× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e527d71664b1e3fcf2fcfd4b4d300dbb227bd5b9ff48353397461f85ebfb629b
File name: PAYMENT.exe
Detection ratio: 28 / 67
Analysis date: 2017-10-25 12:06:56 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.76784 20171025
ALYac Gen:Variant.Symmi.76784 20171025
Arcabit Trojan.Symmi.D12BF0 20171025
Avira (no cloud) TR/Downloader.byhyf 20171025
BitDefender Gen:Variant.Symmi.76784 20171025
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171025
eGambit Unsafe.AI_Score_100% 20171025
Emsisoft Gen:Variant.Symmi.76784 (B) 20171025
Endgame malicious (moderate confidence) 20171024
ESET-NOD32 a variant of Win32/Injector.DSWZ 20171025
F-Prot W32/Fareit.CGA 20171025
F-Secure Gen:Variant.Symmi.76784 20171025
Fortinet W32/GenKryptik.BAID!tr 20171025
GData Gen:Variant.Symmi.76784 20171025
Ikarus Trojan.Crypt 20171025
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171025
MAX malware (ai score=89) 20171025
eScan Gen:Variant.Symmi.76784 20171025
Qihoo-360 HEUR/QVM11.1.BD99.Malware.Gen 20171025
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazpPVBMOUsq9/2Ra50ZaSYQJ) 20171025
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Fareit-N 20171025
TrendMicro TSPY_FAREIT.SMBD 20171025
TrendMicro-HouseCall TSPY_FAREIT.SMBD 20171025
Webroot W32.Trojan.Gen 20171025
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171025
AegisLab 20171025
AhnLab-V3 20171025
Antiy-AVL 20171025
Avast 20171025
Avast-Mobile 20171025
AVG 20171025
AVware 20171025
Baidu 20171025
Bkav 20171025
CAT-QuickHeal 20171025
ClamAV 20171025
CMC 20171025
Comodo 20171025
Cyren 20171025
DrWeb 20171025
Jiangmin 20171025
K7AntiVirus 20171025
K7GW 20171025
Kingsoft 20171025
Malwarebytes 20171025
McAfee 20171025
McAfee-GW-Edition 20171025
Microsoft 20171025
NANO-Antivirus 20171025
nProtect 20171025
Palo Alto Networks (Known Signatures) 20171025
Panda 20171025
SUPERAntiSpyware 20171025
Symantec 20171025
Symantec Mobile Insight 20171011
Tencent 20171025
TheHacker 20171024
TotalDefense 20171025
Trustlook 20171025
VBA32 20171025
VIPRE 20171025
ViRobot 20171025
WhiteArmor 20171024
Yandex 20171024
Zillya 20171024
Zoner 20171025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-04-16 16:14:30
Entry Point 0x000E1B70
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
VariantCopy
VerQueryValueA
Number of PE resources by type
RT_STRING 22
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 51
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:04:16 17:14:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
548864

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xe1b70

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
372736

Compressed bundles
File identification
MD5 7fe009182e64962ffa2ae7c63886a139
SHA1 72b41194e005c355eeec2508e49c1d8e82025d1d
SHA256 e527d71664b1e3fcf2fcfd4b4d300dbb227bd5b9ff48353397461f85ebfb629b
ssdeep
12288:Us8Bd93qJwosJNUgIGCaKF6pQxP1B/FnlcrCoTo2noK:UZTt5b+/rdB/RyrCoTbnj

authentihash 4364bfb861f1e5dbcb97c71a84261413a27cb72261ce5a0b4bdba2bd035afda6
imphash 92644df84cdbba7637462c128671f148
File size 549.5 KB ( 562688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-10-25 12:06:56 UTC ( 1 year, 5 months ago )
Last submission 2018-07-21 09:50:11 UTC ( 8 months, 1 week ago )
File names PAYMENT.exe
PAYMENT.exe
7fe009182e64962ffa2ae7c63886a139.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications