× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a1354dfa543dc52472656891cd100e61f1a4e3cb1b6f9ed224286372182522c
File name: 2015-03-05-payingdays-net-malware-payload4.exe
Detection ratio: 47 / 56
Analysis date: 2015-05-31 22:26:17 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BICD 20150531
Yandex Backdoor.Simda!bbJQ1g9/yl8 20150531
AhnLab-V3 Backdoor/Win32.Simda 20150531
ALYac Trojan.Agent.BICD 20150531
Antiy-AVL Trojan[Backdoor]/Win32.Simda 20150531
Avast Win32:Malware-gen 20150531
AVG Simda.APY 20150531
Avira (no cloud) TR/Crypt.XPACK.Gen 20150531
AVware Trojan.Win32.Generic!BT 20150531
Baidu-International Backdoor.Win32.Simda.anrj 20150531
BitDefender Trojan.Agent.BICD 20150531
ByteHero Trojan.Malware.Obscu.Gen.002 20150531
CAT-QuickHeal Backdoor.Simda.r12 20150530
ClamAV Win.Trojan.Agent-853293 20150531
Comodo Backdoor.Win32.Simda.DB 20150531
Cyren W32/Simda.BW.gen!Eldorado 20150531
DrWeb Trojan.Rodricter.153 20150531
Emsisoft Trojan.Agent.BICD (B) 20150531
ESET-NOD32 Win32/Simda.B 20150531
F-Prot W32/Simda.BW.gen!Eldorado 20150531
F-Secure Trojan.Agent.BICD 20150531
Fortinet W32/Simda.ANRJ!tr.bdr 20150531
GData Trojan.Agent.BICD 20150531
Ikarus Trojan.Win32.Simda 20150531
Jiangmin Backdoor/Simda.lnk 20150529
K7AntiVirus Trojan ( 003434f81 ) 20150531
K7GW Trojan ( 003434f81 ) 20150531
Kaspersky Backdoor.Win32.Simda.anrj 20150531
Malwarebytes Trojan.Agent.FSAVXGen 20150531
McAfee Generic-FATG!676E41B36A4F 20150531
McAfee-GW-Edition Generic-FATG!676E41B36A4F 20150531
Microsoft Backdoor:Win32/Simda.AT 20150531
eScan Trojan.Agent.BICD 20150531
NANO-Antivirus Trojan.Win32.Simda.dotmqq 20150531
nProtect Trojan.Agent.BICD 20150529
Panda Trj/Genetic.gen 20150531
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150531
Sophos AV Mal/Simda-V 20150531
Symantec Backdoor.Trojan 20150531
Tencent Trojan.Win32.Qudamah.Gen.4 20150531
TheHacker Trojan/Simda.b 20150529
TotalDefense Win32/Tnega.VYXbbQ 20150531
TrendMicro TROJ_GEN.R047C0DC715 20150531
TrendMicro-HouseCall BKDR_SIMDA.SMJB 20150531
VBA32 Backdoor.Simda 20150529
VIPRE Trojan.Win32.Generic!BT 20150531
Zillya Backdoor.Simda.Win32.2399 20150531
AegisLab 20150531
Alibaba 20150531
Bkav 20150529
CMC 20150530
Kingsoft 20150531
Rising 20150531
SUPERAntiSpyware 20150530
ViRobot 20150531
Zoner 20150526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2013 Cortado AG

Publisher Cortado AG
Product TPAutoConnect
Original name TPAutoConnect.exe
Internal name TPAutoConnect
File version 8,8,774,1
Description ThinPrint AutoConnect component
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-05 19:15:07
Entry Point 0x00001000
Number of sections 18
PE sections
PE imports
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
PrintDlgA
GetOpenFileNameA
GetSaveFileNameA
GetSystemPaletteEntries
SetBkMode
CreatePen
GetBkMode
SaveDC
CreateFontIndirectA
GetTextMetricsA
EndPath
GetClipBox
CreateMetaFileW
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
PolyBezierTo
EndDoc
StartPage
DeleteObject
FillPath
BitBlt
CreateDIBSection
EnumFontFamiliesA
RealizePalette
SetTextColor
GetObjectA
IntersectClipRect
SetTextAlign
SelectClipPath
MoveToEx
CreatePalette
SelectPalette
ExtTextOutA
StrokePath
GdiFlush
SelectClipRgn
CreateCompatibleDC
GetTextAlign
SetDIBitsToDevice
StretchDIBits
EndPage
CreateRectRgn
GetClipRgn
GetTextExtentPoint32A
SetPolyFillMode
StartDocA
GetTextColor
CreateSolidBrush
DPtoLP
ExtCreatePen
SelectObject
SetBkColor
BeginPath
GetBkColor
CreateCompatibleBitmap
LPtoDP
GetSystemTime
ExitThread
SystemTimeToFileTime
VirtualAllocEx
lstrlenA
GlobalFree
QueryPerformanceCounter
CopyFileA
ExitProcess
GlobalUnlock
GetVersionExA
IsDBCSLeadByte
DeleteFileA
LoadLibraryA
WinExec
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
GetFileSize
GetModuleHandleW
CreateThread
SetErrorMode
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetCPInfo
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetACP
WaitForMultipleObjects
GlobalLock
CreateProcessA
GetModuleFileNameA
GetTimeZoneInformation
InitializeCriticalSection
GlobalAlloc
Sleep
SetEndOfFile
CreateFileA
LeaveCriticalSection
DragAcceptFiles
DragQueryFileA
SetFocus
GetMessageA
MapVirtualKeyA
EndPaint
EnableWindow
UpdateWindow
PostMessageA
EndDialog
LoadMenuA
CreateWindowExA
MoveWindow
GetCapture
KillTimer
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
DdeDisconnect
DdeCreateStringHandleA
IsWindow
DdeUninitialize
GetWindowRect
DispatchMessageA
ScreenToClient
SetMenu
SetDlgItemTextA
SetCapture
ReleaseCapture
GetDlgItemTextA
WindowFromPoint
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetWindow
GetDC
GetKeyState
GetCursorPos
ReleaseDC
DdeInitializeA
BeginPaint
CheckMenuItem
GetMenu
LoadStringA
SetClipboardData
LoadCursorA
EmptyClipboard
DestroyWindow
GetClipboardData
DdeConnect
GetDlgItem
DdeFreeStringHandle
EnableMenuItem
RegisterClassA
DeleteMenu
InvalidateRect
LoadAcceleratorsA
GetWindowLongA
GetWindowTextLengthA
SetTimer
DdeClientTransaction
LoadIconA
TrackPopupMenu
ClientToScreen
TranslateAcceleratorA
GetSubMenu
GetClientRect
GetDesktopWindow
GetFocus
FillRect
CloseClipboard
SetCursor
OpenClipboard
Number of PE resources by type
RT_CURSOR 36
RT_STRING 27
RT_GROUP_CURSOR 25
RT_ICON 10
RT_BITMAP 2
RT_DIALOG 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 78
ENGLISH US 14
NEUTRAL 12
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.8.774.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
90624

EntryPoint
0x1000

OriginalFileName
TPAutoConnect.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2013 Cortado AG

FileVersion
8,8,774,1

TimeStamp
2015:03:05 20:15:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TPAutoConnect

ProductVersion
8,8,774,1

FileDescription
ThinPrint AutoConnect component

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Cortado AG

CodeSize
830976

ProductName
TPAutoConnect

ProductVersionNumber
8.8.774.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
PCAP parents
File identification
MD5 676e41b36a4ffa1c154575675ff0aeac
SHA1 c954909b245a27fa846e41a98841195e0b4f6163
SHA256 1a1354dfa543dc52472656891cd100e61f1a4e3cb1b6f9ed224286372182522c
ssdeep
12288:hQt+Le2pQtF6o1RrR9/ESZ574zMAO6pVuZtMM3:CYJo1lR9/ES38zMAO6pVuZ

authentihash 9f4fd3dc5c69946b47f6a143cddc5e82be8b524c71a945b3961815f55fb4be7c
imphash d312ecaad52b935cff45328012316244
File size 901.5 KB ( 923136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-06 19:09:31 UTC ( 2 years, 8 months ago )
Last submission 2015-05-31 22:26:17 UTC ( 2 years, 5 months ago )
File names TPAutoConnect
2015-03-05-Magnitude-EK-malware-payload-4-of-4.exe
TPAutoConnect.exe
2015-03-05-payingdays-net-malware-payload4.exe
NxGz9v.com
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.