× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ddddedd59856ab4d13d09c016d2d78b950b84cf083d0aaf1d246a4dba5204bd
File name: Court_Notice_May-8_Date_2014FHK.exe
Detection ratio: 15 / 52
Analysis date: 2014-05-08 18:15:54 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.378311 20140508
BitDefender Gen:Variant.Kazy.378311 20140508
Commtouch W32/Trojan.VWHC-1024 20140508
Emsisoft Gen:Variant.Kazy.378311 (B) 20140508
F-Prot W32/Trojan3.IHD 20140508
GData Gen:Variant.Kazy.378311 20140508
Ikarus Trojan-Spy.Agent 20140508
Malwarebytes Trojan.FakeMS.CHK 20140508
McAfee Artemis!648401AE4F3B 20140508
McAfee-GW-Edition Artemis!648401AE4F3B 20140508
eScan Gen:Variant.Kazy.378311 20140508
Qihoo-360 Malware.QVM20.Gen 20140508
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140507
Sophos AV Mal/Zbot-PA 20140508
TrendMicro-HouseCall TROJ_GEN.F0D1H00E814 20140508
AegisLab 20140508
Yandex 20140508
AhnLab-V3 20140508
AntiVir 20140508
Antiy-AVL 20140508
Avast 20140508
AVG 20140508
Baidu-International 20140508
Bkav 20140507
ByteHero 20140508
CAT-QuickHeal 20140508
ClamAV 20140508
CMC 20140506
Comodo 20140508
DrWeb 20140508
ESET-NOD32 20140508
F-Secure 20140508
Fortinet 20140508
Jiangmin 20140508
K7AntiVirus 20140508
K7GW 20140508
Kaspersky 20140508
Kingsoft 20140508
Microsoft 20140508
NANO-Antivirus 20140508
Norman 20140508
nProtect 20140507
Panda 20140508
SUPERAntiSpyware 20140508
Symantec 20140508
TheHacker 20140508
TotalDefense 20140508
TrendMicro 20140508
VBA32 20140507
VIPRE 20140508
ViRobot 20140508
Zillya 20140508
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CHKDSK.EXE
Internal name chkdsk
File version 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)
Description Check Disk Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-08 11:22:05
Entry Point 0x00019E00
Number of sections 4
PE sections
PE imports
RegOpenKeyExW
GetDeviceCaps
GetTextMetricsW
SetMapMode
DeleteDC
CreateFontIndirectW
SetBkMode
GetMapMode
GetStockObject
CreateBitmap
CreateCompatibleBitmap
SelectObject
DPtoLP
GetObjectW
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LCMapStringW
HeapCreate
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
HeapDestroy
HeapAlloc
TlsAlloc
lstrcmpiW
GetCommandLineW
lstrlenW
DeleteCriticalSection
GetCurrentProcess
SwitchToThread
OpenFileMappingW
GetCurrentProcessId
lstrcatA
GetModuleHandleW
GetWindowsDirectoryA
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
CreateFileMappingW
CreateThread
MapViewOfFile
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
WaitForMultipleObjects
GetProcessHeap
LocalFree
TerminateProcess
CreateEventW
UnmapViewOfFile
OpenEventW
GetStringTypeExW
ChangeTimerQueueTimer
InterlockedDecrement
Sleep
GetTickCount
CreateFileA
DebugBreak
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
InterlockedIncrement
LoadCursorW
GetSysColor
LoadIconA
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ARABIC SAUDI ARABIA 3
ENGLISH US 1
ENGLISH UK 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.3790.3959

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
74240

EntryPoint
0x19e00

OriginalFileName
CHKDSK.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.3790.3959 (srv03_sp2_rtm.070216-1710)

TimeStamp
2014:05:08 12:22:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chkdsk

ProductVersion
5.2.3790.3959

FileDescription
Check Disk Utility

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
102912

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.2.3790.3959

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 648401ae4f3b5f2f7f9198a2fc3fe072
SHA1 8aefeb765afc726da893ecd4693bed680fbe9b9d
SHA256 2ddddedd59856ab4d13d09c016d2d78b950b84cf083d0aaf1d246a4dba5204bd
ssdeep
3072:5YFKhALGZPpemZC+XVtjkL/kwwkMpCJTAZU:9hALOfFXbm

authentihash e0bece7921facc73bb1d2bb227f4d290761dfd758cc414581d2579d17a648280
imphash ad6ac55c7ccf9b8df4348424935c6b33
File size 174.0 KB ( 178176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-08 13:59:06 UTC ( 3 years, 5 months ago )
Last submission 2017-03-17 19:10:08 UTC ( 7 months, 1 week ago )
File names c-da7de-3538-1399556761
648401ae4f3b5f2f7f9198a2fc3fe072
008000221
vti-rescan
CHKDSK.EXE
chkdsk
2ddddedd59856ab4d13d09c016d2d78b950b84cf083d0aaf1d246a4dba5204bd.exe
Court_Notice_May-8_Date_2014FHK.exe
648401ae4f3b5f2f7f9198a2fc3fe072.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications