× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ea24f6fe1dfc8c883da3bd380e1da53f766aa9f3df8eb0ebdd6fb0e8b94182e
File name: PaymentAdvice.exe
Detection ratio: 24 / 47
Analysis date: 2013-11-21 13:56:23 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AVG Crypt_s.ETQ 20131121
AhnLab-V3 Trojan/Win32.Zbot 20131121
AntiVir TR/Bublik.blgc 20131121
BitDefender Trojan.GenericKD.1412794 20131121
Commtouch W32/Trojan.SIFM-1968 20131121
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20131121
Emsisoft Trojan.GenericKD.1412794 (B) 20131121
F-Prot W32/Trojan3.GOM 20131121
F-Secure Trojan.GenericKD.1412794 20131121
Fortinet W32/Bublik.BLGC!tr 20131121
GData Trojan.GenericKD.1412794 20131121
Ikarus Trojan-Spy.Zbot 20131121
Kaspersky Trojan.Win32.Bublik.blgc 20131121
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Trojan.Downloader 20131121
McAfee Generic Downloader.z 20131121
McAfee-GW-Edition Artemis!2FBF89A24A43 20131120
MicroWorld-eScan Trojan.GenericKD.1412794 20131121
Sophos Troj/Agent-AEVV 20131121
Symantec Downloader 20131121
TrendMicro TSPY_FAREIT.LKU 20131121
TrendMicro-HouseCall TROJ_GEN.F0D1H00KK13 20131121
VIPRE Trojan.Win32.Generic!SB.0 20131121
ViRobot Trojan.Win32.Agent.13824.CB 20131121
Agnitum 20131120
Antiy-AVL 20131121
Avast 20131121
Baidu-International 20131121
Bkav 20131121
ByteHero 20131118
CAT-QuickHeal 20131121
ClamAV 20131121
Comodo 20131121
DrWeb 20131121
Jiangmin 20131121
K7AntiVirus 20131120
K7GW 20131120
Microsoft 20131121
NANO-Antivirus 20131121
Norman 20131120
Panda 20131121
Rising 20131121
SUPERAntiSpyware 20131121
TheHacker 20131120
TotalDefense 20131121
VBA32 20131121
nProtect 20131121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-20 21:49:42
Link date 10:49 PM 11/20/2013
Entry Point 0x00001297
Number of sections 4
PE sections
PE imports
DeleteObject
CreateFontIndirectW
GetSystemTime
lstrcpyW
FindFirstFileA
MapViewOfFile
GetFileSize
GetModuleHandleA
UnmapViewOfFile
CreateFileW
FindClose
ExitProcess
CloseHandle
GetProcAddress
GetModuleHandleW
SetWindowTextA
SendMessageW
EndDialog
DialogBoxParamW
GetDlgItem
LoadBitmapA
GetClassLongA
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:20 22:49:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5120

LinkerVersion
9.0

FileAccessDate
2015:01:28 15:35:24+01:00

EntryPoint
0x1297

InitializedDataSize
7680

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2015:01:28 15:35:24+01:00

UninitializedDataSize
0

File identification
MD5 2fbf89a24a43e848b581520d8a1fab27
SHA1 bfa3d362133626c485b7d41ef1c62bc7152b7009
SHA256 1ea24f6fe1dfc8c883da3bd380e1da53f766aa9f3df8eb0ebdd6fb0e8b94182e
ssdeep
192:IALcivTDOoE/C8sSnngB6kQdmcr9tlshwkYR0hS2S:I8HDOooYSnngG3rXlshaR0I

authentihash 1413b4c319671e7fb1323a8069db6ad591e4e231154270f25e4ed5f916a655f1
imphash fc58e3406aee35710494625df78fdc97
File size 13.5 KB ( 13824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-20 23:05:06 UTC ( 1 year, 3 months ago )
Last submission 2015-01-28 14:35:14 UTC ( 1 month ago )
File names 1ea24f6fe1dfc8c883da3bd380e1da53f766aa9f3df8eb0ebdd6fb0e8b94182e
PaymentAdvice.exe.malware
2fbf89a24a43e848b581520d8a1fab27.exe
PaymentAdvice.exe
c-959ca-765-1384987503
ScreenShot.exe
Report.exe
file-6235929_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
TCP connections
UDP communications