× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75279db2495a51d6262641aab4a1b15cad66cf958ec3eb50a6855d1aeb2a6a90
File name: payment confirmation-pdf.exe
Detection ratio: 27 / 69
Analysis date: 2019-01-14 00:15:18 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Trojan.Multi.Generic.4!c 20190113
Avast Win32:Trojan-gen 20190113
AVG Win32:Trojan-gen 20190113
Avira (no cloud) TR/AD.Remcos.rssfx 20190113
CMC Virus.Win32.Sality!O 20190113
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190114
Cyren W32/Trojan.HYUQ-3004 20190113
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECUZ 20190113
Fortinet W32/Injector.ECUZ!tr 20190113
GData Win32.Backdoor.Remcos.0FZ6RY 20190113
Ikarus Trojan-Ransom.Win32.Foreign 20190113
Sophos ML heuristic 20181128
Kaspersky Backdoor.Win32.Remcos.bby 20190113
McAfee Artemis!646A312A7992 20190113
McAfee-GW-Edition BehavesLike.Win32.Dropper.hc 20190113
Microsoft Trojan:Win32/Sonbokli.A!cl 20190113
Palo Alto Networks (Known Signatures) generic.ml 20190114
Qihoo-360 Win32/Trojan.PSW.ae6 20190114
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20190113
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20190113
Symantec ML.Attribute.HighConfidence 20190113
Tencent Win32.Backdoor.Remcos.Wnmo 20190114
Trapmine malicious.moderate.ml.score 20190103
ZoneAlarm by Check Point Backdoor.Win32.Remcos.bby 20190114
Acronis 20190111
Ad-Aware 20190114
AhnLab-V3 20190113
Alibaba 20180921
ALYac 20190113
Antiy-AVL 20190113
Arcabit 20190113
Avast-Mobile 20190113
Babable 20180918
Baidu 20190111
BitDefender 20190113
Bkav 20190108
CAT-QuickHeal 20190113
ClamAV 20190113
Comodo 20190113
Cybereason 20190109
DrWeb 20190113
eGambit 20190114
Emsisoft 20190113
F-Prot 20190113
F-Secure 20190111
Jiangmin 20190113
K7AntiVirus 20190113
K7GW 20190113
Kingsoft 20190114
Malwarebytes 20190113
MAX 20190114
eScan 20190113
NANO-Antivirus 20190113
Panda 20190113
SUPERAntiSpyware 20190109
TACHYON 20190113
TheHacker 20190113
TrendMicro 20190113
TrendMicro-HouseCall 20190113
Trustlook 20190114
VBA32 20190111
ViRobot 20190113
Webroot 20190114
Yandex 20190111
Zillya 20190111
Zoner 20190114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2002 by Dirk Knop

Product StatsReader
Original name StatsReader.EXE
Internal name StatsReader
File version 2, 1, 0, 0
Description StatsReader
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0012338D
Number of sections 3
PE sections
PE imports
GetProcAddress
GetModuleHandleA
RegCloseKey
ImageList_Add
ChooseColorA
SaveDC
OleDraw
SysFreeString
ShellExecuteA
SHGetFolderPathA
CharNextA
VerQueryValueA
OpenPrinterA
Number of PE resources by type
RT_ICON 24
RT_STRING 19
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 6
RT_GROUP_ICON 2
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 74
RUSSIAN 2
GERMAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
612864

ImageVersion
0.0

ProductName
StatsReader

FileVersionNumber
2.1.0.0

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, No debug, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
StatsReader.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 1, 0, 0

TimeStamp
1992:06:19 22:22:17+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
StatsReader

ProductVersion
2, 1, 0, 0

FileDescription
StatsReader

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2002 by Dirk Knop

MachineType
Intel 386 or later, and compatibles

CodeSize
554496

FileSubtype
0

ProductVersionNumber
2.1.0.0

Warning
Possibly corrupt Version resource

EntryPoint
0x12338d

ObjectFileType
Executable application

Execution parents
File identification
MD5 646a312a79925ee2c9f5153913416aee
SHA1 3c71f7acd5bcba7591bac4e5c817fff99fbf8efd
SHA256 75279db2495a51d6262641aab4a1b15cad66cf958ec3eb50a6855d1aeb2a6a90
ssdeep
6144:b/WZmNJ/S5WcabmkVynpxBAneHVFLWFE/eGFQ2QSj/5rNh3r+OfmMu5n4l/xW6lF:b/Smbcpayt3PWu/e8zQodvu549xZ

authentihash 74e1c4c9410ea57570243fa67f247d05f9ba2c50e21ac96f02f06f4cc8bdf202
imphash f965c7ffaf4da98ded7d499d10882a6c
File size 581.0 KB ( 594944 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-13 09:14:31 UTC ( 4 months, 1 week ago )
Last submission 2019-01-26 18:22:07 UTC ( 3 months, 3 weeks ago )
File names 646a312a79925ee2c9f5153913416aee-pe
stikynot.exe
simple.exe
StatsReader.EXE
payment confirmation-pdf.exe
StatsReader
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs