× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f1c31cb58478949eaccabdc6cc4462ab68e8e189657c2f88c1ae085826ffe7a2
File name: Court_Notice_May-20_Date_EN-RM_2014.exe
Detection ratio: 17 / 53
Analysis date: 2014-05-21 10:55:04 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Commtouch W32/Trojan.AISL-4213 20140521
ESET-NOD32 Win32/TrojanDownloader.Zortob.F 20140521
F-Prot W32/Trojan3.IKH 20140521
GData Trojan.GenericKD.1688010 20140521
Ikarus Backdoor.Androm 20140521
Kaspersky Trojan-Downloader.Win32.Dofoil.amdz 20140521
McAfee RDN/Generic.grp!hg 20140521
McAfee-GW-Edition Artemis!76BD89FF3141 20140521
Microsoft TrojanDownloader:Win32/Kuluoz 20140521
eScan Trojan.GenericKD.1688010 20140521
nProtect Trojan.GenericKD.1688010 20140521
Qihoo-360 HEUR/Malware.QVM20.Gen 20140521
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140520
Sophos AV Mal/Zbot-PA 20140521
Tencent Win32.Trojan-downloader.Dofoil.Ajcf 20140521
TrendMicro-HouseCall TROJ_GEN.F0D1H00EK14 20140521
VIPRE Trojan.Win32.Generic.pak!cobra 20140521
Ad-Aware 20140521
AegisLab 20140521
Yandex 20140520
AhnLab-V3 20140520
AntiVir 20140521
Antiy-AVL 20140521
Avast 20140521
AVG 20140521
Baidu-International 20140520
BitDefender 20140521
Bkav 20140520
ByteHero 20140521
CAT-QuickHeal 20140520
ClamAV 20140521
CMC 20140520
Comodo 20140520
DrWeb 20140521
Emsisoft 20140521
F-Secure 20140521
Fortinet 20140521
Jiangmin 20140521
K7AntiVirus 20140520
K7GW 20140520
Kingsoft 20140521
Malwarebytes 20140521
NANO-Antivirus 20140521
Norman 20140521
Panda 20140521
SUPERAntiSpyware 20140520
Symantec 20140521
TheHacker 20140520
TotalDefense 20140520
TrendMicro 20140521
VBA32 20140520
ViRobot 20140521
Zillya 20140520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-20 16:57:56
Entry Point 0x0001C230
Number of sections 5
PE sections
PE imports
RegOpenKeyExW
GetOpenFileNameA
GetStockObject
CreateFileA
GetWindowsDirectoryA
lstrcatA
VirtualAlloc
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
SetFocus
RedrawWindow
GetParent
ReleaseDC
EndDialog
ShowWindow
SetWindowPos
SendDlgItemMessageA
CharLowerA
IsWindow
GetWindowRect
EnableWindow
PostMessageA
LoadCursorW
EnumChildWindows
SetWindowLongA
DialogBoxParamA
GetSysColor
GetDC
SystemParametersInfoA
wsprintfA
GetClientRect
GetDlgItem
ScreenToClient
InvalidateRect
GetWindowLongA
LoadIconA
CopyRect
LoadImageA
CoUninitialize
CLSIDFromString
CoCreateInstance
Number of PE resources by type
RT_ICON 6
RT_DIALOG 5
RT_GROUP_ICON 2
Number of PE resources by language
ENGLISH UK 10
ARABIC IRAQ 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:20 17:57:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
109568

LinkerVersion
2.5

EntryPoint
0x1c230

InitializedDataSize
130048

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 76bd89ff3141fef1345053881797392a
SHA1 86521edeb12c01cf19137289f93efa28fba313c0
SHA256 f1c31cb58478949eaccabdc6cc4462ab68e8e189657c2f88c1ae085826ffe7a2
ssdeep
6144:XfT50b9cqFENFJzmVB6Mb+digwHk5ZRVqsqWQyF3Zl5BopmkZtcofYw1PgMwS/qU:XfT5U9bFoJOB6Y1

authentihash 9e227f24db6f30cc7a9cf8e2dca8e8dde3792e01de14bc8d5c93a946e4e02dad
imphash 980fe626ba3b4a7316ebdbb6fa88b205
File size 234.5 KB ( 240128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-20 20:28:19 UTC ( 3 years, 5 months ago )
Last submission 2017-03-17 18:44:00 UTC ( 7 months, 1 week ago )
File names c-748f4-4053-1400624042
f1c31cb58478949eaccabdc6cc4462ab68e8e189657c2f88c1ae085826ffe7a2.exe
Court_Notice_May-20_Date_EN-RM_2014_exe
76bd89ff3141fef1345053881797392a.exe
008084326
court_notice_may-20_date_en-rm_2014.exe
file-7013108_exe
Court_Notice_May-20_Date_EN-RM_2014.exe
f1c31cb58478949eaccabdc6cc4462ab68e8e189657c2f88c1ae085826ffe7a2.bin
nabomjak.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs