× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65e909bf8605f223ba3e7ba461e01d2285ec453301dca71e86196f80d3289480
File name: PAYMENT ADVICE.exe
Detection ratio: 29 / 66
Analysis date: 2017-10-26 08:55:43 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.COZO 20171026
ALYac Gen:Variant.Symmi.76784 20171026
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20171026
Arcabit Trojan.Agent.COZO 20171026
BitDefender Trojan.Agent.COZO 20171026
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171026
Cyren W32/Fareit.VBHP-6633 20171026
eGambit Unsafe.AI_Score_100% 20171026
Emsisoft Trojan.Agent.COZO (B) 20171026
Endgame malicious (moderate confidence) 20171024
ESET-NOD32 Win32/Injector.DSVZ 20171026
F-Prot W32/Fareit.CFX 20171026
F-Secure Trojan.Agent.COZO 20171026
Fortinet W32/GenKryptik.BAID!tr 20171026
GData Trojan.Agent.COZO 20171026
Ikarus Win32.SuspectCrc 20171026
Sophos ML heuristic 20170914
Jiangmin Backdoor.Androm.tmg 20171026
K7AntiVirus Trojan ( 0051a1ce1 ) 20171026
K7GW Trojan ( 0051a1ce1 ) 20171026
Kaspersky Trojan-PSW.Win32.Fareit.hhx 20171026
MAX malware (ai score=86) 20171026
McAfee Fareit-FOHM!7ACC19DBFC68 20171026
eScan Trojan.Agent.COZO 20171026
SentinelOne (Static ML) static engine - malicious 20171019
TrendMicro TSPY_FAREIT.SMBD 20171026
TrendMicro-HouseCall TSPY_FAREIT.SMBD 20171026
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.hhx 20171026
AegisLab 20171026
AhnLab-V3 20171026
Alibaba 20170911
Avast 20171026
Avast-Mobile 20171026
AVG 20171026
Avira (no cloud) 20171026
AVware 20171026
Baidu 20171026
Bkav 20171025
CAT-QuickHeal 20171026
ClamAV 20171026
CMC 20171025
Comodo 20171026
DrWeb 20171025
Kingsoft 20171026
Malwarebytes 20171026
McAfee-GW-Edition 20171026
Microsoft 20171026
NANO-Antivirus 20171026
nProtect 20171026
Palo Alto Networks (Known Signatures) 20171026
Panda 20171025
Qihoo-360 20171026
Rising 20171026
Sophos AV 20171026
SUPERAntiSpyware 20171026
Symantec 20171025
Symantec Mobile Insight 20171026
Tencent 20171026
TheHacker 20171024
TotalDefense 20171026
Trustlook 20171026
VBA32 20171025
VIPRE 20171026
ViRobot 20171026
WhiteArmor 20171024
Yandex 20171025
Zillya 20171025
Zoner 20171026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-04-07 19:54:49
Entry Point 0x001015C0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
CoInitialize
VariantCopy
VerQueryValueA
Number of PE resources by type
RT_STRING 22
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 51
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:04:07 20:54:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
585728

LinkerVersion
2.25

EntryPoint
0x1015c0

InitializedDataSize
12288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
466944

File identification
MD5 44ff19372d9c95e8355089071936d4f6
SHA1 297a139111f463a4d228f14eb17c5a28d643d0a4
SHA256 65e909bf8605f223ba3e7ba461e01d2285ec453301dca71e86196f80d3289480
ssdeep
12288:vPQJh5VBAd6/9zEJ054OuNBKj86+7X1UfDBd/jQ:Hu5VqwzMU4OI6+z1cnjQ

authentihash 021e8f6e66943e04033c46b9c2d4ef787c4cbe19bc3880fea4c7fa725849f997
imphash 1aaa197a27f37409d4b24f7bd8508e17
File size 583.0 KB ( 596992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
Win16/32 Executable Delphi generic (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-10-26 08:55:43 UTC ( 1 year, 2 months ago )
Last submission 2017-10-27 12:34:11 UTC ( 1 year, 2 months ago )
File names PAYMENT ADVICE.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs