× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2379bdc5be5e1d81897e3c80bd4fd082dce154ba500ce9f521e053df28b0e096
File name: Court_Notice_May-13_Date_2014_A-DC.exe
Detection ratio: 6 / 52
Analysis date: 2014-05-13 16:35:05 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Commtouch W32/Trojan.JTYK-8752 20140513
F-Prot W32/Trojan3.IIG 20140513
Ikarus Backdoor.Androm 20140513
Qihoo-360 Win32/Trojan.Multi.daf 20140513
TrendMicro-HouseCall TROJ_GEN.F0D1H00ED14 20140513
VBA32 Trojan.Diple 20140513
AVG 20140513
Ad-Aware 20140513
AegisLab 20140513
Yandex 20140513
AhnLab-V3 20140513
AntiVir 20140513
Antiy-AVL 20140513
Avast 20140513
Baidu-International 20140513
BitDefender 20140513
Bkav 20140512
ByteHero 20140513
CAT-QuickHeal 20140513
CMC 20140512
ClamAV 20140513
Comodo 20140513
DrWeb 20140513
ESET-NOD32 20140513
Emsisoft 20140513
F-Secure 20140513
Fortinet 20140513
GData 20140513
Jiangmin 20140513
K7AntiVirus 20140513
K7GW 20140513
Kaspersky 20140513
Kingsoft 20140513
Malwarebytes 20140513
McAfee 20140513
McAfee-GW-Edition 20140513
eScan 20140513
Microsoft 20140513
NANO-Antivirus 20140513
Norman 20140513
Panda 20140513
Rising 20140507
SUPERAntiSpyware 20140513
Sophos 20140513
Symantec 20140513
Tencent 20140513
TheHacker 20140513
TotalDefense 20140512
TrendMicro 20140513
VIPRE 20140513
ViRobot 20140513
Zillya 20140512
nProtect 20140513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-13 13:13:45
Entry Point 0x0000469C
Number of sections 4
PE sections
PE imports
UpdateColors
DeleteDC
CreateBitmap
GetStockObject
CreateSolidBrush
IntersectClipRect
CreateCompatibleDC
RealizePalette
Rectangle
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
SetStdHandle
SetFilePointer
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
QueryDosDeviceA
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
GradientFill
ShowCursor
GetForegroundWindow
GetQueueStatus
BeginPaint
IsZoomed
CreateMenu
GetComboBoxInfo
SetForegroundWindow
RegisterClassExA
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:13 14:13:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
109056

LinkerVersion
10.0

EntryPoint
0x469c

InitializedDataSize
23040

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 530eed9bc14c386b10d38c77bef44a4d
SHA1 50ac447164b25fb045184db02d9f59c107b392e6
SHA256 2379bdc5be5e1d81897e3c80bd4fd082dce154ba500ce9f521e053df28b0e096
ssdeep
3072:CwtOgIE1gahm2Bpo7mArjPr66r7+e72k+HWWWWWWWWUb:CBgIem27o33r7+eKNWWWWWWWWUb

authentihash 1e029c4dd42cf52ebd321f61ccf45a77057867d084fa847424d7c3bf8beb64d6
imphash 4f7d1af01b7071a6b195efb69dba29f5
File size 130.0 KB ( 133120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-13 12:30:31 UTC ( 2 years, 9 months ago )
Last submission 2016-03-01 01:19:25 UTC ( 11 months, 3 weeks ago )
File names 7ebe11e17da97ea856356bbdee7b4b5a_exe
7ebe11e17da97ea856356bbdee7b4b5a.exe
Court_Notice_May-13_Date_2014_A-DC.exe
530eed9bc14c386b10d38c77bef44a4d
530eed9bc14c386b10d38c77bef44a4d
wkjflkgt.exe
008032793
2379bdc5be5e1d81897e3c80bd4fd082dce154ba500ce9f521e053df28b0e096.exe
530eed9bc14c386b10d38c77bef44a4d.exe
c-942f3-3699-1399984381
530eed9bc14c386b10d38c77bef44a4d.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs