× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a509c2cc4f993cc44c93e4a6e5cffc7e6211db1f38a2e09a8327a425e9f644b
File name: 2015-04-02-paying-days-com-malware-payload.exe
Detection ratio: 45 / 56
Analysis date: 2015-05-31 22:54:37 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2269076 20150531
Yandex Trojan.Deshacop! 20150531
AhnLab-V3 Trojan/Win32.Injector 20150531
ALYac Trojan.GenericKD.2269076 20150531
Antiy-AVL Trojan[Downloader]/Win32.Dofoil 20150531
Avast Win32:Agent-AYPR [Trj] 20150531
AVG FileCryptor.AWX 20150531
Avira (no cloud) TR/Crypt.ZPACK.135693 20150531
AVware Win32.Malware!Drop 20150531
Baidu-International Trojan.Win32.Deshacop.al 20150531
BitDefender Trojan.GenericKD.2269076 20150531
Bkav HW32.Packed.AF5C 20150529
CAT-QuickHeal Ransom.Crowti.AB5 20150530
ClamAV Win.Trojan.Dropper-24531 20150531
Cyren W32/Trojan.WFKH-5075 20150531
DrWeb Trojan.Inject1.54261 20150531
Emsisoft Trojan.GenericKD.2269076 (B) 20150531
ESET-NOD32 a variant of Win32/Injector.BXNG 20150531
F-Prot W32/Trojan3.OPP 20150531
F-Secure Trojan.GenericKD.2269076 20150531
Fortinet W32/Deshacop.AL!tr 20150531
GData Trojan.GenericKD.2269076 20150531
Ikarus Trojan.Win32.Boaxxe 20150531
Jiangmin Backdoor/Androm.kya 20150529
K7AntiVirus Trojan ( 004bbd771 ) 20150531
K7GW Trojan ( 004bbd771 ) 20150531
Kaspersky Trojan.Win32.Deshacop.al 20150531
Malwarebytes Trojan.Zbot 20150531
McAfee RDN/Spybot.bfr!p 20150531
McAfee-GW-Edition RDN/Spybot.bfr!p 20150531
Microsoft Ransom:Win32/Crowti.A 20150531
eScan Trojan.GenericKD.2269076 20150531
NANO-Antivirus Trojan.Win32.Inject1.dqawdw 20150531
nProtect Trojan.GenericKD.2269076 20150529
Panda Trj/Genetic.gen 20150531
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150531
Sophos AV Troj/Fondu-EN 20150531
Symantec Trojan.Gen 20150531
Tencent Trojan.Win32.YY.Gen.24 20150531
TrendMicro TROJ_FRS.PMA000D715 20150531
TrendMicro-HouseCall TROJ_FRS.PMA000D715 20150531
VBA32 BScope.Malware-Cryptor.Hlux 20150529
VIPRE Win32.Malware!Drop 20150531
ViRobot Trojan.Win32.A.Deshacop.253952.E[h] 20150531
Zillya Trojan.Deshacop.Win32.15 20150531
AegisLab 20150531
Alibaba 20150531
ByteHero 20150531
CMC 20150530
Comodo 20150531
Kingsoft 20150531
Rising 20150531
SUPERAntiSpyware 20150530
TheHacker 20150529
TotalDefense 20150531
Zoner 20150526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-01 13:36:26
Entry Point 0x000096E2
Number of sections 4
PE sections
PE imports
SwapBuffers
CreateCompatibleDC
BitBlt
ChoosePixelFormat
CreateCompatibleBitmap
gluOrtho2D
gluPerspective
CreateFileA
GetStartupInfoA
GetModuleFileNameA
GetModuleHandleA
Ord(6197)
Ord(1775)
Ord(2358)
Ord(4080)
Ord(2513)
Ord(2414)
Ord(1830)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(5101)
Ord(5012)
Ord(5237)
Ord(3749)
Ord(296)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(4710)
Ord(5105)
Ord(2405)
Ord(5301)
Ord(2383)
Ord(5061)
Ord(5289)
Ord(4964)
Ord(3402)
Ord(6215)
Ord(4586)
Ord(4897)
Ord(5277)
Ord(3869)
Ord(2652)
Ord(815)
Ord(2723)
Ord(4940)
Ord(641)
Ord(3698)
Ord(4428)
Ord(3351)
Ord(4696)
Ord(2514)
Ord(4953)
Ord(338)
Ord(3454)
Ord(4353)
Ord(4441)
Ord(986)
Ord(4465)
Ord(3294)
Ord(4108)
Ord(5104)
Ord(6379)
Ord(5284)
Ord(2379)
Ord(6175)
Ord(5265)
Ord(4425)
Ord(1669)
Ord(4627)
Ord(1168)
Ord(4239)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(2982)
Ord(617)
Ord(561)
Ord(4526)
Ord(4234)
Ord(4368)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(5251)
Ord(567)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(4886)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(1859)
Ord(6376)
Ord(4613)
Ord(4614)
Ord(4891)
Ord(401)
Ord(1727)
Ord(344)
Ord(823)
Ord(5785)
Ord(5836)
Ord(813)
Ord(5300)
Ord(640)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4245)
Ord(4610)
Ord(4899)
Ord(4427)
Ord(2452)
Ord(5261)
Ord(5817)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(1146)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(4615)
Ord(4892)
Ord(2725)
Ord(1726)
Ord(4077)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(293)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4629)
Ord(2880)
Ord(657)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(4938)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(4545)
Ord(5280)
Ord(5214)
Ord(4612)
Ord(4529)
Ord(2635)
Ord(2976)
Ord(5254)
Ord(323)
Ord(2558)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(807)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(976)
Ord(2510)
Ord(1776)
Ord(402)
Ord(2621)
Ord(4623)
Ord(324)
Ord(560)
Ord(4238)
Ord(2400)
Ord(3830)
Ord(2385)
Ord(4961)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(2512)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(4837)
Ord(3571)
Ord(289)
Ord(2399)
Ord(554)
Ord(4468)
Ord(5503)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(4246)
Ord(6374)
Ord(5032)
Ord(4274)
Ord(3403)
Ord(4622)
Ord(3172)
Ord(1746)
Ord(411)
Ord(2391)
Ord(5302)
Ord(5102)
Ord(1640)
Ord(4543)
Ord(765)
Ord(2879)
Ord(1723)
Ord(3825)
Ord(4486)
Ord(529)
Ord(4698)
Ord(4370)
Ord(613)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(4341)
Ord(4152)
Ord(5731)
Ord(4858)
Ord(4153)
Ord(4432)
Ord(5740)
Ord(5241)
Ord(2382)
Ord(1825)
Ord(4531)
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_7runtime_error@std@@6B@
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
_purecall
__p__fmode
_acmdln
??1type_info@@UAE@XZ
__dllonexit
strlen
_except_handler3
_onexit
exit
_XcptFilter
_ftol
__setusermatherr
_adjust_fdiv
__CxxFrameHandler
??1exception@@UAE@XZ
__p__commode
__getmainargs
_controlfp
_setmbcp
_exit
_initterm
__set_app_type
glVertex2f
glPopMatrix
glClearColor
wglCreateContext
glCallList
glFlush
glBegin
glColor3f
glClear
glPopAttrib
glRotatef
glLoadIdentity
glCallLists
glPushAttrib
glTranslated
glVertex3d
wglMakeCurrent
glVertex3f
glViewport
glRasterPos3f
wglGetCurrentContext
glNewList
wglDeleteContext
glPushMatrix
glMatrixMode
glEnd
glOrtho
glListBase
glColor3ub
glEndList
glFrontFace
glDeleteLists
EmptyClipboard
GetSystemMetrics
LoadCursorA
InvalidateRect
UpdateWindow
EnableWindow
SetClipboardData
GetClientRect
ReleaseDC
CloseClipboard
OpenClipboard
GetDC
SetCursor
Number of PE resources by type
RT_STRING 14
RT_MENU 4
RT_CURSOR 3
RT_DIALOG 2
RT_GROUP_CURSOR 2
RT_ICON 1
Struct(241) 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
SPANISH MODERN 14
ENGLISH US 12
NEUTRAL 2
ITALIAN SWISS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:04:01 14:36:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
212992

SubsystemVersion
4.0

EntryPoint
0x96e2

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

PCAP parents
File identification
MD5 ee48148080f32c1527389ecd85b19901
SHA1 77f550f805cdf5387460c665af689589919d121f
SHA256 1a509c2cc4f993cc44c93e4a6e5cffc7e6211db1f38a2e09a8327a425e9f644b
ssdeep
6144:R1d6e9H48luqwgspqlrmQtEPnGiM9LsKZ9DCvyx95ecG:Zu8lM0rmGEPn8am9qy5G

authentihash 3d6fd068828a5e30b970568e58c7cc04c15215dd943948a951dcb1d2338d8ecb
imphash 967d53f0587b280eb754004b0cdfc34b
File size 248.0 KB ( 253952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-02 18:06:28 UTC ( 2 years, 7 months ago )
Last submission 2015-05-31 22:54:37 UTC ( 2 years, 5 months ago )
File names 2015-04-02-paying-days-com-malware-payload.exe
f.e
?6b6c461a87f06363ee2b657ee4cf52d4
2015-04-02-Magnitude-EK-malware-payload-2-of-2.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.