× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa22edb3f0dae48b11e42503133eaa3dbb6f5ffd69bb76d90836105cb6eb8501
File name: Paypal Money Sender V2.0.exe
Detection ratio: 24 / 66
Analysis date: 2017-10-08 16:26:27 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.Ransom.HiddenTears.1 20171008
ALYac Gen:Heur.Ransom.HiddenTears.1 20171007
Arcabit Trojan.Ransom.HiddenTears.1 20171008
BitDefender Gen:Heur.Ransom.HiddenTears.1 20171008
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170804
DrWeb Trojan.Encoder.10598 20171008
Emsisoft Gen:Heur.Ransom.HiddenTears.1 (B) 20171008
ESET-NOD32 a variant of MSIL/Filecoder.Z 20171008
F-Secure Gen:Heur.Ransom.HiddenTears.1 20171008
GData MSIL.Trojan-Ransom.Cryptear.A 20171008
Ikarus Trojan-Ransom.HiddenTear 20171008
Kaspersky HEUR:Trojan.Win32.Generic 20171008
MAX malware (ai score=87) 20171008
McAfee Ransomware-FTD!6B86F3FB1A18 20171008
McAfee-GW-Edition Ransomware-FTD!6B86F3FB1A18 20171008
Microsoft Ransom:MSIL/Ryzerlo.A 20171008
eScan Gen:Heur.Ransom.HiddenTears.1 20171008
Qihoo-360 HEUR/QVM03.0.5E80.Malware.Gen 20171008
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Troj/Cryptear-F 20171008
Symantec Ransom.HiddenTear!g1 20171007
TrendMicro Ransom_RAMSIL.SM 20171008
TrendMicro-HouseCall Ransom_RAMSIL.SM 20171008
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171008
AegisLab 20171008
AhnLab-V3 20171008
Alibaba 20170911
Antiy-AVL 20171008
Avast 20171008
Avast-Mobile 20171008
AVG 20171008
Avira (no cloud) 20171008
AVware 20171008
Baidu 20170930
Bkav 20171007
CAT-QuickHeal 20171007
ClamAV 20171008
CMC 20171008
Comodo 20171008
Cylance 20171008
Cyren 20171008
Endgame 20170821
F-Prot 20171008
Fortinet 20171008
Sophos ML 20170914
Jiangmin 20171008
K7AntiVirus 20171008
K7GW 20171008
Kingsoft 20171008
Malwarebytes 20171008
NANO-Antivirus 20171008
nProtect 20171008
Palo Alto Networks (Known Signatures) 20171008
Panda 20171008
Rising 20171008
SUPERAntiSpyware 20171008
Symantec Mobile Insight 20171006
Tencent 20171008
TheHacker 20171007
TotalDefense 20171008
Trustlook 20171008
VBA32 20171006
VIPRE 20171008
ViRobot 20171008
Webroot 20171008
WhiteArmor 20170927
Yandex 20171006
Zillya 20171006
Zoner 20171008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product Paypal Money Sender V2.0
Original name Paypal Money Sender V2.0.exe
Internal name Paypal Money Sender V2.0.exe
File version 1.0.0.0
Description Paypal Money Sender V2.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-07 05:36:07
Entry Point 0x00123216
Number of sections 3
.NET details
Module Version ID dd32e96f-58d6-4276-9f0f-22766ebdb7d7
TypeLib ID 7ab0dd04-43e0-4d89-be59-60a30b766467
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
73216

EntryPoint
0x123216

OriginalFileName
Paypal Money Sender V2.0.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
1.0.0.0

TimeStamp
2017:10:07 06:36:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Paypal Money Sender V2.0.exe

ProductVersion
1.0.0.0

FileDescription
Paypal Money Sender V2.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1184768

ProductName
Paypal Money Sender V2.0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 6b86f3fb1a18d865a181ae916e298ff5
SHA1 afd2298816d71535c5f7214f25529fbe7e2802fb
SHA256 fa22edb3f0dae48b11e42503133eaa3dbb6f5ffd69bb76d90836105cb6eb8501
ssdeep
24576:iAZOFXZMfEMye9KcK08SgW7brz3VN3Yj:iA4FJMfEPPQN3VNI

authentihash cf8ccf2c51802421db47da69951fdc64c5642e576814ef183fe4f7f4a5796420
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.2 MB ( 1258496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (63.1%)
Win64 Executable (generic) (23.8%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-10-08 16:26:27 UTC ( 1 year, 7 months ago )
Last submission 2017-11-03 19:26:53 UTC ( 1 year, 6 months ago )
File names Paypal Money Sender V2.0.exe
hidden tear based fake paypal app
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!