» payment_pdf.exe
Overview
Analysis
File Details

payment_pdf.exe

Cobind

The executable payment_pdf.exe has been detected as malware by 11 anti-virus scanners.

File name:

payment_pdf.exe

Publisher:

Cobind (signed and verified)

MD5:

b117704d44150c188c62193a81daf500

SHA-1:

52acaf3539a2eadc7b75b86ea9a5baea52f24438

SHA-256:

8a9f166035741d434018c12115e5d580457fb174ec50605c1690ccecb862dcb3

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

11/27/2024 7:40:30 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.MSIL.mlzt

8.3.3.4

avast!

Win32:Malware-gen

2014.9-160809

AVG

Malware

2017.0.2656

ESET NOD32

MSIL/Injector.PZX (variant)

10.13932

Fortinet FortiGate

MSIL/Kryptik.GWS!tr

8/9/2016

G Data

MSIL.Trojan.Injector.JD

16.8.25

Kaspersky

Trojan-PSW.Win32.Fareit

14.0.0.-223

Malwarebytes

Spyware.PasswordStealer

v2016.08.09.12

McAfee

Artemis!B117704D4415

5600.6312

Panda Antivirus

Generic Suspicious

16.08.09.12

Qihoo 360 Security

HEUR/QVM03.0.FE80.Malware.Gen

1.0.0.1120

File size:

153.4 KB (157,088 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\payment_pdf.exe

Digital Signature

Signed by:

Cobind

Authority:

Cobind

Valid from:

8/5/2016 8:36:03 AM

Valid to:

8/3/2026 8:36:03 AM

Subject:

E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Issuer:

E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Serial number:

00ABF3127C9761E782

File PE Metadata

Compilation timestamp:

8/7/2016 7:44:45 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:DTzC/ZIRkOGfmwNegizzyC6H9gCbffffffLr7tm73jgalGHZVWC5:DTzCBOGKp3D6ffffffLOU

Entry address:

0x2303E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

136 KB (139,264 bytes)

Remove payment_pdf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.