× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43d8bea74884ab37fa86b282c921e7297e5f491fab0e1ef276f8e2bb69d8c4b1
File name: Court_Notice_May-23_Date_2014_SER-ERN-DC.exe
Detection ratio: 7 / 53
Analysis date: 2014-05-23 16:10:03 UTC ( 3 years ago ) View latest
Antivirus Result Update
AVG Luhe.Fiha.A 20140523
Commtouch W32/Trojan.MWNG-8001 20140523
F-Prot W32/Trojan3.ILH 20140523
McAfee BackDoor-FANW 20140523
McAfee-GW-Edition Artemis!51E12BEC75E8 20140523
Qihoo-360 Win32/Trojan.Multi.daf 20140523
TrendMicro-HouseCall TROJ_GEN.F0D1H00EN14 20140523
Ad-Aware 20140523
AegisLab 20140523
Yandex 20140523
AhnLab-V3 20140523
AntiVir 20140523
Antiy-AVL 20140523
Avast 20140523
Baidu-International 20140523
BitDefender 20140523
Bkav 20140523
ByteHero 20140523
CAT-QuickHeal 20140523
ClamAV 20140523
CMC 20140523
Comodo 20140523
DrWeb 20140523
Emsisoft 20140523
ESET-NOD32 20140523
F-Secure 20140523
Fortinet 20140523
GData 20140523
Ikarus 20140523
Jiangmin 20140523
K7AntiVirus 20140523
K7GW 20140523
Kaspersky 20140523
Kingsoft 20140523
Malwarebytes 20140523
Microsoft 20140523
eScan 20140523
NANO-Antivirus 20140523
Norman 20140523
nProtect 20140523
Panda 20140523
Rising 20140522
Sophos 20140523
SUPERAntiSpyware 20140523
Symantec 20140523
Tencent 20140523
TheHacker 20140523
TotalDefense 20140523
TrendMicro 20140523
VBA32 20140523
VIPRE 20140523
ViRobot 20140523
Zillya 20140523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-23 11:03:31
Entry Point 0x00001311
Number of sections 6
PE sections
PE imports
CryptProtectData
CryptBinaryToStringA
GetTextCharsetInfo
GetNearestPaletteIndex
GetWindowExtEx
Polygon
GetSystemPaletteEntries
GetRgnBox
SaveDC
ExtSelectClipRgn
GetPaletteEntries
CreatePolygonRgn
CreateRectRgnIndirect
CombineRgn
GetClipBox
GetObjectType
Rectangle
SetMapMode
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
EnumFontFamiliesW
SetLayout
GetCharWidthW
SetWindowOrgEx
IntersectClipRect
GetLayout
RealizePalette
OffsetWindowOrgEx
CreatePatternBrush
CreateEllipticRgn
CreateBitmap
MoveToEx
CreatePalette
CreateDIBitmap
SetViewportOrgEx
SelectPalette
LineTo
SetTextAlign
SetROP2
SelectClipRgn
StretchBlt
StretchDIBits
ScaleWindowExtEx
CreateRoundRectRgn
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
SetPolyFillMode
SetDIBColorTable
SetWindowExtEx
CreateSolidBrush
Polyline
GetViewportExtEx
GetBkColor
SetRectRgn
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
ExitProcess
CompareStringW
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
DeleteCriticalSection
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEnvironmentVariableA
HeapAlloc
QueryDosDeviceA
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
GetForegroundWindow
SetWindowRgn
MapDialogRect
IntersectRect
SetLayeredWindowAttributes
SetMenuItemBitmaps
BeginPaint
SetClassLongW
GetScrollPos
EnableScrollBar
DestroyMenu
MapVirtualKeyW
NotifyWinEvent
GetNextDlgGroupItem
GetClassInfoExW
EnumDisplayMonitors
BeginDeferWindowPos
IsIconic
SetScrollRange
PeekMessageW
InsertMenuItemW
SetMenu
CharUpperW
GetScrollRange
GetWindowDC
CopyImage
GetMenuCheckMarkDimensions
SendDlgItemMessageW
GetMessageTime
ReuseDDElParam
GetMenuDefaultItem
RegisterClipboardFormatW
RegisterClassExA
EndDeferWindowPos
IsDialogMessageW
GetMenuStringW
CheckMenuItem
SendDlgItemMessageA
GetClassLongW
GetQueueStatus
RegisterClassW
ShowScrollBar
WinHelpW
UnregisterClassW
GetClassInfoW
UnpackDDElParam
IsZoomed
BringWindowToTop
HideCaret
SetScrollPos
InvertRect
GetKeyNameTextW
CreateWindowExA
GetClassNameW
TrackPopupMenu
ShowOwnedPopups
ShowCursor
SetWindowContextHelpId
DestroyAcceleratorTable
ValidateRect
PostThreadMessageW
CopyAcceleratorTableW
RealChildWindowFromPoint
LoadAcceleratorsW
ScrollWindow
SetForegroundWindow
InvalidateRgn
CharNextW
GetLastActivePopup
IsChild
TranslateAcceleratorW
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:23 12:03:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
27136

LinkerVersion
10.0

EntryPoint
0x1311

InitializedDataSize
82432

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 51e12bec75e8d5a0b2e434a45b7e1c67
SHA1 283e7b9d677f50a8df0e8f95fefdaaf7e64f90d0
SHA256 43d8bea74884ab37fa86b282c921e7297e5f491fab0e1ef276f8e2bb69d8c4b1
ssdeep
3072:WDKia3bla5cWVUho8gXfpoEVdyWrQ6F+SADN:CJa3AGWMsX7dy36oSSN

authentihash 5be96653197f423ebd67c6f72efbe927af3eb566e8c251001e74fadbf84ef2e5
imphash 6144d38a43149d970eae52ae5fceb340
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-23 13:12:14 UTC ( 3 years ago )
Last submission 2015-06-12 12:28:19 UTC ( 1 year, 11 months ago )
File names court_notice_may-23_date_2014_ser-ern-dc.exe
Court_Notice_May-23_Date_2014_SER-ERN-DC.exe
008077089
283E7B9D677F50A8DF0E8F95FEFDAAF7E64F90D0.sample
43d8bea74884ab37fa86b282c921e7297e5f491fab0e1ef276f8e2bb69d8c4b1.exe
51e12bec75e8d5a0b2e434a45b7e1c67
51e12bec75e8d5a0b2e434a45b7e1c67
file-7022887_exe
c-e0cea-4145-1400850902
51e12bec75e8d5a0b2e434a45b7e1c67.exe
Court_Notice_May-23_Date_2014_SER-ERN-DC_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
DNS requests