× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9075693563391ceb6625607066c72c520b8c692fd5381555fadffbe783a672c0
File name: 2015-03-05-payingdays-net-malware-payload.exe
Detection ratio: 42 / 56
Analysis date: 2015-05-31 22:25:46 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.130404 20150531
Yandex Trojan.Foreign!oVVpdImWzoM 20150531
AhnLab-V3 Trojan/Win32.MDA 20150531
ALYac Gen:Variant.Zusy.130404 20150531
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20150531
Avast Win32:Malware-gen 20150531
AVG FileCryptor.AIL 20150531
Avira (no cloud) TR/Crypt.ZPACK.79682 20150531
AVware Trojan.Win32.Generic!BT 20150531
Baidu-International Trojan.Win32.Ransom.lxjd 20150531
BitDefender Gen:Variant.Zusy.130404 20150531
CAT-QuickHeal Trojan.Lethic.B4 20150530
Comodo TrojWare.Win32.Crowti.DAEB 20150531
Cyren W32/Trojan.HPZH-3123 20150531
DrWeb Trojan.Encoder.514 20150531
Emsisoft Gen:Variant.Zusy.130404 (B) 20150531
ESET-NOD32 a variant of Win32/Injector.BVTN 20150531
F-Secure Gen:Variant.Zusy.130404 20150531
Fortinet W32/Foreign.AS!tr 20150531
GData Gen:Variant.Zusy.130404 20150531
Ikarus Trojan.Win32.Injector 20150531
Jiangmin Trojan/Foreign.aslk 20150529
K7AntiVirus Trojan ( 004b77ea1 ) 20150531
K7GW Trojan ( 004b77ea1 ) 20150531
Kaspersky Trojan-Ransom.Win32.Foreign.lxjd 20150531
Malwarebytes Trojan.Agent.DED 20150531
McAfee Generic-FAVZ!B769323C003B 20150531
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20150531
Microsoft Ransom:Win32/Crowti.A 20150531
eScan Gen:Variant.Zusy.130404 20150531
NANO-Antivirus Trojan.Win32.Encoder.dotiel 20150531
Panda Trj/Chgt.O 20150531
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150531
Sophos AV Mal/Wonton-BB 20150531
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20150530
Symantec Trojan.Gen 20150531
Tencent Trojan.Win32.Qudamah.Gen.30 20150531
TrendMicro TROJ_GEN.F0C2C00CH15 20150531
TrendMicro-HouseCall TROJ_GEN.F0C2C00CH15 20150531
VBA32 OScope.Malware-Cryptor.Ngrbot 20150529
VIPRE Trojan.Win32.Generic!BT 20150531
Zillya Trojan.Foreign.Win32.49056 20150531
AegisLab 20150531
Alibaba 20150531
Bkav 20150529
ByteHero 20150531
ClamAV 20150531
CMC 20150530
F-Prot 20150531
Kingsoft 20150531
nProtect 20150529
Rising 20150531
TheHacker 20150529
TotalDefense 20150531
ViRobot 20150531
Zoner 20150526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Pleasure 2001-2013

Publisher Vote stranger - www.Pleasure.com
Product Pleasure
File version 8.0.0.5
Description Halfway pictured slept transportation bound
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-05 17:44:05
Entry Point 0x0000ADA2
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
DuplicateToken
RegEnumKeyW
SetFileSecurityW
LookupAccountNameW
CryptReleaseContext
SetServiceStatus
RegisterServiceCtrlHandlerW
RegEnumKeyExW
OpenThreadToken
CryptDestroyHash
CryptAcquireContextW
RegDeleteValueW
RegSetValueExW
FreeSid
CryptGetHashParam
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
StartServiceCtrlDispatcherW
SetThreadToken
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
GetOpenFileNameA
CommDlgExtendedError
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapAlloc
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
WaitCommEvent
SetStdHandle
GetCPInfo
lstrcmpiA
GetStringTypeA
GetDiskFreeSpaceW
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
HeapLock
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
TlsGetValue
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
SetFilePointer
GetFullPathNameW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryW
DeleteFileW
GlobalLock
GetTempFileNameW
lstrcpyW
WaitNamedPipeW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
FindFirstFileW
lstrcmpW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
VirtualFree
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
Sleep
VirtualAlloc
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SetFocus
GetMessagePos
LoadBitmapW
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetDC
SendMessageW
SendMessageA
GetClassInfoW
GetDlgItemTextW
LoadImageW
OpenClipboard
GetWindowTextA
DrawTextW
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetClassLongW
ShowWindow
CharToOemBuffA
PeekMessageW
EnableWindow
CharUpperW
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
RegisterClassW
LoadStringA
SetClipboardData
OemToCharBuffA
EnableMenuItem
GetWindowLongA
CreateWindowExA
OemToCharA
FillRect
CopyRect
WaitForInputIdle
CreateWindowExW
GetWindowLongW
CharNextW
MapWindowPoints
BeginPaint
DefWindowProcW
CharPrevW
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
PostMessageA
SetWindowLongA
CheckDlgButton
CreateDialogParamW
CreatePopupMenu
SetWindowTextW
SetTimer
GetDlgItem
ScreenToClient
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
LoadCursorW
GetSystemMenu
FindWindowExW
DispatchMessageW
SetForegroundWindow
ExitWindowsEx
CharToOemA
EmptyClipboard
EndDialog
CharNextA
SetWindowTextA
SetMenu
SetDlgItemTextA
DialogBoxParamW
MessageBoxA
AppendMenuW
wvsprintfA
DialogBoxParamA
MessageBoxIndirectW
GetSysColor
SetDlgItemTextW
RegisterClassExA
DestroyIcon
IsWindowVisible
SystemParametersInfoW
InvalidateRect
wsprintfA
CallWindowProcW
GetClientRect
GetClassNameA
SendMessageTimeoutW
wsprintfW
CloseClipboard
SetCursor
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
CLSIDFromString
Number of PE resources by type
RT_BITMAP 16
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 16
NEUTRAL 1
LITHUANIAN 1
SWAHILI DEFAULT 1
PE resources
ExifTool file metadata
LegalTrademarks
Pleasure

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Halfway pictured slept transportation bound

CharacterSet
Windows, Latin1

InitializedDataSize
150528

FileOS
Windows 16-bit

EntryPoint
0xada2

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Pleasure 2001-2013

FileVersion
8.0.0.5

TimeStamp
2015:03:05 18:44:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Blind.exe

ProductVersion
8.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Blind.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Vote stranger - www.Pleasure.com

CodeSize
111104

ProductName
Pleasure

ProductVersionNumber
3.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 b769323c003b0c41dee8ee9a8366b1b4
SHA1 2a0741a615086038d7ab666484f73ee863b9bf6e
SHA256 9075693563391ceb6625607066c72c520b8c692fd5381555fadffbe783a672c0
ssdeep
6144:M5VW3BdAlgg1FVKAO7TkNgHtEju/dQfMwMbVEq2U:M58xdAV1q4gHtEju/dmMwMbVN2U

authentihash 94193353e044a416008245044a36bdc1b57a10c5ec0109256fa285e9a91264b3
imphash 57faf0aa890697a1f84053574ffddf2e
File size 256.5 KB ( 262656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-05 18:40:09 UTC ( 2 years, 8 months ago )
Last submission 2015-05-31 22:25:46 UTC ( 2 years, 5 months ago )
File names 2015-03-05-payingdays-net-malware-payload.exe
DA3D.tmp
D231.tmp
16d77c3f.exe
2015-03-05-Magnitude-EK-malware-payload-2-of-4.exe
9075693563391ceb6625607066c72c520b8c692fd5381555fadffbe783a672c0.bin
C522.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.