× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d60813c5deef90686f1e75f1ee59355e014c0348104fd853732780c0cc1d7f8
File name: MONEYNET.EXE
Detection ratio: 45 / 67
Analysis date: 2017-10-31 03:53:19 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.252581 20171031
AhnLab-V3 Spyware/Win32.Recam.C1982589 20171030
ALYac Gen:Variant.Kazy.252581 20171031
Arcabit Trojan.Kazy.D3DAA5 20171031
Avast Win32:Malware-gen 20171031
AVG Win32:Malware-gen 20171031
Avira (no cloud) TR/Spy.Gen 20171030
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20171030
BitDefender Gen:Variant.Kazy.252581 20171031
Bkav W32.TisetoLTH.Trojan 20171030
Comodo TrojWare.Win32.Weecnaw.A 20171031
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.1b8fb7 20170628
Cylance Unsafe 20171031
Cyren W32/Fsysna.C.gen!Eldorado 20171031
DrWeb BackDoor.Wirenet.351 20171031
Emsisoft Gen:Variant.Kazy.252581 (B) 20171031
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Spy.Weecnaw.A 20171031
F-Prot W32/Fsysna.C.gen!Eldorado 20171031
F-Secure Gen:Variant.Kazy.252581 20171031
Fortinet W32/Generic.AP.ABA36!tr 20171031
GData Gen:Variant.Kazy.252581 20171031
Sophos ML heuristic 20170914
Jiangmin TrojanSpy.Recam.bqa 20171031
K7AntiVirus Spyware ( 004b89b01 ) 20171030
K7GW Hacktool ( 655367771 ) 20171031
Kaspersky Trojan-Spy.Win32.Recam.agay 20171031
Malwarebytes Backdoor.NetWiredRC 20171031
MAX malware (ai score=89) 20171031
McAfee GenericRXCN-CE!410F99AE3CD4 20171031
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.mh 20171031
Microsoft Trojan:Win32/Skeeyah.A!rfn 20171030
eScan Gen:Variant.Kazy.252581 20171031
NANO-Antivirus Trojan.Win32.Wirenet.esoevx 20171031
nProtect Trojan-Spy/W32.Recam.91136.E 20171031
Panda Trj/GdSda.A 20171030
Qihoo-360 HEUR/QVM20.1.DD7A.Malware.Gen 20171031
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Recam-A 20171031
Symantec Trojan.Netweird.B 20171030
TheHacker Trojan/Spy.Weecnaw.a 20171028
VBA32 TrojanSpy.Recam 20171030
Zillya Trojan.Recam.Win32.2139 20171030
ZoneAlarm by Check Point Trojan-Spy.Win32.Recam.agay 20171031
AegisLab 20171031
Alibaba 20170911
Avast-Mobile 20171030
AVware 20171031
CAT-QuickHeal 20171030
ClamAV 20171030
CMC 20171030
eGambit 20171031
Ikarus 20171030
Kingsoft 20171031
Palo Alto Networks (Known Signatures) 20171031
Rising 20171031
SUPERAntiSpyware 20171030
Symantec Mobile Insight 20171027
Tencent 20171031
TotalDefense 20171030
TrendMicro 20171031
TrendMicro-HouseCall 20171031
Trustlook 20171031
VIPRE 20171031
ViRobot 20171031
Webroot 20171031
WhiteArmor 20171024
Yandex 20171030
Zoner 20171031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-03 19:50:03
Entry Point 0x000022CA
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegEnumValueA
CryptGetHashParam
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
CryptHashData
RegEnumKeyExA
CryptDestroyHash
CryptCreateHash
CryptUnprotectData
DeleteDC
SelectObject
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
CreateToolhelp32Snapshot
GetSystemTime
GetLastError
EnterCriticalSection
PeekNamedPipe
ReadFile
Process32First
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
ExitProcess
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
CreatePipe
GetStartupInfoA
GetVolumeInformationA
GetCurrentProcessId
OpenProcess
CreateDirectoryA
DeleteFileA
ReleaseMutex
SetErrorMode
Process32Next
GetCommandLineA
GetProcAddress
GetSystemInfo
CreateMutexA
WideCharToMultiByte
SetFilePointer
FindFirstFileA
WriteFile
CloseHandle
GetComputerNameA
FindNextFileA
TerminateProcess
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
GetDiskFreeSpaceExA
ResumeThread
CreateProcessA
GetLogicalDriveStringsA
InitializeCriticalSection
FindClose
Sleep
GetTickCount
GetFileAttributesExA
CreateFileA
GetProcessTimes
GetCurrentThreadId
LeaveCriticalSection
NetWkstaGetInfo
NetApiBufferFree
SHFileOperationA
GetMessageA
MapVirtualKeyA
GetForegroundWindow
EnumWindows
keybd_event
PostQuitMessage
DefWindowProcA
ShowWindow
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
GetKeyNameTextA
mouse_event
IsWindowVisible
SendMessageA
ToAscii
SetCursorPos
CreateWindowExA
GetKeyboardState
GetDesktopWindow
GetWindowTextA
GetKeyState
__WSAFDIsSet
gethostname
socket
setsockopt
recv
send
WSACleanup
WSAStartup
gethostbyname
select
ioctlsocket
WSAGetLastError
shutdown
ntohs
inet_ntoa
htons
closesocket
WSAIoctl
connect
strchr
getenv
_vsnprintf
fwrite
_vscprintf
fgetpos
fclose
malloc
free
fsetpos
strcat
fgets
_filelengthi64
_beginthreadex
realloc
calloc
fflush
fopen
strcpy
fread
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:09:03 20:50:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
75776

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x22ca

InitializedDataSize
14336

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
26624

Compressed bundles
File identification
MD5 410f99ae3cd435f374f688f09f9266c6
SHA1 7d38e56a0e7dc9cd3342082b7fbe6a849d03bc92
SHA256 9d60813c5deef90686f1e75f1ee59355e014c0348104fd853732780c0cc1d7f8
ssdeep
1536:AsOrUazrEh/mPmJTDslBjQx1XcbjyS548cC1fG928OfDDGw:AsOQ2QmPwTDsM1XcbjyccC1fb8vw

authentihash dc5d63214f09d92e83a2dac86f0a6d739abeb4f2fb2f4e18926f10481693f821
imphash 8e97a1515090baa46f52cf0ff6a6d12f
File size 89.0 KB ( 91136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-31 03:53:19 UTC ( 1 year, 5 months ago )
Last submission 2017-11-01 09:40:41 UTC ( 1 year, 5 months ago )
File names MONEYNET.EXE
MONEYNET.EXE
7d38e56a0e7dc9cd3342082b7fbe6a849d03bc92.dropped
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Created mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications