× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06cc081c48bc53fad1c6e1290c6c96295d2b3776a3029a94d133ace5a8339689
File name: gvwtgdoh.exe
Detection ratio: 29 / 52
Analysis date: 2014-05-13 16:28:10 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1676413 20140513
AntiVir TR/Crypt.ZPACK.80015 20140513
BitDefender Trojan.GenericKD.1676413 20140513
Commtouch W32/Trojan.NFNP-5086 20140513
DrWeb BackDoor.Kuluoz.4 20140513
Emsisoft Trojan.Win32.FakeMS (A) 20140513
ESET-NOD32 Win32/TrojanDownloader.Zortob.B 20140513
F-Prot W32/Trojan3.IHU 20140513
F-Secure Trojan.GenericKD.1676413 20140513
Fortinet W32/Androm.DTLY!tr.bdr 20140513
GData Trojan.GenericKD.1676413 20140513
Ikarus Backdoor.Androm 20140513
K7AntiVirus Trojan-Downloader ( 003a8f751 ) 20140513
K7GW Trojan-Downloader ( 003a8f751 ) 20140513
Kaspersky Backdoor.Win32.Androm.dtly 20140513
Malwarebytes Trojan.FakeMS.CHK 20140513
McAfee Artemis!5752260D7E2A 20140513
McAfee-GW-Edition Artemis!5752260D7E2A 20140513
Microsoft TrojanDownloader:Win32/Kuluoz 20140513
eScan Trojan.GenericKD.1676413 20140513
nProtect Trojan.GenericKD.1676413 20140513
Panda Trj/Genetic.gen 20140513
Qihoo-360 HEUR/Malware.QVM20.Gen 20140513
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140507
Symantec Trojan.Asprox.B 20140513
Tencent Win32.Backdoor.Androm.Svhi 20140513
TrendMicro TROJ_FAKEMS.OPS 20140513
TrendMicro-HouseCall TROJ_FAKEMS.OPS 20140513
ViRobot Trojan.Win32.Agent.177152.P 20140513
AegisLab 20140513
Yandex 20140513
AhnLab-V3 20140513
Antiy-AVL 20140513
Avast 20140513
AVG 20140513
Baidu-International 20140513
Bkav 20140512
ByteHero 20140513
CAT-QuickHeal 20140513
ClamAV 20140513
CMC 20140512
Comodo 20140513
Jiangmin 20140513
Kingsoft 20140513
NANO-Antivirus 20140513
Norman 20140513
Sophos AV 20140513
SUPERAntiSpyware 20140513
TheHacker 20140513
TotalDefense 20140512
VBA32 20140513
VIPRE 20140513
Zillya 20140512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CHKDSK.EXE
Internal name chkdsk
File version 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)
Description Check Disk Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-12 15:59:56
Entry Point 0x00026240
Number of sections 4
PE sections
PE imports
RegOpenKeyExW
GetDeviceCaps
GetTextMetricsW
SetMapMode
DeleteDC
CreateFontIndirectW
SetBkMode
GetMapMode
GetStockObject
CreateBitmap
CreateCompatibleBitmap
SelectObject
DPtoLP
GetObjectW
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LCMapStringW
HeapCreate
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
HeapDestroy
HeapAlloc
TlsAlloc
lstrcmpiW
GetCommandLineW
lstrlenW
DeleteCriticalSection
GetCurrentProcess
SwitchToThread
OpenFileMappingW
GetCurrentProcessId
lstrcatA
GetModuleHandleW
GetWindowsDirectoryA
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
CreateFileMappingW
CreateThread
MapViewOfFile
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
WaitForMultipleObjects
GetProcessHeap
LocalFree
TerminateProcess
CreateEventW
UnmapViewOfFile
OpenEventW
GetStringTypeExW
ChangeTimerQueueTimer
InterlockedDecrement
Sleep
GetTickCount
CreateFileA
DebugBreak
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
InterlockedIncrement
LoadCursorW
GetSysColor
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ARABIC SAUDI ARABIA 3
ENGLISH US 1
ENGLISH UK 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.3790.3959

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
23040

EntryPoint
0x26240

OriginalFileName
CHKDSK.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.3790.3959 (srv03_sp2_rtm.070216-1710)

TimeStamp
2014:05:12 16:59:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chkdsk

ProductVersion
5.2.3790.3959

FileDescription
Check Disk Utility

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
153088

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.2.3790.3959

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 5752260d7e2ac9e57083792a5f87e4ce
SHA1 eb40e19e5bd7c8ca3bb09149ad98e63ee6520f6e
SHA256 06cc081c48bc53fad1c6e1290c6c96295d2b3776a3029a94d133ace5a8339689
ssdeep
3072:686euZVuDgOeZfDham+QpVdDL5ZMpOMpjU:6HVEl0dpV

authentihash 76cf6acfdc70880780f40682acfbe1cf6644e1e9f60f70ca45db2f21b6d62300
imphash d2985b74daaa8df3c413ec567e877de8
File size 173.0 KB ( 177152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-12 19:55:41 UTC ( 3 years, 4 months ago )
Last submission 2017-03-17 17:55:15 UTC ( 6 months, 1 week ago )
File names 5752260d7e2ac9e57083792a5f87e4ce
file-6972588_exe
court_notice_may-12_date_2014_fes.exe
5752260d7e2ac9e57083792a5f87e4ce.exe
gvwtgdoh.exe
Court_Notice_May-12_Date_2014_FES_exe
008031885
vti-rescan
Court_Notice_May-12_Date_2014_FES.exe
c-82ca9-3658-1399934341
CHKDSK.EXE
chkdsk
fmimkfov.exe
06cc081c48bc53fad1c6e1290c6c96295d2b3776a3029a94d133ace5a8339689.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications