× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c662a4f57af4453d4309f7ef3db1bf6b99e334f60987e29e159f995593d3aca
File name: PayboxFacture.exe
Detection ratio: 2 / 42
Analysis date: 2012-06-29 07:32:17 UTC ( 6 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20120628
Microsoft PWS:Win32/Zbot.gen!Y 20120629
AntiVir 20120629
Antiy-AVL 20120629
Avast 20120629
AVG 20120628
BitDefender 20120629
ByteHero 20120613
CAT-QuickHeal 20120629
ClamAV 20120629
Commtouch 20120629
Comodo 20120629
DrWeb 20120629
Emsisoft 20120629
eSafe 20120628
F-Prot 20120629
F-Secure 20120629
Fortinet 20120629
GData 20120629
Ikarus 20120629
Jiangmin 20120629
K7AntiVirus 20120628
Kaspersky 20120629
McAfee 20120629
McAfee-GW-Edition 20120629
NOD32 20120628
Norman 20120628
nProtect 20120629
Panda 20120628
PCTools 20120629
Rising 20120628
Sophos AV 20120629
SUPERAntiSpyware 20120629
Symantec 20120629
TheHacker 20120628
TotalDefense 20120628
TrendMicro 20120629
TrendMicro-HouseCall 20120628
VBA32 20120628
VIPRE 20120629
ViRobot 20120629
VirusBuster 20120628
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0002C668
Number of sections 8
PE sections
Overlays
MD5 a303f3c949849da182aea11eebdbd638
File type data
Offset 197632
Size 513
Entropy 7.57
PE imports
PrivilegedServiceAuditAlarmW
DrawStatusTextW
PropertySheetA
CreateToolbar
ImageList_DragMove
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_SetFlags
VerLanguageNameA
SetCurrentDirectoryW
lstrlenA
LoadLibraryW
ExitProcess
GetVolumePathNamesForVolumeNameW
SetThreadPriority
WriteProfileStringA
GetConsoleCursorInfo
GetCommandLineW
EnumerateLocalComputerNamesW
GetCommandLineA
GetUserDefaultLCID
HeapWalk
GetConsoleCommandHistoryLengthW
EnumDateFormatsA
WideCharToMultiByte
WritePrivateProfileStructA
WriteFile
CompareStringA
GlobalMemoryStatusEx
SetLocaleInfoW
DnsHostnameToComputerNameW
CreateProcessInternalA
ConvertDefaultLocale
SetFileApisToOEM
Sleep
SetVolumeLabelA
CloseConsoleHandle
GetModuleHandleExA
CloseHandle
wsprintfA
OpenInputDesktop
CharLowerW
TileWindows
GetWindowModuleFileNameA
CreateCursor
FindWindowW
ValidateRect
MessageBoxA
FindWindowExW
CloseWindowStation
SetCursorContents
EnumPropsExA
SetPropW
DrawMenuBar
Number of PE resources by type
RT_DIALOG 5
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
RUSSIAN 2
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
178688

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
17920

SubsystemVersion
4.0

EntryPoint
0x2c668

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 bd2904b6f45861262e8b4facb72a44db
SHA1 62b1a71825e71f0f5f439fcddf522664941f7ffa
SHA256 5c662a4f57af4453d4309f7ef3db1bf6b99e334f60987e29e159f995593d3aca
ssdeep
3072:iiVBJakN8A5xli9zSck6OI9oUG4Gz/lSMI08/3GtkanfRo+sRR4KIlQtZzvJZvRi:1Vz8zSztJUT2/R8/YXndkfgQDjv2b

authentihash f7a5949925938e3e616269c5fe51360d72d2cd9cbca081746f04cb65a8d8fdb3
imphash 9db328ee56e5eb39208d7792f7262588
File size 193.5 KB ( 198145 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-06-29 07:32:17 UTC ( 6 years, 6 months ago )
Last submission 2016-01-13 01:56:08 UTC ( 3 years ago )
File names file-4244553_exe
PayboxFacture.exe
aa
5c662a4f57af4453d4309f7ef3db1bf6b99e334f60987e29e159f995593d3aca.vir
AhFBFcG6.xls
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications