× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: acf7af8a197ecbcc1a2ee24a359d7b6ead91223d3988b490e8c8c6896b001b4f
File name: new_payment_document.exex
Detection ratio: 2 / 57
Analysis date: 2015-04-22 11:13:51 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Norman Upatre.GK 20150422
Tencent Trojan.Win32.YY.Gen.30 20150422
Ad-Aware 20150422
AegisLab 20150422
Yandex 20150421
AhnLab-V3 20150421
Alibaba 20150422
ALYac 20150422
Antiy-AVL 20150422
Avast 20150422
AVG 20150422
Avira (no cloud) 20150422
AVware 20150422
Baidu-International 20150421
BitDefender 20150422
Bkav 20150422
ByteHero 20150422
CAT-QuickHeal 20150422
ClamAV 20150422
CMC 20150421
Comodo 20150422
Cyren 20150422
DrWeb 20150422
Emsisoft 20150422
ESET-NOD32 20150422
F-Prot 20150422
F-Secure 20150422
Fortinet 20150422
GData 20150422
Ikarus 20150422
Jiangmin 20150421
K7AntiVirus 20150422
K7GW 20150422
Kaspersky 20150422
Kingsoft 20150425
Malwarebytes 20150422
McAfee 20150422
McAfee-GW-Edition 20150422
Microsoft 20150422
eScan 20150422
NANO-Antivirus 20150422
nProtect 20150422
Panda 20150422
Qihoo-360 20150422
Rising 20150422
Sophos AV 20150422
SUPERAntiSpyware 20150422
Symantec 20150422
TheHacker 20150421
TotalDefense 20150422
TrendMicro 20150422
TrendMicro-HouseCall 20150422
VBA32 20150420
VIPRE 20150422
ViRobot 20150422
Zillya 20150421
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-24 21:50:05
Entry Point 0x000021D8
Number of sections 4
PE sections
PE imports
SetFileAttributesA
HeapAlloc
GetStartupInfoA
GetModuleHandleA
GetLastError
FindFirstFileA
FindClose
CopyFileA
ExitProcess
FindNextFileA
GetCommandLineA
LoadLibraryA
GetProcessHeap
SHGetFolderPathA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
EndDialog
LoadStringA
TranslateMessage
SendMessageA
DefWindowProcA
PostQuitMessage
DialogBoxParamA
ShowWindow
RegisterClassExA
IsChild
DestroyWindow
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ROMANIAN 4
ROMANIAN *unknown* 1
PE resources
ExifTool file metadata
SpecialBuild
270623468

CodeSize
7680

SubsystemVersion
4.0

InitializedDataSize
20992

ImageVersion
0.0

ProductName
Citizen Utils

FileVersionNumber
1.0.1.5

UninitializedDataSize
0

LanguageCode
Finnish

FileFlagsMask
0x0000

CharacterSet
Unknown (26E1)

LinkerVersion
7.1

FileTypeExtension
exe

OriginalFileName
Chanility.exe

MIMEType
application/octet-stream

FileVersion
1, 0, 1, 5

TimeStamp
2015:09:24 22:50:05+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 1, 3

FileDescription
CitizenSoft utils

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CitizenSoft utils

LegalTrademarks
Copyright (C)2014 CitizenSoft

FileSubtype
0

ProductVersionNumber
1.0.1.5

EntryPoint
0x21d8

ObjectFileType
Executable application

File identification
MD5 c290126e419ff58678c3e490d89d7343
SHA1 c7dfc71fb6d70b2b528eacd8d02473478f94d94a
SHA256 acf7af8a197ecbcc1a2ee24a359d7b6ead91223d3988b490e8c8c6896b001b4f
ssdeep
768:1dJiZaqOOurWzltHhP1SHAXWWSwswmNyMm:1d8EtKzTHhP1SgXWWSwCAM

authentihash cf847fbb7471b5475555e715e054dbe27ce158bf38bc072829d75804fd878869
imphash 483be6845751d260b73a62632d6fe6c5
File size 28.0 KB ( 28672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-22 11:13:51 UTC ( 2 years, 4 months ago )
Last submission 2015-04-25 17:48:15 UTC ( 2 years, 4 months ago )
File names new_secure_payment.vxe
2015.4.23(1)
1.exe
tcp_setup.exe
new_payment_document.exex
c290126e419ff58678c3e490d89d7343.exe
gRGV_.xlsb
new_secure_payment.exe
new_payment_document.bin
new_payment_document.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications