× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e43e765c446b1b0122b14abe48ed5141583f073177c2b9d00926c0a810d13e63
File name: Court_Notice_Date_May-7_2014CV-D.exe
Detection ratio: 23 / 52
Analysis date: 2014-05-08 13:04:49 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1670332 20140508
AntiVir TR/Agent.CBHW 20140508
AVG Crypt3.NVI 20140508
Baidu-International Trojan.Win32.Kryptik.ATNQ 20140508
BitDefender Trojan.GenericKD.1670332 20140508
Commtouch W32/Trojan.XTUY-7860 20140508
Emsisoft Trojan.GenericKD.1670332 (B) 20140508
ESET-NOD32 a variant of Win32/Kryptik.CBHW 20140508
F-Prot W32/Trojan3.IGY 20140508
Fortinet W32/Kryptik.CBHW!tr 20140508
GData Trojan.GenericKD.1670332 20140508
Ikarus Backdoor.Androm 20140508
Kaspersky Backdoor.Win32.Androm.dtfs 20140508
Malwarebytes Trojan.FakeMS.CHK 20140508
McAfee Artemis!E3CBFDD4DFA6 20140508
McAfee-GW-Edition Artemis!E3CBFDD4DFA6 20140507
Microsoft TrojanDownloader:Win32/Kuluoz.D 20140508
eScan Trojan.GenericKD.1670332 20140508
Qihoo-360 Win32/Backdoor.62a 20140508
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140507
Sophos AV Mal/Zbot-PA 20140508
Symantec Trojan.Asprox.B 20140508
TrendMicro-HouseCall TROJ_GEN.F047H0ZE714 20140508
AegisLab 20140508
Yandex 20140507
AhnLab-V3 20140508
Antiy-AVL 20140508
Avast 20140508
Bkav 20140507
ByteHero 20140508
CAT-QuickHeal 20140508
ClamAV 20140508
CMC 20140506
Comodo 20140508
DrWeb 20140508
F-Secure 20140508
Jiangmin 20140508
K7AntiVirus 20140507
K7GW 20140507
Kingsoft 20140508
NANO-Antivirus 20140508
Norman 20140508
nProtect 20140507
Panda 20140508
SUPERAntiSpyware 20140508
TheHacker 20140508
TotalDefense 20140508
TrendMicro 20140508
VBA32 20140507
VIPRE 20140508
ViRobot 20140508
Zillya 20140507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name CHKDSK.EXE
Internal name chkdsk
File version 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)
Description Check Disk Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-07 20:54:17
Entry Point 0x00019DF0
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
RegRestoreKeyW
RegQueryValueExA
RegCreateKeyW
OpenServiceW
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyExA
CreateServiceW
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenThreadToken
GetLengthSid
CreateProcessAsUserW
IsValidAcl
RegDeleteValueW
RevertToSelf
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSaveKeyW
StartServiceCtrlDispatcherW
EqualSid
RegQueryValueW
SetThreadToken
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
GetDeviceCaps
GetTextMetricsW
SetMapMode
DeleteDC
CreateFontIndirectW
SetBkMode
GetMapMode
GetStockObject
CreateBitmap
CreateCompatibleBitmap
SelectObject
DPtoLP
GetObjectW
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
GetLastError
SetCurrentDirectoryW
lstrcpynW
RemoveDirectoryW
GlobalFree
GetVersionExW
FreeLibrary
QueryPerformanceCounter
MulDiv
ExitProcess
LoadLibraryA
GetCommandLineW
GetFileAttributesW
lstrcatW
GetCurrentProcess
GetCurrentDirectoryW
LocalAlloc
lstrcatA
lstrlenW
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileMappingW
lstrcpyW
GetModuleFileNameW
GetModuleHandleA
GetSystemDirectoryW
FindNextFileW
GetCurrentThreadId
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
GetModuleHandleW
LocalFree
FormatMessageW
TerminateProcess
LoadLibraryW
SearchPathW
GetExitCodeThread
lstrcmpiW
GetWindowsDirectoryW
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
InterlockedDecrement
SetFileAttributesW
CreateFileA
GetTickCount
OutputDebugStringA
VirtualAlloc
GetCurrentProcessId
SetLastError
InterlockedIncrement
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
PathCanonicalizeW
StrStrIW
RedrawWindow
PostQuitMessage
SetWindowPos
EndPaint
DispatchMessageW
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
LoadImageW
GetWindowTextW
LoadAcceleratorsW
DestroyWindow
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
GetMessageW
ShowWindow
PeekMessageW
EnableWindow
TranslateMessage
IsWindowEnabled
GetWindow
MsgWaitForMultipleObjects
LoadStringA
RegisterClassW
LoadStringW
DrawFocusRect
FillRect
EnumThreadWindows
CopyRect
GetSysColorBrush
CreateWindowExW
GetWindowLongW
GetUpdateRect
CharNextW
IsChild
MapWindowPoints
BeginPaint
OffsetRect
DefWindowProcW
CharPrevW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
DrawIcon
EnumChildWindows
SendDlgItemMessageW
PostMessageW
InvalidateRect
CheckDlgButton
CreateDialogParamW
WaitMessage
GetLastActivePopup
SetWindowTextW
GetDlgItem
BringWindowToTop
IsDlgButtonChecked
GetDesktopWindow
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
ExitWindowsEx
EndDialog
FindWindowW
MessageBeep
SetFocus
MessageBoxW
RegisterClassExW
MoveWindow
DialogBoxParamW
GetSysColor
DestroyIcon
IsWindowVisible
SetMessageQueue
CallWindowProcW
GetClientRect
IsRectEmpty
GetFocus
wsprintfW
TranslateAcceleratorW
SetCursor
_purecall
__p__fmode
malloc
__CxxFrameHandler
wcstoul
__dllonexit
_wcsicmp
printf
_vsnwprintf
_cexit
_c_exit
setlocale
_onexit
wcslen
exit
_XcptFilter
asctime
__setusermatherr
__p__commode
localtime
_acmdln
_CxxThrowException
_exit
_adjust_fdiv
_wmakepath
free
_wsplitpath
__getmainargs
_controlfp
_vsnprintf
_except_handler3
memmove
swscanf
time
wcsstr
_initterm
_wtoi
__set_app_type
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ARABIC SAUDI ARABIA 3
ENGLISH US 1
ENGLISH UK 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.3790.3959

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
79360

EntryPoint
0x19df0

OriginalFileName
CHKDSK.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.3790.3959 (srv03_sp2_rtm.070216-1710)

TimeStamp
2014:05:07 21:54:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chkdsk

ProductVersion
5.2.3790.3959

FileDescription
Check Disk Utility

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
103936

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.2.3790.3959

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e3cbfdd4dfa6561e22e19177a4f60e7a
SHA1 f67cd702985f5fbb3171ef32ebd5f46cedb55532
SHA256 e43e765c446b1b0122b14abe48ed5141583f073177c2b9d00926c0a810d13e63
ssdeep
3072:KcV+9pZu4lEfP3GEpQEHtlnBpk7Ze7QFo1LnMpCJTAZU:P+93u4aPNRH7Bx1

authentihash a664f45f9635a4d4dca5aef0b3ca505478aa701ecdb81a33ad272b890a0aa9e5
imphash a3c9657e6c785af84138f8cb76a4041d
File size 179.5 KB ( 183808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (68.6%)
Win32 Executable MS Visual C++ (generic) (15.9%)
Windows screen saver (6.6%)
Win32 Dynamic Link Library (generic) (3.3%)
Win32 Executable (generic) (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-07 22:14:53 UTC ( 3 years, 5 months ago )
Last submission 2014-10-24 16:14:26 UTC ( 2 years, 12 months ago )
File names chkdsk
e43e765c446b1b0122b14abe48ed5141583f073177c2b9d00926c0a810d13e63.exe
Court_Notice_Date_May-7_2014CV-D.exe
CHKDSK.EXE
c-9fa95-3510-1399502101
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs