× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5e123d4f7b03118196a1f27cfa5a56a3ca8723c3d0e5b02d3719459ab303221b
File name: 7c8701febd.exe
Detection ratio: 37 / 61
Analysis date: 2017-07-03 12:53:58 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.6869 20170703
AegisLab Troj.W32.Gen.mein 20170703
AhnLab-V3 Trojan/Win32.Agent.R202451 20170703
ALYac Gen:Variant.Razy.6869 20170703
Arcabit Trojan.Razy.D1AD5 20170703
Avast Win32:Evo-gen [Susp] 20170703
AVG Win32:Evo-gen [Susp] 20170703
Avira (no cloud) TR/Dropper.Gen 20170703
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170703
BitDefender Gen:Variant.Razy.6869 20170703
Comodo TrojWare.MSIL.Disfa.B 20170703
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/Ransom.AY.gen!Eldorado 20170703
DrWeb Trojan.DownLoader17.15248 20170703
Emsisoft Gen:Variant.Razy.6869 (B) 20170703
Endgame malicious (high confidence) 20170629
ESET-NOD32 a variant of MSIL/Kryptik.EAN 20170703
F-Prot W32/Ransom.AY.gen!Eldorado 20170703
F-Secure Gen:Variant.Razy.6869 20170703
Fortinet MSIL/Kryptik.EAN!tr 20170629
GData Gen:Variant.Razy.6869 20170703
Ikarus Trojan.MSIL.Crypt 20170703
Sophos ML heuristic 20170607
Kaspersky Trojan.MSIL.Agent.foxa 20170703
Malwarebytes Spyware.Imminent 20170703
McAfee Trojan-FMFV!303140D9DCCE 20170703
McAfee-GW-Edition BehavesLike.Win32.Dropper.fc 20170702
Microsoft Trojan:MSIL/Injector.SO!bit 20170703
eScan Gen:Variant.Razy.6869 20170703
NANO-Antivirus Trojan.Win32.Dwn.dzugvc 20170703
Panda Trj/GdSda.A 20170703
Qihoo-360 HEUR/QVM03.0.3C6C.Malware.Gen 20170703
Rising Trojan.Generic (cloud:Ts0X0mwKKwD) 20170703
SentinelOne (Static ML) static engine - malicious 20170516
Symantec ML.Attribute.HighConfidence 20170703
Webroot W32.Trojan.Malagent 20170703
ZoneAlarm by Check Point Trojan.MSIL.Agent.foxa 20170703
Alibaba 20170703
Antiy-AVL 20170703
AVware 20170703
Bkav 20170703
CAT-QuickHeal 20170703
ClamAV 20170703
CMC 20170701
Jiangmin 20170703
K7AntiVirus 20170703
K7GW 20170703
Kingsoft 20170703
nProtect 20170703
Palo Alto Networks (Known Signatures) 20170703
Sophos AV 20170703
SUPERAntiSpyware 20170703
Symantec Mobile Insight 20170630
Tencent 20170703
TheHacker 20170702
TrendMicro 20170703
TrendMicro-HouseCall 20170703
Trustlook 20170703
VBA32 20170630
VIPRE 20170703
ViRobot 20170703
WhiteArmor 20170627
Yandex 20170630
Zillya 20170701
Zoner 20170703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name Payment.exe
Internal name Payment.exe
File version 0.0.0.0
Description Payment.exe
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-03 10:01:11
Entry Point 0x00056ABE
Number of sections 3
.NET details
Module Version ID cc05f4e6-0f62-4f12-8b60-fc6ec7654ff9
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Payment.exe

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0x56abe

OriginalFileName
Payment.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2017:07:03 11:01:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Payment.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
347136

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Compressed bundles
File identification
MD5 303140d9dccea718d55b4e767e460e2f
SHA1 3fd209948fd02ff82804c99395a4f5f7de9a6a38
SHA256 5e123d4f7b03118196a1f27cfa5a56a3ca8723c3d0e5b02d3719459ab303221b
ssdeep
6144:Mo9Xu1W1uBqUOrpA2QJcE+hx5gqv7RxMymu8S3Xaa1/8vrNEI6d:MopueuMpAEEAwqsuTXJcrNX6

authentihash 1041dd475d4323524e506ddcb81a267257a0d99cc099a334ef1f15583e5d0cf7
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 344.0 KB ( 352256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-07-03 12:09:08 UTC ( 1 year, 10 months ago )
Last submission 2017-08-01 18:28:24 UTC ( 1 year, 9 months ago )
File names KFCLBT.mht
7c8701febd[1].exe
VirusShare_303140d9dccea718d55b4e767e460e2f
Payment.exe
output.111736347.txt
7c8701febd.exe
7c8701febd.exe
7c8701febd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications