× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 330d7cea4ac7893cbf6dc14527f4adb368be3e0df2924f85c103c57e5ae3b50c
File name: sp39384.exe
Detection ratio: 0 / 66
Analysis date: 2018-06-09 02:06:02 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180609
AegisLab 20180609
AhnLab-V3 20180608
Alibaba 20180608
ALYac 20180609
Antiy-AVL 20180609
Arcabit 20180609
Avast 20180609
Avast-Mobile 20180608
AVG 20180609
Avira (no cloud) 20180609
AVware 20180609
Babable 20180406
Baidu 20180608
BitDefender 20180609
Bkav 20180608
CAT-QuickHeal 20180609
ClamAV 20180608
CMC 20180608
Comodo 20180609
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180609
DrWeb 20180609
eGambit 20180609
Emsisoft 20180609
Endgame 20180507
ESET-NOD32 20180609
F-Prot 20180609
F-Secure 20180609
Fortinet 20180609
GData 20180609
Sophos ML 20180601
Jiangmin 20180609
K7AntiVirus 20180608
K7GW 20180609
Kaspersky 20180609
Kingsoft 20180609
Malwarebytes 20180609
MAX 20180609
McAfee 20180609
McAfee-GW-Edition 20180608
Microsoft 20180609
eScan 20180609
NANO-Antivirus 20180609
Palo Alto Networks (Known Signatures) 20180609
Panda 20180608
Qihoo-360 20180609
Rising 20180609
SentinelOne (Static ML) 20180225
Sophos AV 20180609
SUPERAntiSpyware 20180609
Symantec 20180608
Symantec Mobile Insight 20180605
TACHYON 20180608
Tencent 20180609
TheHacker 20180608
TotalDefense 20180608
TrendMicro 20180609
TrendMicro-HouseCall 20180609
Trustlook 20180609
VBA32 20180608
VIPRE 20180609
ViRobot 20180608
Webroot 20180609
Yandex 20180608
Zillya 20180608
ZoneAlarm by Check Point 20180609
Zoner 20180609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Oxford Serial/Parallel PCI Card Driver
Original name stub32i.exe
Internal name stub32
File version 6.5.1.5-A-4
Description This package provides the Oxford Serial/Parallel PCI Card Dr
Comments
Signature verification Signed file, verified signature
Signing date 9:12 PM 5/22/2008
Signers
[+] Hewlett Packard
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer Thawte Code Signing CA
Valid from 1:00 AM 5/18/2007
Valid to 12:59 AM 5/17/2009
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 65D1E0BE53FFEBE44890DA434D0478B6698D46DA
Serial number 32 DE 8A CF BF 4E C2 67 99 4A 78 A0 4A 48 BA CD
[+] Thawte Code Signing CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Premium Server CA
Valid from 1:00 AM 8/6/2003
Valid to 12:59 AM 8/6/2013
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F
Serial number 0A
[+] thawte
Status Valid
Issuer Thawte Premium Server CA
Valid from 1:00 AM 8/1/1996
Valid to 12:59 AM 1/1/2021
Valid usage Server Auth, Code Signing
Algorithm md5RSA
Thumbprint 627F8D7827656399D27D7F9044C9FEB3F33EFA9A
Serial number 01
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT CAB
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-08-02 07:01:18
Entry Point 0x00008AF7
Number of sections 4
PE sections
Overlays
MD5 05dcba398a3f4c3bc40847f92e6723c3
File type data
Offset 290816
Size 526224
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetObjectA
TextOutA
CreateCompatibleDC
DeleteDC
SetBkMode
GetTextExtentPointA
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
GetDeviceCaps
SelectPalette
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
EnumFontFamiliesExA
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
GetEnvironmentVariableA
LoadResource
FindClose
FormatMessageA
HeapAlloc
GetVersionExA
RemoveDirectoryA
GetPrivateProfileStringA
GetSystemDefaultLCID
MultiByteToWideChar
WritePrivateProfileSectionA
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetVersion
HeapFree
SetHandleCount
lstrcmpiA
FreeLibrary
IsBadWritePtr
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalLock
GetFileType
GetPrivateProfileSectionA
CreateFileA
ExitProcess
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetEnvironmentStrings
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
LZCopy
LZClose
LZOpenFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
MapDialogRect
DrawTextA
BeginPaint
CreateDialogIndirectParamA
CheckRadioButton
ShowWindow
SetWindowPos
SendDlgItemMessageA
IsWindow
LoadIconA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
GetSysColorBrush
IsWindowEnabled
GetWindow
GetSysColor
CheckDlgButton
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SetParent
TranslateMessage
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetNextDlgTabItem
ScreenToClient
InvalidateRect
wsprintfA
UpdateWindow
GetActiveWindow
FillRect
LoadStringA
IsDlgButtonChecked
CharNextA
SetActiveWindow
GetDesktopWindow
LoadImageA
EndPaint
GetWindowTextA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 10
RT_STRING 7
RT_ICON 4
RT_BITMAP 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.100.1332

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
221184

EntryPoint
0x8af7

OriginalFileName
stub32i.exe

MIMEType
application/octet-stream

FileVersion
6.5.1.5-A-4

TimeStamp
2002:08:02 08:01:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub32

ProductVersion
6.5.1.5-A-4

FileDescription
This package provides the Oxford Serial/Parallel PCI Card Dr

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
77824

ProductName
Oxford Serial/Parallel PCI Card Driver

ProductVersionNumber
4.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 5b6ee8d4af3430b507d50783b415689f
SHA1 eee23af02c0bf8457a11a7675347f9cce47f1826
SHA256 330d7cea4ac7893cbf6dc14527f4adb368be3e0df2924f85c103c57e5ae3b50c
ssdeep
12288:sDdUcnPYUjGDqRtLZfU+x0h+73yNPd6UFp5Y8RPcwy8fR6e1GS:sDdU+YdDqRt1M+a+yPgUhPy8hI

authentihash f57324d01bec801bcafcbc4710375de3a0ffb6ba8c5c840420db7d99374905ac
imphash d84d991d25f1d024e6888428c049c5f2
File size 797.9 KB ( 817040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo signed overlay

VirusTotal metadata
First submission 2009-06-16 17:34:03 UTC ( 9 years, 5 months ago )
Last submission 2018-05-26 16:59:01 UTC ( 5 months, 4 weeks ago )
File names 5b6ee8d4af3430b507d50783b415689f
stub32i.exe
330D7CEA4AC7893CBF6DC14527F4ADB368BE3E0DF2924F85C103C57E5AE3B50C
package.exe
sp39384.exe
stub32
sp39384[1].exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications