× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9b1166abf531e9b8b8c2002cc76efa935667379b6555391d5868b37359b1502
File name: Payment.exexx
Detection ratio: 1 / 56
Analysis date: 2015-04-29 11:28:21 UTC ( 2 years ago ) View latest
Antivirus Result Update
Microsoft VirTool:Win32/Obfuscator.AMJ 20150429
Ad-Aware 20150429
AegisLab 20150429
Yandex 20150428
AhnLab-V3 20150429
Alibaba 20150429
ALYac 20150429
Antiy-AVL 20150429
Avast 20150429
AVG 20150429
Avira (no cloud) 20150429
AVware 20150429
Baidu-International 20150426
BitDefender 20150429
Bkav 20150425
ByteHero 20150429
CAT-QuickHeal 20150429
ClamAV 20150429
CMC 20150423
Comodo 20150429
Cyren 20150429
DrWeb 20150429
Emsisoft 20150429
ESET-NOD32 20150429
F-Prot 20150429
F-Secure 20150429
Fortinet 20150429
GData 20150429
Ikarus 20150429
Jiangmin 20150428
K7AntiVirus 20150429
K7GW 20150429
Kaspersky 20150429
Kingsoft 20150429
McAfee 20150429
McAfee-GW-Edition 20150428
eScan 20150429
NANO-Antivirus 20150429
Norman 20150428
nProtect 20150429
Panda 20150428
Qihoo-360 20150429
Rising 20150428
Sophos 20150429
SUPERAntiSpyware 20150429
Symantec 20150429
Tencent 20150429
TheHacker 20150429
TotalDefense 20150429
TrendMicro 20150429
TrendMicro-HouseCall 20150429
VBA32 20150429
VIPRE 20150429
ViRobot 20150429
Zillya 20150429
Zoner 20150429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-05-31 03:05:37
Entry Point 0x00003011
Number of sections 4
PE sections
PE imports
_acmdln_dll
_exit
exit
_XcptFilter
__GetMainArgs
_initterm
_local_unwind2
_fmode_dll
_commode_dll
_global_unwind2
TextOutA
GetStartupInfoA
GetModuleFileNameA
GetModuleHandleA
GetLastError
LoadLibraryA
PathFindExtensionA
PathCompactPathExA
PathIsDirectoryA
PathFindFileNameA
PathMatchSpecA
PathFileExistsA
LoadAcceleratorsA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
PostQuitMessage
LoadStringA
DispatchMessageA
TranslateAcceleratorA
BeginPaint
EndPaint
SendMessageA
TranslateMessage
DefWindowProcA
ShowWindow
UpdateWindow
RegisterClassExA
Number of PE resources by type
RT_BITMAP 2
RT_MENU 1
RT_MANIFEST 1
RT_GROUP_ICON 1
RT_ICON 1
Number of PE resources by language
PORTUGUESE BRAZILIAN 5
PORTUGUESE *unknown* 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:05:31 04:05:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
9216

LinkerVersion
7.1

EntryPoint
0x3011

InitializedDataSize
25600

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 bd5cbe892fef106d0131af0cd9b1707c
SHA1 706aa9fd23492cc977d6b1cc0a307f3d272f150e
SHA256 f9b1166abf531e9b8b8c2002cc76efa935667379b6555391d5868b37359b1502
ssdeep
768:Zz6UFMmw/NIg895zDZoQW2GMwQ96bOWoZu/GA1W5Opax:Zz6NmwIgEG2GMwQ96bOWoZu/GA1WEMx

authentihash 5168f61798147b2386d420eabd9a18d32081a0c8690755045bfa97fbb7201d2b
imphash a351fa44e2e53da0ab14348bf9095475
File size 33.0 KB ( 33792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (75.0%)
Win64 Executable (generic) (15.3%)
Win32 Dynamic Link Library (generic) (3.6%)
Win32 Executable (generic) (2.5%)
Win16/32 Executable Delphi generic (1.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-29 11:28:21 UTC ( 2 years ago )
Last submission 2015-04-29 11:28:21 UTC ( 2 years ago )
File names Payment.exexx
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications