× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46e2cc5c0a400de175e6ab8e503fdc8a9d3671af03e0775da4a853f0be4d7fe7
File name: NStllStb
Detection ratio: 0 / 68
Analysis date: 2018-09-12 13:13:45 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware 20180912
AegisLab 20180912
AhnLab-V3 20180912
Alibaba 20180713
ALYac 20180912
Antiy-AVL 20180912
Arcabit 20180912
Avast 20180912
Avast-Mobile 20180912
AVG 20180912
Avira (no cloud) 20180912
AVware 20180912
Babable 20180907
Baidu 20180912
BitDefender 20180912
Bkav 20180912
CAT-QuickHeal 20180912
ClamAV 20180912
CMC 20180912
Comodo 20180912
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180912
Cyren 20180912
DrWeb 20180912
eGambit 20180912
Emsisoft 20180912
Endgame 20180730
ESET-NOD32 20180912
F-Prot 20180912
F-Secure 20180912
Fortinet 20180912
GData 20180912
Ikarus 20180912
Sophos ML 20180717
Jiangmin 20180912
K7AntiVirus 20180912
K7GW 20180912
Kaspersky 20180912
Kingsoft 20180912
Malwarebytes 20180912
MAX 20180912
McAfee 20180912
McAfee-GW-Edition 20180912
Microsoft 20180912
eScan 20180912
NANO-Antivirus 20180912
Palo Alto Networks (Known Signatures) 20180912
Panda 20180912
Qihoo-360 20180912
Rising 20180912
SentinelOne (Static ML) 20180830
Sophos AV 20180912
SUPERAntiSpyware 20180907
Symantec 20180912
Symantec Mobile Insight 20180911
TACHYON 20180912
Tencent 20180912
TheHacker 20180907
TotalDefense 20180912
TrendMicro 20180912
TrendMicro-HouseCall 20180912
Trustlook 20180912
VBA32 20180912
VIPRE 20180912
ViRobot 20180912
Webroot 20180912
Yandex 20180910
Zillya 20180911
ZoneAlarm by Check Point 20180912
Zoner 20180912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998 NStall Company

Product NStall Company Self-Extractor
Original name NStllStb.stb
Internal name NStllStb
File version 2, 2, 0, 2
Description Self-Extracting Installer
Comments This product incorporates compression code from the Info-ZIP group. There are no extra costs due to the use of the Info-ZIP code in this product. The Info-Zip sources are freely available at http://www.cdrom.com/pub/infozip
Packers identified
F-PROT ZIP
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-08-24 00:42:57
Entry Point 0x00010ED0
Number of sections 4
PE sections
Overlays
MD5 030854943e6e30c0377e386b1da8d41f
File type application/zip
Offset 124416
Size 941972
Entropy 7.99
PE imports
AdjustTokenPrivileges
IsValidAcl
LookupPrivilegeValueA
OpenProcessToken
GetKernelObjectSecurity
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
IsValidSid
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
GetCurrentProcess
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
InitializeCriticalSection
FindClose
HeapAlloc
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
_lclose
SetFileAttributesA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GlobalLock
GetProcessHeap
CompareStringW
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
FindNextFileA
GetProcAddress
GetTimeZoneInformation
GetFileType
SetVolumeLabelA
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
OpenFile
FileTimeToLocalFileTime
GetEnvironmentStrings
SetFileTime
GetCurrentDirectoryA
GetCommandLineA
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
CreateProcessA
WideCharToMultiByte
HeapCreate
VirtualFree
VirtualAlloc
wsprintfA
MessageBoxA
OemToCharA
LoadStringA
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This product incorporates compression code from the Info-ZIP group. There are no extra costs due to the use of the Info-ZIP code in this product. The Info-Zip sources are freely available at http://www.cdrom.com/pub/infozip

LinkerVersion
5.11

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Self-Extracting Installer

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
40448

EntryPoint
0x10ed0

OriginalFileName
NStllStb.stb

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998 NStall Company

FileVersion
2, 2, 0, 2

TimeStamp
1998:08:24 01:42:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NStllStb

ProductVersion
2, 2, 0, 2

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NStall Company

CodeSize
91648

ProductName
NStall Company Self-Extractor

ProductVersionNumber
2.2.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 62a97632aeaa5705c154afb43cb5b550
SHA1 e1cc12993eeeb688880636c2e7bc1d1cfa5b1f62
SHA256 46e2cc5c0a400de175e6ab8e503fdc8a9d3671af03e0775da4a853f0be4d7fe7
ssdeep
24576:uDJKZuSEjneaWMhMCVqsOFjzJveUQdCadkxn1f6o:JutDrMCVa3v0PkN3

authentihash 63639412a0b6c2add1c7df7504ffe39b9c143af1416a39c4960bb70e45b62780
imphash 3616745c6320dea65e84663e7be78b24
File size 1.0 MB ( 1066388 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe installshield overlay software-collection

VirusTotal metadata
First submission 2013-08-15 02:03:37 UTC ( 5 years, 5 months ago )
Last submission 2015-08-28 19:01:37 UTC ( 3 years, 4 months ago )
File names NStllStb.stb
46E2CC5C0A400DE175E6AB8E503FDC8A9D3671AF03E0775DA4A853F0BE4D7FE7
file
NStllStb
file
PUdemo.exe
1360252228-PUdemo.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.