× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3fb021e03775aa1b59f1412558ebe4745f2b92dcc435f7690ec6f62db211955e
File name: d6da505627e66a0ccfb66af7caa7660a
Detection ratio: 0 / 68
Analysis date: 2018-09-21 18:41:46 UTC ( 5 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware 20180921
AegisLab 20180921
AhnLab-V3 20180921
Alibaba 20180921
ALYac 20180921
Antiy-AVL 20180921
Arcabit 20180921
Avast 20180921
Avast-Mobile 20180921
AVG 20180921
Avira (no cloud) 20180921
AVware 20180921
Babable 20180918
Baidu 20180914
BitDefender 20180921
Bkav 20180921
CAT-QuickHeal 20180921
ClamAV 20180921
CMC 20180921
Comodo 20180921
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180921
Cyren 20180921
DrWeb 20180921
eGambit 20180921
Emsisoft 20180921
Endgame 20180730
ESET-NOD32 20180921
F-Prot 20180921
F-Secure 20180921
Fortinet 20180921
GData 20180921
Sophos ML 20180717
Jiangmin 20180921
K7AntiVirus 20180921
K7GW 20180921
Kaspersky 20180921
Kingsoft 20180921
Malwarebytes 20180921
MAX 20180921
McAfee 20180921
McAfee-GW-Edition 20180921
Microsoft 20180921
eScan 20180921
NANO-Antivirus 20180921
Palo Alto Networks (Known Signatures) 20180921
Panda 20180921
Qihoo-360 20180921
Rising 20180921
SentinelOne (Static ML) 20180830
Sophos AV 20180921
SUPERAntiSpyware 20180907
Symantec 20180921
Symantec Mobile Insight 20180918
TACHYON 20180921
Tencent 20180921
TheHacker 20180920
TotalDefense 20180920
TrendMicro 20180921
TrendMicro-HouseCall 20180921
Trustlook 20180921
VBA32 20180921
VIPRE 20180921
ViRobot 20180921
Webroot 20180921
Yandex 20180920
Zillya 20180920
ZoneAlarm by Check Point 20180921
Zoner 20180920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Sony

Product Sony PC Companion
Original name stub32i.exe
Internal name stub32
File version 2.10.259
Description
Comments Web
Signature verification Certificate out of its validity period
Signers
[+] Sony Mobile Communications
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 11/19/2012
Valid to 12:59 AM 11/20/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 83E04BCF29D3B81DD3612C7FD29E251203CE5D3B
Serial number 2F 01 07 15 FB CC 91 34 DD 57 51 A1 99 80 16 3A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Packers identified
F-PROT PecBundle, appended, PECompact, UTF-8, Unicode, CAB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-08-02 07:01:18
Entry Point 0x00008AF7
Number of sections 4
PE sections
Overlays
MD5 fb63d8a335509daefa81713609552937
File type data
Offset 1064960
Size 27619464
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetObjectA
TextOutA
CreateCompatibleDC
DeleteDC
SetBkMode
GetTextExtentPointA
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
GetDeviceCaps
SelectPalette
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
EnumFontFamiliesExA
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
GetEnvironmentVariableA
LoadResource
FindClose
FormatMessageA
HeapAlloc
GetVersionExA
RemoveDirectoryA
GetPrivateProfileStringA
GetSystemDefaultLCID
MultiByteToWideChar
WritePrivateProfileSectionA
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetVersion
HeapFree
SetHandleCount
lstrcmpiA
FreeLibrary
IsBadWritePtr
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalLock
GetFileType
GetPrivateProfileSectionA
CreateFileA
ExitProcess
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetEnvironmentStrings
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
LZCopy
LZClose
LZOpenFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
MapDialogRect
DrawTextA
BeginPaint
CreateDialogIndirectParamA
CheckRadioButton
ShowWindow
SetWindowPos
SendDlgItemMessageA
IsWindow
LoadIconA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
GetSysColorBrush
IsWindowEnabled
GetWindow
GetSysColor
CheckDlgButton
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SetParent
TranslateMessage
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetNextDlgTabItem
ScreenToClient
InvalidateRect
wsprintfA
UpdateWindow
GetActiveWindow
FillRect
LoadStringA
IsDlgButtonChecked
CharNextA
SetActiveWindow
GetDesktopWindow
LoadImageA
EndPaint
GetWindowTextA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 10
RT_STRING 7
RT_ICON 5
RT_BITMAP 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 26
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Web

InitializedDataSize
995328

ImageVersion
0.0

ProductName
Sony PC Companion

FileVersionNumber
4.1.100.1332

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
stub32i.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.10.259

TimeStamp
2002:08:02 08:01:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub32

ProductVersion
2.10.259

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Sony

MachineType
Intel 386 or later, and compatibles

CompanyName
Sony Mobile Communications

CodeSize
77824

FileSubtype
0

ProductVersionNumber
4.1.0.0

EntryPoint
0x8af7

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 d6da505627e66a0ccfb66af7caa7660a
SHA1 f56d22355d2b499dee0e08a759b05c9078ecdc30
SHA256 3fb021e03775aa1b59f1412558ebe4745f2b92dcc435f7690ec6f62db211955e
ssdeep
786432:Bkhpmkh5YyKGRkt+JV2YdEtwCuBf+8FPFW05KAymxh:B0plhO3Ywww8KLt4h

authentihash 328c060c88d4a5c22535d592c245aa526fcf775c69df4cf0f6e25c0ec8588cd9
imphash d84d991d25f1d024e6888428c049c5f2
File size 27.4 MB ( 28684424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
pecompact peexe via-tor signed overlay

VirusTotal metadata
First submission 2015-05-04 05:48:53 UTC ( 3 years, 10 months ago )
Last submission 2018-09-21 18:41:46 UTC ( 5 months, 4 weeks ago )
File names Sony PC Companion_Web.exe
Sony PC Companion_Web.exe
pcc.exe
678484
Sony PC Companion_2.10.259_Web_I.exe
stub32i.exe
sony pc companion_web.exe
filename
Sony_PC_Companion_Web_2.10.259.exe
setup.exe
Sony PC Companion_Web.exe
Sony PC Companion_4.1.100.1332.exe
Adobe Reader X.lnk.exe
Sony PC Companion_Web.exe
SonyPCCompanion_2.10.259.exe
625-Sony_PC_Companion_Web.exe
Sony PC Companion_Web.exe
pcc.exe
329-Sony%20PC%20Companion_Web.exe
Sony%20PC%20Companion_4.1.100.1332.exe
pcc.exe
Sony%20PC%20Companion_2.10.259_Web.exe
Sony%20PC%20Companion_2.10.259_Web_I.exe
Sony%20PC%20Companion_Web.exe
SonyPCCompanion_Web.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!