00

FileType
Win32 EXE

PEType
PE32

w2iuCSMbFlU3E84I8E
UrnspwrSsvtJpNSc6

SubsystemVersion
4.0

FileAccessDate
2013:05:16 02:52:55+01:00

FileDescription
Upu Ocejedi Ket

OSVersion
4.0

FileCreateDate
2013:05:16 02:52:55+01:00

FileOS
Windows NT 32-bit

LegalCopyright
2003 Aqoxylo Xugeh. Aty Rofap Ruju.

MachineType
Intel 386 or later, and compatibles

ph6o4UKfqnHSbfGhLN4
5EhCYYlnDPUVm28

FileVersionNumber
2.4.0.0

CompanyName
Avanquest Software USA, Inc.

CodeSize
139818

FileSubtype
0

ProductVersionNumber
2.4.0.0

EntryPoint
0x1952f

ObjectFileType
Executable application

IB8hK2dydTAyVEGvWLao
7JxckrGLR1O

PaqFpy5HQEHqWflY
AkAhlTQEvwp

File identification
MD5 0a3723483e06dcf7e51073972b9d1ef3
SHA1 293735a9fdc7e786b12c2ef92f544ffc53a0a0e7
SHA256 0eb5dd62e32bc6480bae638967320957419ba70330f0b9ad5759c2d3f25753dd
ssdeep
6144:cPJHf4aVXeF7cy3IO8cc2F6l1QYX3z1k0ZqHPg5fmIeLPH4kmvuMgMgu0fCJ/EnE:cP9Qa9emOIcc2F6l1Q10ZqHPqfherHEX

File size 363.0 KB ( 371712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-30 07:12:02 UTC ( 11 months, 3 weeks ago )
Last submission 2013-05-16 01:52:33 UTC ( 11 months, 1 week ago )
File names 0a3723483e06dcf7e51073972b9d1ef3.virus
Payment reeceipt.ex_
0a3723483e06dcf7e51073972b9d1ef3.exe
Paymentreeceipt.exe
0a3723483e06dcf7e51073972b9d1ef3
c29659516f65568ebc47339b8fe75e37f4ec11c3
2uo7gbqjtp4h.exe
Payment reeceipt.ex
Payment reeceipt.exe
Payment reeceipt.exe.txt
file-5437427_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
TCP connections
UDP communications