× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c65c412f6c24cd948b298510a3791c4fa04721953fd21555224081e87dabc75
File name: Intel810win9xe67.exe
Detection ratio: 0 / 67
Analysis date: 2018-06-08 21:15:03 UTC ( 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180608
AegisLab 20180608
AhnLab-V3 20180608
Alibaba 20180608
ALYac 20180608
Antiy-AVL 20180608
Arcabit 20180608
Avast 20180608
Avast-Mobile 20180608
AVG 20180608
Avira (no cloud) 20180608
AVware 20180608
Babable 20180406
Baidu 20180608
BitDefender 20180608
Bkav 20180608
CAT-QuickHeal 20180608
ClamAV 20180608
CMC 20180608
Comodo 20180608
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180608
Cyren 20180608
DrWeb 20180608
eGambit 20180608
Emsisoft 20180608
Endgame 20180507
ESET-NOD32 20180608
F-Prot 20180608
F-Secure 20180608
Fortinet 20180608
GData 20180608
Ikarus 20180608
Sophos ML 20180601
Jiangmin 20180608
K7AntiVirus 20180608
K7GW 20180608
Kaspersky 20180608
Kingsoft 20180608
Malwarebytes 20180608
MAX 20180608
McAfee 20180608
McAfee-GW-Edition 20180608
Microsoft 20180608
eScan 20180608
NANO-Antivirus 20180608
Palo Alto Networks (Known Signatures) 20180608
Panda 20180608
Qihoo-360 20180608
Rising 20180608
SentinelOne (Static ML) 20180225
Sophos AV 20180608
SUPERAntiSpyware 20180608
Symantec 20180608
TACHYON 20180608
Tencent 20180608
TheHacker 20180608
TotalDefense 20180608
TrendMicro 20180608
TrendMicro-HouseCall 20180608
Trustlook 20180608
VBA32 20180608
VIPRE 20180608
ViRobot 20180608
Webroot 20180608
Yandex 20180608
ZoneAlarm by Check Point 20180608
Zoner 20180608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) Intel Corporation, 1998-2001

Product Intel(R) Chipset Chipset Graphics Driver Software
Original name stub32i.exe
Internal name stub32i.exe
File version 4.13.01.3196
Description Package 810/810E/815/815E/815EM
Packers identified
F-PROT CAB, MSLZ
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-03-27 18:09:58
Entry Point 0x000083F7
Number of sections 4
PE sections
Overlays
MD5 34a75c91c4d4ac3a53bc9987b4ff1c1b
File type data
Offset 163840
Size 4555021
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetDeviceCaps
GetObjectA
CreateCompatibleDC
DeleteDC
SetBkMode
GetTextExtentPointA
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
TextOutA
EnumFontFamiliesExA
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
LoadResource
FindClose
FormatMessageA
HeapAlloc
RemoveDirectoryA
GetPrivateProfileStringA
GetSystemDefaultLCID
MultiByteToWideChar
WritePrivateProfileSectionA
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetVersion
HeapFree
SetHandleCount
lstrcmpiA
FreeLibrary
IsBadWritePtr
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalLock
GetFileType
GetPrivateProfileSectionA
CreateFileA
ExitProcess
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetEnvironmentStrings
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
LZCopy
LZClose
LZOpenFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
MapDialogRect
DrawTextA
BeginPaint
CharNextA
CreateDialogIndirectParamA
CheckRadioButton
ShowWindow
SetWindowPos
SendDlgItemMessageA
IsWindow
LoadIconA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
GetWindowLongA
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
SetActiveWindow
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SetParent
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetNextDlgTabItem
ScreenToClient
InvalidateRect
wsprintfA
UpdateWindow
GetActiveWindow
FillRect
IsDlgButtonChecked
GetSysColorBrush
GetDesktopWindow
LoadImageA
EndPaint
GetWindowTextA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 9
RT_STRING 7
RT_ICON 4
RT_BITMAP 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 24
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.11.15.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
98304

EntryPoint
0x83f7

OriginalFileName
stub32i.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Intel Corporation, 1998-2001

FileVersion
4.13.01.3196

TimeStamp
2000:03:27 19:09:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub32i.exe

ProductVersion
4.13.01.3196

FileDescription
Package 810/810E/815/815E/815EM

OSVersion
4.0

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intel Corporation

CodeSize
69632

ProductName
Intel(R) Chipset Chipset Graphics Driver Software

ProductVersionNumber
2.11.15.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 9747bde1c7c21d94b30e271a22c461e1
SHA1 58f3ae305d41b7b151eee5882594cb1d9ab6dcf5
SHA256 2c65c412f6c24cd948b298510a3791c4fa04721953fd21555224081e87dabc75
ssdeep
98304:1FYhIGKSlkvhGGYt/dKJIc30PmI1MWULU0WqMZyafD/Q+V:1FYhpykZ/dw0P/M7LU/qOyCD/r

authentihash 570cc6bb9efa2db44474962719d6fd89666f8cc2af1dfdd0a04fb97db0e3f9c9
imphash 690c9e79bb34f8d71799aa65a51d3c5d
File size 4.5 MB ( 4718861 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2010-08-25 19:40:20 UTC ( 7 years, 10 months ago )
Last submission 2018-05-26 12:06:01 UTC ( 4 weeks ago )
File names win9xe67.exe
win9xe67.exe
stub32i.exe
Intel810win9xe67.exe
2C65C412F6C24CD948B298510A3791C4FA04721953FD21555224081E87DABC75
win9xe67.exe
win9xe67.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs