× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e8f6ccc32a042e3dad398a76620e2cf9da62334c84fba98c0ffba691d1769cf
File name: Court_Notice_May-19_Date_DF-SER_2014.exe
Detection ratio: 5 / 53
Analysis date: 2014-05-19 19:10:01 UTC ( 3 years ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140519
Qihoo-360 Malware.QVM20.Gen 20140519
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140519
Sophos Mal/Zbot-PA 20140519
TrendMicro-HouseCall TROJ_GEN.F0D1H00EJ14 20140519
Ad-Aware 20140519
AegisLab 20140519
Yandex 20140519
AhnLab-V3 20140519
AntiVir 20140519
Antiy-AVL 20140519
AVG 20140519
Baidu-International 20140519
BitDefender 20140519
Bkav 20140517
ByteHero 20140519
CAT-QuickHeal 20140519
ClamAV 20140519
CMC 20140519
Commtouch 20140519
Comodo 20140519
DrWeb 20140519
Emsisoft 20140519
ESET-NOD32 20140519
F-Prot 20140519
F-Secure 20140519
Fortinet 20140519
GData 20140519
Ikarus 20140519
Jiangmin 20140519
K7AntiVirus 20140519
K7GW 20140519
Kaspersky 20140519
Kingsoft 20140519
Malwarebytes 20140519
McAfee 20140519
McAfee-GW-Edition 20140519
Microsoft 20140519
eScan 20140519
NANO-Antivirus 20140519
Norman 20140519
nProtect 20140519
Panda 20140519
SUPERAntiSpyware 20140519
Symantec 20140519
Tencent 20140519
TheHacker 20140519
TotalDefense 20140519
TrendMicro 20140519
VBA32 20140519
VIPRE 20140519
ViRobot 20140519
Zillya 20140519
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-19 12:17:30
Entry Point 0x0001C1F0
Number of sections 5
PE sections
PE imports
RegOpenKeyExW
GetOpenFileNameA
GetStockObject
CreateFileA
GetWindowsDirectoryA
lstrcatA
VirtualAlloc
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
SetFocus
RedrawWindow
GetParent
ReleaseDC
EndDialog
ShowWindow
SetWindowPos
SendDlgItemMessageA
CharLowerA
IsWindow
GetWindowRect
EnableWindow
PostMessageA
LoadCursorW
EnumChildWindows
SetWindowLongA
DialogBoxParamA
GetSysColor
GetDC
SystemParametersInfoA
wsprintfA
GetClientRect
GetDlgItem
ScreenToClient
InvalidateRect
GetWindowLongA
LoadIconA
CopyRect
LoadImageA
OleUninitialize
CLSIDFromString
CoInitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 6
RT_DIALOG 5
RT_GROUP_ICON 2
Number of PE resources by language
ENGLISH UK 10
ARABIC IRAQ 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:19 13:17:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
109568

LinkerVersion
2.5

EntryPoint
0x1c1f0

InitializedDataSize
105984

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 fc89720c573184b6b0c740025bd8f0be
SHA1 398a179e369427a293a50520c4a2a861ba927b1e
SHA256 6e8f6ccc32a042e3dad398a76620e2cf9da62334c84fba98c0ffba691d1769cf
ssdeep
6144:yKvRQGjZd41kb+digwHk5ZRVqsqWQyF3Zl5BopmkZtcofYw1PgMwS/qDHz8idr4H:BvxZZ1

authentihash 102ed2aedbeed95baf1a121757353010cacdc4c89d88c27fd04e3e01ca397e1f
imphash 617d201b1baa05264a565135fbbe80c4
File size 211.0 KB ( 216064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-19 16:22:05 UTC ( 3 years ago )
Last submission 2017-03-17 19:03:43 UTC ( 2 months, 1 week ago )
File names Court_Notice_May-19_Date_DF-SER_2014.exe
a.txt
c-93802-3999-1400519522
008079133
6e8f6ccc32a042e3dad398a76620e2cf9da62334c84fba98c0ffba691d1769cf.exe
fc89720c573184b6b0c740025bd8f0be
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications