× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05782ab05d385b97b15a347aebf031e597505962d1aaa9d15fe69e762e6c0329
File name: Dhl_Status___1.exe
Detection ratio: 42 / 55
Analysis date: 2015-04-17 15:25:56 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2253663 20150418
Yandex Trojan.Inject!yDg87XKe1/A 20150417
AhnLab-V3 Trojan/Win32.ZBot 20150417
Antiy-AVL Trojan/Win32.Inject 20150417
Avast Win32:Emotet-O [Trj] 20150418
AVG Inject2.BVJX 20150418
AVware Trojan.Win32.Generic!BT 20150418
Baidu-International Trojan.Win32.Inject.uqbn 20150417
BitDefender Trojan.GenericKD.2253826 20150418
ByteHero Virus.Win32.Heur.p 20150418
CAT-QuickHeal Trojan.Inject.r3 20150417
Cyren W32/Trojan.DOSS-2259 20150418
DrWeb Trojan.Emotet.63 20150418
Emsisoft Trojan.GenericKD.2253826 (B) 20150418
ESET-NOD32 a variant of Win32/Injector.BXDL 20150418
F-Secure Trojan:W32/Agent.DWDV 20150417
Fortinet W32/Inject.UQBN!tr 20150418
GData Trojan.GenericKD.2253663 20150418
Ikarus Trojan.Win32.Injector 20150417
Jiangmin Trojan/Inject.bsvu 20150417
K7AntiVirus Trojan ( 004bad641 ) 20150417
K7GW Trojan ( 004bad641 ) 20150417
Kaspersky Trojan.Win32.Inject.uqbn 20150417
Malwarebytes Backdoor.Bot 20150418
McAfee Trojan-FGBR!5360AC32F80B 20150418
McAfee-GW-Edition BehavesLike.Win32.VBObfus.ch 20150417
Microsoft Trojan:Win32/Emotet.G 20150418
eScan Trojan.GenericKD.2253663 20150418
NANO-Antivirus Trojan.Win32.Inject.dpwoxg 20150417
Norman VBKrypt.VBP 20150417
nProtect Trojan.GenericKD.2253663 20150417
Panda Trj/Genetic.gen 20150417
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150418
Sophos AV Troj/Mdrop-GPW 20150418
Symantec Trojan.Zbot 20150417
Tencent Trojan.Win32.Qudamah.Gen.17 20150418
TrendMicro TSPY_EMOTET.CG 20150418
TrendMicro-HouseCall TSPY_EMOTET.CG 20150418
VBA32 Trojan.Inject 20150417
VIPRE Trojan.Win32.Generic!BT 20150418
ViRobot Trojan.Win32.U.Zbot.149691[h] 20150417
Zillya Trojan.Inject.Win32.161658 20150417
AegisLab 20150418
Alibaba 20150418
Bkav 20150417
ClamAV 20150417
CMC 20150416
Comodo 20150418
F-Prot 20150418
Kingsoft 20150418
Rising 20150417
SUPERAntiSpyware 20150417
TheHacker 20150417
TotalDefense 20150417
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Joyee Flynn has 101 books on Goodreads with 62958 ratings. Joyee Flynn's most popular series is Marius World.

Product Goodreads
Original name Callstb.exe
Internal name Callstb
File version 1.00.0056
Description Joyee Flynn writes paranormal erotic romance full of hot men who desire nothing more than each other.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-27 04:40:04
Entry Point 0x00001524
Number of sections 3
PE sections
Overlays
MD5 757075d0a3b0cfc95cffbdcb7f1d86f0
File type data
Offset 98304
Size 51387
Entropy 7.95
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaVarAnd
__vbaRedim
Ord(537)
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaAryCopy
__vbaFreeStr
Ord(631)
Ord(588)
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
__vbaRedimPreserve
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarTstLt
__vbaFreeVar
__vbaLbound
__vbaFileOpen
__vbaUI1I2
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaChkstk
__vbaVarNeg
__vbaPrintFile
Ord(570)
__vbaAryUnlock
__vbaVarAbs
__vbaStrVarCopy
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaVarSub
_CIcos
__vbaVarMove
__vbaFPInt
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
_adj_fdiv_m32
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaUI1I4
_CIsin
_CIsqrt
_CIatan
__vbaVarDiv
__vbaLateMemCall
_CIexp
_CItan
__vbaFpI4
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
MIXTYPE 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
FINNISH DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Joyee Flynn has 101 books on Goodreads with 62958 ratings. Joyee Flynn's most popular series is Marius World.

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.56

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Joyee Flynn writes paranormal erotic romance full of hot men who desire nothing more than each other.

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x1524

OriginalFileName
Callstb.exe

MIMEType
application/octet-stream

LegalCopyright
Joyee Flynn has 101 books on Goodreads with 62958 ratings. Joyee Flynn's most popular series is Marius World.

FileVersion
1.00.0056

TimeStamp
2015:03:27 05:40:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Callstb

ProductVersion
1.00.0056

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
69632

ProductName
Goodreads

ProductVersionNumber
1.0.0.56

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 5360ac32f80b7e175610e034f1ccb4d0
SHA1 5aad62e137b1b45dbf3d991ff53fbef37aa38eb8
SHA256 05782ab05d385b97b15a347aebf031e597505962d1aaa9d15fe69e762e6c0329
ssdeep
3072:HplUAko8BU1srEict0pMEkQ8qUBs2EQcj0V39v20ekg8hUMs+EFcJ0LMekg8YU53:/UAko8BU1srEict0pMEkQ8qUBs2EQcjG

authentihash 2409f1a90ada5dd447747c4945ae60eec753222dbfa5f45b0828aabad51f021b
imphash 874531095e2dca7fb0ab5c1856be575f
File size 146.2 KB ( 149691 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-27 08:58:02 UTC ( 4 years, 1 month ago )
Last submission 2016-05-28 19:15:20 UTC ( 2 years, 11 months ago )
File names Callstb.exe
Dhl_Status___1.exe
Dhl_Status___00046__701029_182704____sendungsnummer___00340433836295436788_lang___de___03_2015.exe.txt
Dhl_Status___00046__701029_182704____sendungsnummer___00340433836295436788_lang___de___03_2015.exe
Dhl_Status___00046__701029_182704____sendungsnummer___00340433836295436788_lang___de___03_2015.exe
Callstb
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!