× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7abf401381b81d0effcf074df3fe1d38b38cf513f8ec202fbe1ce150c45c6f8d
File name: payslip.exe
Detection ratio: 8 / 55
Analysis date: 2015-06-29 13:21:45 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AVG Luhe.Fiha.A 20150629
Avira (no cloud) TR/Crypt.ZPACK.Gen 20150629
Kaspersky UDS:DangerousObject.Multi.Generic 20150629
McAfee Artemis!71A42EAAC6F4 20150629
McAfee-GW-Edition Artemis 20150629
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150629
Rising PE:Malware.Obscure/Heur!1.9E03 20150628
Tencent Win32.Trojan.Inject.Auto 20150629
Ad-Aware 20150629
AegisLab 20150629
Yandex 20150628
AhnLab-V3 20150629
Alibaba 20150629
ALYac 20150629
Antiy-AVL 20150629
Arcabit 20150629
Avast 20150629
AVware 20150629
Baidu-International 20150629
BitDefender 20150629
Bkav 20150629
ByteHero 20150629
CAT-QuickHeal 20150629
ClamAV 20150629
Comodo 20150629
Cyren 20150629
DrWeb 20150629
Emsisoft 20150629
ESET-NOD32 20150629
F-Prot 20150629
F-Secure 20150629
Fortinet 20150629
GData 20150629
Ikarus 20150629
Jiangmin 20150626
K7AntiVirus 20150629
K7GW 20150629
Kingsoft 20150629
Malwarebytes 20150629
Microsoft 20150629
eScan 20150629
NANO-Antivirus 20150629
nProtect 20150629
Panda 20150629
Sophos AV 20150629
SUPERAntiSpyware 20150629
Symantec 20150629
TheHacker 20150626
TrendMicro 20150629
TrendMicro-HouseCall 20150629
VBA32 20150629
VIPRE 20150629
ViRobot 20150629
Zillya 20150629
Zoner 20150629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2015

Product TODO: <Product name>
Original name jjttyjtyjtyj.exe
Internal name yjyjtyjtyjtj.exe
File version 1.0.0.1
Description TODO: <File description>
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-29 09:13:22
Entry Point 0x00001250
Number of sections 5
PE sections
Overlays
MD5 7e4e5c14c3a481d5b9d9af577c160aee
File type data
Offset 45056
Size 83676
Entropy 8.00
PE imports
SetPriorityClass
IsDBCSLeadByteEx
HeapFree
GetProcessAffinityMask
OpenSemaphoreA
ReleaseSemaphore
SetFilePointer
LockResource
SetConsoleWindowInfo
SetUnhandledExceptionFilter
HeapLock
HeapAlloc
GetVolumePathNameA
SetProcessPriorityBoost
QueueUserWorkItem
OpenEventA
InitializeCriticalSection
SetThreadExecutionState
GetProcessHeap
Number of PE resources by type
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_ICON 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 2
FRENCH 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
17920

ImageVersion
0.0

ProductName
TODO: <Product name>

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
French

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
jjttyjtyjtyj.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2015:06:29 10:13:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
yjyjtyjtyjtj.exe

ProductVersion
1.0.0.1

FileDescription
TODO: <File description>

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: <Company name>

CodeSize
26112

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x1250

ObjectFileType
Executable application

File identification
MD5 71a42eaac6f432c8dc04465c065e48e1
SHA1 b1680e9152896aea17f5e59bcd381c45acc08deb
SHA256 7abf401381b81d0effcf074df3fe1d38b38cf513f8ec202fbe1ce150c45c6f8d
ssdeep
3072:iJYD91unTvHBbm/+8h5Goj339Bi6VYV0g0/LbNUhQOFprxKq:GQ914vHBbm/eoTtIkYwLBUhQGr7

authentihash d136f6af567256bb11ae735b0f720ec74f5c4234b25b98b45813d3783cbe4e1c
imphash 595cc1e9ae32629bd692cf803cc7794d
File size 125.7 KB ( 128732 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-29 10:16:45 UTC ( 2 years, 4 months ago )
Last submission 2016-01-26 12:56:20 UTC ( 1 year, 10 months ago )
File names 71a42eaac6f432c8dc04465c065e48e1.exe
jjttyjtyjtyj.exe
yjyjtyjtyjtj.exe
Fax.vxe
kje0q3dg.xltx
payslip.exe
malware5.exe
7abf401381b81d0effcf074df3fe1d38b38cf513f8ec202fbe1ce150c45c6f8d.exe.000
Internal_report_2015_06_29_997414.exe
71a42eaac6f432c8dc04465c065e48e1.malware
Fax_exe
71a42eaac6f432c8dc04465c065e48e1
Fax.exe
7abf401381b81d0effcf074df3fe1d38b38cf513f8ec202fbe1ce150c45c6f8d.log
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs