× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 86ac503ad77593b7873246b92be7100e616a1b205e059854a60e618a97d2d852
File name: Court_Notice_Copy_07-04-14_AP.exe
Detection ratio: 11 / 51
Analysis date: 2014-04-07 18:17:01 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Antiy-AVL Worm/Win32.AutoRun 20140407
Avast Win32:Malware-gen 20140407
Commtouch W32/Trojan.AFDA-9188 20140407
F-Prot W32/Trojan3.HZR 20140407
Fortinet W32/Lockscreen.LOA!tr 20140406
Malwarebytes Malware.Packer.INNO 20140407
McAfee PWS-Zbot-FANV!A1E0804D0BBC 20140407
McAfee-GW-Edition PWS-Zbot-FANV!A1E0804D0BBC 20140407
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140406
Sophos Troj/Ransom-SY 20140407
Symantec Suspicious.Cloud.5 20140407
Ad-Aware 20140407
AegisLab 20140407
Yandex 20140407
AhnLab-V3 20140407
AntiVir 20140407
AVG 20140407
Baidu-International 20140407
BitDefender 20140407
Bkav 20140407
ByteHero 20140407
CAT-QuickHeal 20140407
ClamAV 20140407
CMC 20140407
Comodo 20140407
DrWeb 20140407
Emsisoft 20140407
ESET-NOD32 20140407
F-Secure 20140407
GData 20140407
Ikarus 20140407
Jiangmin 20140407
K7AntiVirus 20140407
K7GW 20140407
Kaspersky 20140407
Kingsoft 20140407
Microsoft 20140407
eScan 20140407
NANO-Antivirus 20140407
Norman 20140407
nProtect 20140407
Panda 20140407
Qihoo-360 20140407
SUPERAntiSpyware 20140407
TheHacker 20140407
TotalDefense 20140407
TrendMicro 20140407
TrendMicro-HouseCall 20140407
VBA32 20140407
VIPRE 20140407
ViRobot 20140407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Comments This installation was built with.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-07 13:54:58
Entry Point 0x000047B0
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
RegDeleteKeyA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
GetTokenInformation
AllocateAndInitializeSid
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
EqualSid
RegQueryInfoKeyA
RegQueryValueExW
LocalFree
GetCurrentProcess
SetUnhandledExceptionFilter
CreateThread
LocalAlloc
GetCurrentProcessId
GetCommandLineW
FreeLibrary
QueryPerformanceCounter
UnhandledExceptionFilter
ExitProcess
GetStartupInfoW
GetSystemTimeAsFileTime
GetTickCount
lstrcmpiW
VirtualAlloc
GetCurrentThreadId
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteA
CharPrevA
GetSystemMetrics
LoadCursorA
LoadStringA
CharNextA
MessageBoxA
LoadIconW
ExitWindowsEx
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_STRING 6
RT_ICON 3
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with.

InitializedDataSize
39424

ImageVersion
0.0

FileVersionNumber
1.6.0.166

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.5

EntryPoint
0x47b0

MIMEType
application/octet-stream

TimeStamp
2014:04:07 14:54:58+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
108544

FileSubtype
0

ProductVersionNumber
1.6.0.166

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a1e0804d0bbc17b895194d88a61c85e4
SHA1 9eb092bcb3e294149437e4fad6b9abdba82a46f4
SHA256 86ac503ad77593b7873246b92be7100e616a1b205e059854a60e618a97d2d852
ssdeep
3072:yHJZCB6O/itNaa153KSbxvbRnJTAEJTA1x:yHPM6OatNaEVKS

authentihash a1208aa5bc54c7982a15b3866ad9744f290ea0b1d11b470210ee02779ad1b118
imphash 348370fbd3b57e3eeac40748190562c0
File size 145.0 KB ( 148480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-07 14:41:59 UTC ( 3 years, 1 month ago )
Last submission 2015-04-17 21:34:03 UTC ( 2 years, 1 month ago )
File names Court_Notice_Copy_07-04-14_AP.exe
a1e0804d0bbc17b895194d88a61c85e4.exe
c-65e08-2908-1396884061
a1e0804d0bbc17b895194d88a61c85e4
c47.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs