× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 32fe464abf6af046f859aab0e4ec9a6316dc267769840d6f98e011daccaf07ac
File name: 7fb639b03c759a27dcb20c06ffe24782a8c2154c
Detection ratio: 31 / 56
Analysis date: 2016-11-24 13:33:42 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.207899 20161124
AegisLab Troj.W32.Gen.mein 20161124
ALYac Gen:Variant.Zusy.207899 20161124
Arcabit Trojan.Zusy.D32C1B 20161124
Avast Win32:Malware-gen 20161124
AVG Atros4.AZBT 20161124
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9983 20161124
BitDefender Gen:Variant.Zusy.207899 20161124
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/S-e4cbebab!Eldorado 20161124
DrWeb BackDoor.Bladabindi.13678 20161124
Emsisoft Gen:Variant.Zusy.207899 (B) 20161124
ESET-NOD32 a variant of MSIL/Kryptik.HMC 20161124
F-Prot W32/S-e4cbebab!Eldorado 20161124
F-Secure Gen:Variant.Zusy.207899 20161124
Fortinet MSIL/Kryptik.HMC!tr 20161124
GData Gen:Variant.Zusy.207899 20161124
Ikarus Trojan-Downloader.Agent 20161124
Sophos ML trojan.win32.dacic.a!rfn 20161018
Jiangmin Trojan.MSIL.edzw 20161124
Kaspersky HEUR:Trojan.Win32.Generic 20161124
McAfee Trojan-FJMX!8D3A4E28D80D 20161124
McAfee-GW-Edition Trojan-FJMX!8D3A4E28D80D 20161124
eScan Gen:Variant.Zusy.207899 20161124
NANO-Antivirus Trojan.Win32.Bladabindi.ehggit 20161124
Panda Trj/GdSda.A 20161123
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20161124
Sophos AV Mal/Generic-S 20161124
Symantec Heur.AdvML.B 20161124
Tencent Win32.Trojan.Generic.Ebqw 20161124
TrendMicro TROJ_GEN.R072C0PKN16 20161124
AhnLab-V3 20161124
Alibaba 20161124
Antiy-AVL 20161124
Avira (no cloud) 20161124
AVware 20161124
Bkav 20161124
CAT-QuickHeal 20161124
ClamAV 20161124
CMC 20161124
Comodo 20161124
K7AntiVirus 20161124
K7GW 20161124
Kingsoft 20161124
Malwarebytes 20161124
Microsoft 20161124
nProtect 20161124
Rising 20161124
SUPERAntiSpyware 20161124
TheHacker 20161124
TotalDefense 20161124
Trustlook 20161124
VBA32 20161124
VIPRE 20161124
ViRobot 20161124
WhiteArmor 20161018
Yandex 20161123
Zillya 20161123
Zoner 20161124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product vSTub
Original name vSTub.exe
Internal name vSTub.exe
File version 1.0.0.0
Description vSTub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-18 03:17:38
Entry Point 0x000184AE
Number of sections 3
.NET details
Module Version ID d5218256-6b4b-40f6-8645-c77d0086060a
TypeLib ID 5714ae22-6010-4c42-84b8-b79f11f7876e
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
13312

ImageVersion
0.0

ProductName
vSTub

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
vSTub

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
vSTub.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2016:11:18 04:17:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
vSTub.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2016

MachineType
Intel 386 or later, and compatibles

CodeSize
91648

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x184ae

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 8d3a4e28d80de95cd4b4f6f96f40c0bc
SHA1 7fb639b03c759a27dcb20c06ffe24782a8c2154c
SHA256 32fe464abf6af046f859aab0e4ec9a6316dc267769840d6f98e011daccaf07ac
ssdeep
1536:xRFb2kX7cAlqRnNg1kg+iyOximkrst/5tnTDWvX:xuII2qRn3gRyfLYtht/C

authentihash df993e06f632acbf9397d5701fdac60d4da7024fe0114d18b9e4411f7e647aa3
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 103.0 KB ( 105472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-11-24 13:33:42 UTC ( 2 years, 2 months ago )
Last submission 2017-02-02 01:29:49 UTC ( 2 years ago )
File names vSTub.exe
32fe464abf6af046f859aab0e4ec9a6316dc267769840d6f98e011daccaf07ac
SetupSkype.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications