× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f4e609829f30009bf9a8a6dd432a1d6e1ed1f0ad5d25abc9d06b3df700ca371b
File name: gxwhoiqm.exe
Detection ratio: 27 / 49
Analysis date: 2014-04-01 14:15:57 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1627712 20140401
AhnLab-V3 Backdoor/Win32.Androm 20140401
AntiVir TR/Kuluoz.A.71 20140401
Antiy-AVL Worm/Win32.AutoRun 20140401
Avast Win32:Trojan-gen 20140401
AVG Luhe.Fiha.A 20140401
BitDefender Trojan.GenericKD.1627712 20140401
Commtouch W32/Trojan.NXPN-0725 20140401
DrWeb BackDoor.Kuluoz.4 20140401
Emsisoft Trojan.GenericKD.1627712 (B) 20140401
ESET-NOD32 Win32/TrojanDownloader.Zortob.B 20140401
F-Prot W32/Trojan3.HYE 20140401
F-Secure Gen:Variant.Kazy.361173 20140401
Fortinet W32/Lockscreen.LOA!tr 20140331
GData Trojan.GenericKD.1627712 20140401
Ikarus Trojan-Spy.Zbot 20140401
Kaspersky Backdoor.Win32.Androm.drfl 20140401
Malwarebytes Trojan.Inject 20140401
McAfee PWS-Zbot-FATG!D185A21BF355 20140401
McAfee-GW-Edition PWS-Zbot-FATG!D185A21BF355 20140401
Microsoft TrojanDownloader:Win32/Kuluoz.D 20140401
eScan Trojan.GenericKD.1627712 20140401
Qihoo-360 HEUR/Malware.QVM20.Gen 20140401
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140331
Symantec Trojan.Fakeavlock 20140401
TrendMicro-HouseCall TROJ_GEN.R0CBB01D114 20140401
VIPRE Trojan.Win32.Generic!BT 20140401
AegisLab 20140401
Yandex 20140331
Baidu-International 20140401
Bkav 20140401
ByteHero 20140401
CAT-QuickHeal 20140401
ClamAV 20140401
CMC 20140331
Comodo 20140401
Jiangmin 20140401
K7AntiVirus 20140401
K7GW 20140401
Kingsoft 20130829
NANO-Antivirus 20140331
Norman 20140401
nProtect 20140401
Panda 20140401
Sophos 20140401
SUPERAntiSpyware 20140401
TheHacker 20140401
TotalDefense 20140401
TrendMicro 20140401
VBA32 20140401
ViRobot 20140331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Comments This installation was built with.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-31 17:04:27
Entry Point 0x000047B0
Number of sections 6
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExW
GetStockObject
LocalFree
GetCurrentProcess
SetUnhandledExceptionFilter
CreateThread
LocalAlloc
GetCurrentProcessId
GetCommandLineW
FreeLibrary
QueryPerformanceCounter
UnhandledExceptionFilter
CreateJobObjectW
ExitProcess
GetStartupInfoW
GetSystemTimeAsFileTime
GetTickCount
lstrcmpiW
VirtualAlloc
GetCurrentThreadId
GetSystemMetrics
LoadIconW
LoadCursorA
LoadIconA
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with.

InitializedDataSize
31232

ImageVersion
0.0

FileVersionNumber
1.6.0.166

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.5

MIMEType
application/octet-stream

TimeStamp
2014:03:31 18:04:27+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
103936

FileSubtype
0

ProductVersionNumber
1.6.0.166

EntryPoint
0x47b0

ObjectFileType
Executable application

File identification
MD5 d185a21bf355ad67b8e75e0ecb28acb8
SHA1 b2d26cf096fc081f92e5a633d334d9cb816d4c4d
SHA256 f4e609829f30009bf9a8a6dd432a1d6e1ed1f0ad5d25abc9d06b3df700ca371b
ssdeep
1536:7IobvMCj3t+SZGijlfD4DB7YIQ3y5HTdFZNhoakFcoO3HgZdzlUMWO+85uTKx:71MCXhcN7YIQk1ps+MWOuTKx

authentihash 0a3c3771dbd1571d4d1dd1ebb33d9095be83278081762a9f4076f6f6bd44f9d4
imphash 22b3f0f6c3c0fd2943d52cb34eae442f
File size 132.5 KB ( 135680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-31 20:33:41 UTC ( 3 years, 1 month ago )
Last submission 2015-04-17 21:30:29 UTC ( 2 years, 1 month ago )
File names Court_Notice_Copy.exe
gxwhoiqm.exe
court_notice_copy.exe
file-6812370_exe
mgsinnss.exe
d185a21bf355ad67b8e75e0ecb28acb8.exe
c41.exe
c-7a77d-2753-1396303381
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs