× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 650e649fb07ecee81bdf80472a14d3b17685d68fcf1e8bb8c6a273ae57a1bce2
File name: Court_Notice_May-13_Date_2014_D-SER-N.exe
Detection ratio: 23 / 52
Analysis date: 2014-05-14 16:07:18 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.41994 20140514
AhnLab-V3 Backdoor/Win32.Androm 20140514
AntiVir TR/Crypt.ZPACK.80247 20140514
BitDefender Gen:Variant.Symmi.41994 20140514
Commtouch W32/Trojan.PZXK-7853 20140514
DrWeb BackDoor.Kuluoz.4 20140514
Emsisoft Gen:Variant.Symmi.41994 (B) 20140514
ESET-NOD32 Win32/TrojanDownloader.Zortob.B 20140514
F-Prot W32/Trojan5.JSN 20140514
F-Secure Gen:Variant.Symmi.41994 20140514
GData Gen:Variant.Symmi.41994 20140514
Ikarus Backdoor.Androm 20140514
Malwarebytes Trojan.FakeMS.CHK 20140514
McAfee RDN/Generic.tfr!dz 20140514
eScan Gen:Variant.Symmi.41994 20140514
Norman Suspicious_Gen4.GIDSY 20140514
Qihoo-360 HEUR/Malware.QVM20.Gen 20140514
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140507
Symantec Trojan.Asprox.B 20140514
TrendMicro TROJ_MIPC.008575ED14 20140514
TrendMicro-HouseCall TROJ_MIPC.008575ED14 20140514
VIPRE Trojan.Win32.Generic.pak!cobra 20140514
ViRobot Trojan.Win32.S.Agent.141312.Q 20140514
AegisLab 20140514
Yandex 20140514
Antiy-AVL 20140514
Avast 20140514
AVG 20140514
Baidu-International 20140514
Bkav 20140514
ByteHero 20140514
CAT-QuickHeal 20140514
ClamAV 20140514
CMC 20140512
Comodo 20140514
Fortinet 20140514
Jiangmin 20140514
K7AntiVirus 20140513
K7GW 20140514
Kaspersky 20140514
Kingsoft 20140514
McAfee-GW-Edition 20140514
Microsoft 20140514
NANO-Antivirus 20140514
nProtect 20140514
Panda 20140514
Sophos AV 20140514
SUPERAntiSpyware 20140514
Tencent 20140514
TheHacker 20140513
TotalDefense 20140514
VBA32 20140514
Zillya 20140512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CHKDSK.EXE
Internal name chkdsk
File version 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)
Description Check Disk Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-13 17:24:04
Entry Point 0x0001E600
Number of sections 5
PE sections
PE imports
RegOpenKeyExW
GetDeviceCaps
GetTextMetricsW
SetMapMode
DeleteDC
CreateFontIndirectW
SetBkMode
GetMapMode
GetStockObject
CreateBitmap
CreateCompatibleBitmap
SelectObject
DPtoLP
GetObjectW
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
QueryPerformanceCounter
DebugBreak
TlsAlloc
lstrlenW
GetStartupInfoA
SwitchToThread
OpenFileMappingW
lstrcatA
GetCommandLineW
GetWindowsDirectoryA
UnhandledExceptionFilter
GetCurrentThread
CreateFileMappingW
MapViewOfFile
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
CreateEventW
OpenEventW
GetStringTypeExW
ChangeTimerQueueTimer
CreateFileA
GetTickCount
GetProcessHeap
VirtualAlloc
LeaveCriticalSection
LoadCursorW
GetSysColor
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ARABIC SAUDI ARABIA 3
ENGLISH US 1
ENGLISH UK 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.3790.3959

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
22528

EntryPoint
0x1e600

OriginalFileName
CHKDSK.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.3790.3959 (srv03_sp2_rtm.070216-1710)

TimeStamp
2014:05:13 18:24:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chkdsk

ProductVersion
5.2.3790.3959

FileDescription
Check Disk Utility

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
118272

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.2.3790.3959

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b15932cb2a15f06de49773400c6e1f07
SHA1 0e4c3e3b959ac3a28c018b3d41d483d1327270fb
SHA256 650e649fb07ecee81bdf80472a14d3b17685d68fcf1e8bb8c6a273ae57a1bce2
ssdeep
3072:pGx08y59fXC1eYIy2F3OgCcw2LHFadMpmMpoU:kx0Z+ZIl+gCcP

authentihash 1fcc4bfa97b1cf4cf117e10fe06290473c5e9930588ceb5cb1edb519a75c112d
imphash 9b48693acc32d5c086b3ca4ac4d1d478
File size 138.0 KB ( 141312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-13 21:46:41 UTC ( 3 years, 4 months ago )
Last submission 2017-03-17 18:27:00 UTC ( 6 months, 1 week ago )
File names Court_Notice_May-13_Date_2014_D-SER-N.exe
CHKDSK.EXE
c-c4ccb-3711-1400017742
008034894
b15932cb2a15f06de49773400c6e1f07
fnawmgva.exe.infected
Court_Notice_May-13_Date_2014_D-SER-N.ex1
b15932cb2a15f06de49773400c6e1f07.exe
chkdsk
court_notice_may-13_date_2014_d-ser-n.exe
Court_Notice_May-13_Date_2014_D-SER-N_exe
650e649fb07ecee81bdf80472a14d3b17685d68fcf1e8bb8c6a273ae57a1bce2.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs