× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0481b48ebb3b4feef564f36b83260242023f66f6d0e88f19cbe6c2d4e150e9a8
File name: Court_Notice_May-15_Date_2014_SE-ANDC_.exe
Detection ratio: 1 / 52
Analysis date: 2014-05-16 18:53:37 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Commtouch W32/Trojan.YZNQ-8852 20140516
AVG 20140516
Ad-Aware 20140516
AegisLab 20140516
Yandex 20140516
AhnLab-V3 20140516
AntiVir 20140516
Antiy-AVL 20140516
Avast 20140516
Baidu-International 20140516
BitDefender 20140516
Bkav 20140516
ByteHero 20140516
CAT-QuickHeal 20140516
CMC 20140516
ClamAV 20140516
Comodo 20140516
DrWeb 20140516
ESET-NOD32 20140516
Emsisoft 20140516
F-Prot 20140516
F-Secure 20140516
Fortinet 20140516
GData 20140516
Ikarus 20140516
Jiangmin 20140516
K7AntiVirus 20140516
K7GW 20140516
Kaspersky 20140516
Kingsoft 20140516
Malwarebytes 20140516
McAfee 20140516
McAfee-GW-Edition 20140516
eScan 20140516
Microsoft 20140516
NANO-Antivirus 20140516
Norman 20140516
Panda 20140516
Qihoo-360 20140516
Rising 20140507
SUPERAntiSpyware 20140516
Sophos 20140516
Symantec 20140516
Tencent 20140515
TheHacker 20140515
TotalDefense 20140516
TrendMicro 20140516
TrendMicro-HouseCall 20140516
VBA32 20140516
VIPRE 20140516
ViRobot 20140516
Zillya 20140516
nProtect 20140516
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-16 09:28:13
Entry Point 0x000047BE
Number of sections 4
PE sections
PE imports
GetTextCharsetInfo
GetNearestPaletteIndex
GetWindowExtEx
Polygon
GetSystemPaletteEntries
SetMapMode
GetRgnBox
SaveDC
ExtSelectClipRgn
GetPaletteEntries
CreatePolygonRgn
CreateRectRgnIndirect
SetROP2
CombineRgn
GetClipBox
UpdateColors
GetObjectType
Rectangle
GetLayout
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
GetMapMode
EnumFontFamiliesW
SetLayout
GetCharWidthW
CreateSolidBrush
IntersectClipRect
RealizePalette
OffsetWindowOrgEx
CreatePatternBrush
CreateEllipticRgn
CreateBitmap
MoveToEx
CreatePalette
CreateDIBitmap
SetViewportOrgEx
SelectPalette
OffsetViewportOrgEx
SetTextAlign
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchBlt
StretchDIBits
ScaleWindowExtEx
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
SetPolyFillMode
SetDIBColorTable
SetWindowExtEx
SetWindowOrgEx
Polyline
GetViewportExtEx
GetBkColor
SetRectRgn
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
CompareStringW
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
FindFirstFileA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEnvironmentVariableA
QueryDosDeviceA
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
VirtualQuery
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
GradientFill
GetForegroundWindow
SetWindowRgn
NotifyWinEvent
IntersectRect
SetLayeredWindowAttributes
SetMenuItemBitmaps
BeginPaint
SetClassLongW
GetScrollPos
EnableScrollBar
DestroyMenu
MapVirtualKeyW
GetComboBoxInfo
PostQuitMessage
DefWindowProcA
ShowWindow
GetQueueStatus
GetNextDlgGroupItem
GetClassInfoExW
EnumDisplayMonitors
BeginDeferWindowPos
IsIconic
GetMenuCheckMarkDimensions
PeekMessageW
InvertRect
SetMenu
CharUpperW
GetScrollRange
GetWindowDC
CopyImage
ShowOwnedPopups
SendDlgItemMessageW
GetMessageTime
ReuseDDElParam
GetMenuDefaultItem
RegisterClipboardFormatW
RegisterClassExA
EndDeferWindowPos
MapDialogRect
GetMenuStringW
CheckMenuItem
SendDlgItemMessageA
GetClassLongW
HideCaret
RegisterClassW
ShowScrollBar
WinHelpW
UnregisterClassW
GetClassInfoW
UnpackDDElParam
IsZoomed
BringWindowToTop
SetScrollRange
SetScrollPos
RegisterClassA
GetKeyNameTextW
CreateWindowExA
LoadCursorA
GetClassNameW
TrackPopupMenu
PostThreadMessageW
InsertMenuItemW
ShowCursor
SetWindowContextHelpId
DestroyAcceleratorTable
ValidateRect
IsDialogMessageW
CopyAcceleratorTableW
RealChildWindowFromPoint
LoadAcceleratorsW
ScrollWindow
SetForegroundWindow
InvalidateRgn
CharNextW
GetLastActivePopup
IsChild
TranslateAcceleratorW
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:16 09:28:13+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
115712

LinkerVersion
10.0

EntryPoint
0x47be

InitializedDataSize
26624

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 5e9b56bc10e7c1a5fcb26615de7f5923
SHA1 be79276684a62b3f919c87c03f0f042d8f5ad299
SHA256 0481b48ebb3b4feef564f36b83260242023f66f6d0e88f19cbe6c2d4e150e9a8
ssdeep
3072:mwt6RAwElQQDj5CFYTU2L/zJXrEBD8SNDawXYSfZZZaeYP:mY6zEiMCG/zJABD8SNDaZgHSP

authentihash bbc510dffee0b0e94d1958341f5704883777f78b860b28e1d3804adf3f32955b
imphash 05c4fe1d4c9576fd2413c82867b44a67
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-16 15:05:53 UTC ( 2 years, 9 months ago )
Last submission 2016-06-30 17:04:41 UTC ( 7 months, 3 weeks ago )
File names isheriff_5e9b56bc10e7c1a5fcb26615de7f5923.bin
c-bb6c2-3823-1400254142
Court_Notice_May-15_Date_2014_SE-ANDC_.exe
court_notice_may-15_date_2014_se-andc_.exe
WL-0f95265e1af84e1a8bf5adaefe831405-0
5e9b56bc10e7c1a5fcb26615de7f5923
008031811
0481b48ebb3b4feef564f36b83260242023f66f6d0e88f19cbe6c2d4e150e9a8
Court_Notice_May-15_Date_2014_SE-ANDC__exe
5e9b56bc10e7c1a5fcb26615de7f5923.exe
gcsxfnei.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs