× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f3bdf47438881dc02e023679ac17af3703efe66f11cf4aba063a00ee71fd46f
File name: Court_Notice_May-14_Date_2014_EXL-DC.exe
Detection ratio: 4 / 52
Analysis date: 2014-05-14 16:40:40 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Commtouch W32/Trojan.QEGJ-7409 20140514
F-Prot W32/Trojan3.IIN 20140514
Sophos AV Troj/Kolouz-A 20140514
TrendMicro-HouseCall TROJ_GEN.F0D1H00EE14 20140514
Ad-Aware 20140514
AegisLab 20140514
Yandex 20140514
AhnLab-V3 20140514
AntiVir 20140514
Antiy-AVL 20140514
Avast 20140514
AVG 20140514
Baidu-International 20140514
BitDefender 20140514
Bkav 20140514
ByteHero 20140514
CAT-QuickHeal 20140514
ClamAV 20140514
CMC 20140512
Comodo 20140514
DrWeb 20140514
Emsisoft 20140514
ESET-NOD32 20140514
F-Secure 20140514
Fortinet 20140514
GData 20140514
Ikarus 20140514
Jiangmin 20140514
K7AntiVirus 20140513
K7GW 20140514
Kaspersky 20140514
Kingsoft 20140514
Malwarebytes 20140514
McAfee 20140514
McAfee-GW-Edition 20140514
Microsoft 20140514
eScan 20140514
NANO-Antivirus 20140514
Norman 20140514
nProtect 20140514
Panda 20140514
Qihoo-360 20140514
Rising 20140507
SUPERAntiSpyware 20140514
Symantec 20140514
Tencent 20140514
TheHacker 20140513
TotalDefense 20140514
TrendMicro 20140514
VBA32 20140514
VIPRE 20140514
ViRobot 20140514
Zillya 20140512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-14 10:05:25
Entry Point 0x000046BD
Number of sections 4
PE sections
PE imports
GetTextCharsetInfo
CreatePolygonRgn
GetWindowExtEx
Polygon
GetSystemPaletteEntries
SetMapMode
GetRgnBox
SaveDC
ExtSelectClipRgn
GetPaletteEntries
CreateRectRgnIndirect
SetROP2
CombineRgn
GetClipBox
UpdateColors
GetObjectType
Rectangle
GetLayout
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
GetMapMode
EnumFontFamiliesW
SetLayout
GetCharWidthW
CreateSolidBrush
IntersectClipRect
RealizePalette
OffsetWindowOrgEx
CreatePatternBrush
CreateEllipticRgn
CreateBitmap
MoveToEx
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
OffsetViewportOrgEx
GetNearestPaletteIndex
SetTextAlign
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchBlt
StretchDIBits
ScaleWindowExtEx
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
SetPolyFillMode
SetDIBColorTable
SetWindowExtEx
SetWindowOrgEx
Polyline
GetViewportExtEx
GetBkColor
SetRectRgn
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
SetStdHandle
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
ExitProcess
GetModuleHandleA
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
QueryDosDeviceA
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
VirtualQuery
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
LeaveCriticalSection
GradientFill
WinHelpW
GetForegroundWindow
SetWindowRgn
GetScrollRange
SetLayeredWindowAttributes
SetMenuItemBitmaps
BeginPaint
HideCaret
GetScrollPos
SetClassLongW
DestroyMenu
MapVirtualKeyW
GetComboBoxInfo
GetNextDlgGroupItem
GetClassInfoExW
EnumDisplayMonitors
ShowScrollBar
SetScrollPos
SetScrollRange
PeekMessageW
InsertMenuItemW
SetMenu
CharUpperW
IntersectRect
EnableScrollBar
GetWindowDC
CopyImage
SendDlgItemMessageW
GetMessageTime
ReuseDDElParam
GetMenuDefaultItem
RegisterClassW
RegisterClassExA
EndDeferWindowPos
MapDialogRect
GetMenuStringW
CheckMenuItem
SendDlgItemMessageA
GetClassLongW
GetQueueStatus
GetLastActivePopup
BeginDeferWindowPos
IsZoomed
UnregisterClassW
GetClassInfoW
CreateMenu
GetMenuCheckMarkDimensions
BringWindowToTop
PostThreadMessageW
IsIconic
InvertRect
GetKeyNameTextW
NotifyWinEvent
GetClassNameW
TrackPopupMenu
ShowOwnedPopups
ShowCursor
SetWindowContextHelpId
DestroyAcceleratorTable
RegisterClipboardFormatW
ValidateRect
IsDialogMessageW
CopyAcceleratorTableW
UnpackDDElParam
RealChildWindowFromPoint
LoadAcceleratorsW
ScrollWindow
SetForegroundWindow
InvalidateRgn
CharNextW
IsChild
TranslateAcceleratorW
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:14 11:05:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
112128

LinkerVersion
10.0

EntryPoint
0x46bd

InitializedDataSize
26112

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 41d7b395ca4dd5b3150b35be4fad3737
SHA1 714fcdd8d396ee5d4c169503c369879d66faca54
SHA256 2f3bdf47438881dc02e023679ac17af3703efe66f11cf4aba063a00ee71fd46f
ssdeep
1536:+NFwRIXuAK946BxaCL4LHP9jdlnKVUvlLAKx+8UF15twHCsmupzOFWsNf42ruReI:Ww3NBL4L+UvOKtUnwHC3uRZsNQer+us

authentihash 89952885ccd55d61a0b1b9f640417bb95d78fdbe84e1c608ceb4208312bf7d37
imphash f2f91df668d079e5a82af0b25889c734
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-14 12:20:29 UTC ( 3 years, 4 months ago )
Last submission 2014-10-24 16:20:56 UTC ( 2 years, 11 months ago )
File names 2f3bdf47438881dc02e023679ac17af3703efe66f11cf4aba063a00ee71fd46f.exe
file-6980669_exe
Court_Notice_May-14_Date_2014_EXL-DC.exe
thisnlge.exe
c-1b67d-3761-1400077261
41d7b395ca4dd5b3150b35be4fad3737
court_notice_may-14_date_2014_exl-dc.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications