× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 461c6f76b9f9a4804558559b0207aef96e0cd6faaaa1aeb51ec6031524809e3d
File name: 2015-03-10-payingday-net-malware-payload.exe
Detection ratio: 39 / 56
Analysis date: 2015-05-31 22:47:55 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.572353 20150531
Yandex TrojanSpy.Zbot!RLrZGcKMBb0 20150531
AhnLab-V3 Trojan/Win32.MDA 20150531
ALYac Gen:Variant.Kazy.572353 20150531
Antiy-AVL Trojan/Win32.SGeneric 20150531
Avast Win32:Injector-CNW [Trj] 20150531
AVG Inject2.BSIB 20150531
Avira (no cloud) TR/Crypt.Xpack.161988 20150531
AVware Win32.Malware!Drop 20150531
Baidu-International Trojan.Win32.Zbot.vebb 20150531
BitDefender Gen:Variant.Kazy.572353 20150531
Bkav W32.CishostA.Trojan 20150529
Cyren W32/Trojan.SCZZ-3205 20150531
DrWeb BackDoor.IRC.NgrBot.42 20150531
Emsisoft Gen:Variant.Kazy.572353 (B) 20150531
ESET-NOD32 a variant of Win32/Kryptik.DBGK 20150531
F-Secure Gen:Variant.Kazy.572353 20150531
Fortinet W32/Kryptik.DBGK!tr 20150531
GData Gen:Variant.Kazy.572353 20150531
Ikarus Trojan.Win32.Crypt 20150531
Jiangmin TrojanSpy.Zbot.htpd 20150529
K7AntiVirus Trojan ( 004b7cb71 ) 20150531
K7GW Trojan ( 004b7cb71 ) 20150531
Kaspersky Trojan-Spy.Win32.Zbot.vebb 20150531
Malwarebytes Trojan.Agent.DED 20150531
McAfee Generic-FAVZ!C9D1EE3EAD4D 20150531
McAfee-GW-Edition BehavesLike.Win32.Packed.dc 20150531
Microsoft Ransom:Win32/Crowti.A 20150531
eScan Gen:Variant.Kazy.572353 20150531
NANO-Antivirus Trojan.Win32.Ngrbot.dpacrq 20150531
Panda Trj/Chgt.O 20150531
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150531
Sophos AV Mal/Wonton-BB 20150531
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20150530
Symantec Trojan.Gen.2 20150531
Tencent Trojan.Win32.YY.Gen.30 20150531
TrendMicro TROJ_CRYPWALL.CT 20150531
TrendMicro-HouseCall TROJ_CRYPWALL.CT 20150531
VIPRE Win32.Malware!Drop 20150531
AegisLab 20150531
Alibaba 20150531
ByteHero 20150531
CAT-QuickHeal 20150530
ClamAV 20150531
CMC 20150530
Comodo 20150531
F-Prot 20150531
Kingsoft 20150531
nProtect 20150529
Rising 20150531
TheHacker 20150529
TotalDefense 20150531
VBA32 20150529
ViRobot 20150531
Zillya 20150531
Zoner 20150526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Porch 2004-2013

Publisher Origin Jones - www.Porch.com
Product Porch
File version 5.0.0.3
Description Nodded construction fastened
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-10 14:41:55
Entry Point 0x00012902
Number of sections 3
PE sections
PE imports
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
GetObjectA
SetBkMode
SelectObject
TextOutA
CreateFontIndirectA
GetTextExtentPointA
DeleteObject
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReleaseMutex
SetHandleCount
RequestDeviceWakeup
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetVolumeNameForVolumeMountPointW
TlsFree
SetStdHandle
GetModuleHandleA
RaiseException
GetTapeParameters
WideCharToMultiByte
CopyFileExW
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
TransmitCommChar
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
IsBadStringPtrW
HeapAlloc
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
FindAtomA
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
SetFocus
MapWindowPoints
GetParent
EnableWindow
SystemParametersInfoA
EndDialog
PostQuitMessage
SetWindowTextW
DefWindowProcW
KillTimer
CharPrevW
ShowWindow
MessageBeep
wsprintfA
SetWindowPos
SendDlgItemMessageA
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
CharUpperW
GetDlgItemTextA
MessageBoxA
PeekMessageA
IsCharAlphaA
TranslateMessage
DialogBoxParamA
GetWindow
MessageBoxIndirectW
GetSysColor
SetDlgItemTextW
DispatchMessageW
SetWindowLongA
CreateDialogParamW
ReleaseDC
CharNextExA
BeginPaint
SetWindowTextA
SendMessageW
LoadStringA
GetWindowLongW
FindWindowExW
SendMessageA
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
DrawTextW
GetClassInfoW
ScreenToClient
CharNextW
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadImageW
FillRect
CharNextA
GetDesktopWindow
LoadCursorW
GetClassNameA
SendMessageTimeoutW
GetDC
wsprintfW
GetWindowTextA
GetDlgItemTextW
SetCursor
ExitWindowsEx
DestroyWindow
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_BITMAP 16
RT_DLGINCLUDE 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 16
NEUTRAL 1
LITHUANIAN 1
SWAHILI DEFAULT 1
PE resources
ExifTool file metadata
CodeSize
149504

FileDescription
Nodded construction fastened

InitializedDataSize
102400

ImageVersion
0.0

ProductName
Porch

FileVersionNumber
1.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

OriginalFilename
Dug.exe

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.0.3

TimeStamp
2015:03:10 15:41:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dug.exe

SubsystemVersion
5.0

ProductVersion
3.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows 16-bit

LegalCopyright
Copyright (C) Porch 2004-2013

MachineType
Intel 386 or later, and compatibles

CompanyName
Origin Jones - www.Porch.com

LegalTrademarks
Porch

FileSubtype
0

ProductVersionNumber
5.3.0.0

EntryPoint
0x12902

ObjectFileType
Executable application

PCAP parents
File identification
MD5 c9d1ee3ead4d883a3810fdbc78251486
SHA1 4b3ac09f6000c09ce7a76057778eb77c27bd8329
SHA256 461c6f76b9f9a4804558559b0207aef96e0cd6faaaa1aeb51ec6031524809e3d
ssdeep
6144:ulVuAOgjnFv7tIjXbPV8PgHtEjZAXIgwWN+aO6:lGnFv7tIDbPV8PgHtEjZaIgwin

authentihash fb084253bdd5330b7b0964764160c2dee1778afbbf69074bc3f08433d8fd2db0
imphash 04d56e6206d0be33d6fb44c94875d428
File size 247.0 KB ( 252928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-10 21:25:19 UTC ( 2 years, 8 months ago )
Last submission 2015-05-31 22:47:55 UTC ( 2 years, 5 months ago )
File names 2015-03-10-payingday-net-malware-payload.exe
index.html@1269b5871732a18c95a849cf3c2c9078
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.