bank payslip.exe

SourceTree

Even Balance, Inc.

The executable bank payslip.exe has been detected as malware by 12 anti-virus scanners.
Publisher:
Atlassian  (signed by Even Balance, Inc.)

Product:
SourceTree

Version:
4.12.7

MD5:
e49f5f290a4312b650c27207e410ab9a

SHA-1:
9b1edb1be8e5c9630405366bb4cb4ec568495cda

SHA-256:
694e61832bdd75f77f4df31d9c71b81559be4da997db2a5e8dd0443856008057

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/27/2024 2:20:17 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.MSIL.swtve
8.3.3.4

AVG
MSIL10
2017.0.2531

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.161213

Dr.Web
Trojan.PWS.Stealer.13025
9.0.1.0348

ESET NOD32
MSIL/Injector.QVG (variant)
10.14594

Fortinet FortiGate
MSIL/Injector.QTQ!tr
12/13/2016

F-Prot
W32/MSIL_Injector.DX.gen
v6.4.7.1.166

Kaspersky
Trojan-Spy.MSIL.Agent
14.0.0.-851

McAfee
Artemis!E49F5F290A43
5600.6187

Panda Antivirus
Generic Malware
16.12.13.04

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Trend Micro House Call
TROJ_GEN.R0E9H0CLB16
7.2.348

File size:
1.3 MB (1,313,128 bytes)

Product version:
4.12.7

Copyright:
Copyright © 2016. Atlassian. All rights reserved.

Trademarks:
SourceTree

Original file name:
113346R2R_Zillion Ace.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bank payslip.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/17/2013 5:30:00 AM

Valid to:
2/17/2014 5:29:59 AM

Subject:
CN="Even Balance, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Even Balance, Inc.", L=Magnolia, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C9525FC3BBEFAEE68FA17CE8CBADCA5

File PE Metadata
Compilation timestamp:
12/11/2016 11:56:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x13B93E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9334

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.2 MB (1,286,144 bytes)

Remove bank payslip.exe - Powered by Reason Core Security