× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46f5003c2bd34176cc2c9fc2f927f6341d30602f691faced0ab54b83c7352672
File name: tzagdemo.exe
Detection ratio: 1 / 69
Analysis date: 2018-10-05 00:37:12 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
Zillya Backdoor.Ramnit.Win32.6873 20181003
Ad-Aware 20181005
AegisLab 20181004
AhnLab-V3 20181004
Alibaba 20180921
ALYac 20181004
Antiy-AVL 20181005
Arcabit 20181004
Avast 20181005
Avast-Mobile 20181004
AVG 20181005
Avira (no cloud) 20181004
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181004
Bkav 20181003
CAT-QuickHeal 20181004
ClamAV 20181004
CMC 20181004
Comodo 20181005
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181005
Cyren 20181005
DrWeb 20181005
eGambit 20181005
Emsisoft 20181005
Endgame 20180730
ESET-NOD32 20181005
F-Prot 20181005
F-Secure 20181004
Fortinet 20181005
GData 20181005
Ikarus 20181004
Sophos ML 20180717
Jiangmin 20181004
K7AntiVirus 20181004
K7GW 20181003
Kaspersky 20181005
Kingsoft 20181005
Malwarebytes 20181005
MAX 20181005
McAfee 20181005
McAfee-GW-Edition 20181004
Microsoft 20181004
eScan 20181005
NANO-Antivirus 20181005
Palo Alto Networks (Known Signatures) 20181005
Panda 20181004
Qihoo-360 20181005
Rising 20181005
SentinelOne (Static ML) 20180926
Sophos AV 20181004
SUPERAntiSpyware 20181004
Symantec 20181004
Symantec Mobile Insight 20181001
TACHYON 20181005
Tencent 20181005
TheHacker 20181001
TotalDefense 20181004
TrendMicro 20181004
TrendMicro-HouseCall 20181005
Trustlook 20181005
VBA32 20181004
VIPRE 20181005
ViRobot 20181004
Webroot 20181005
Yandex 20181004
ZoneAlarm by Check Point 20181004
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996 InstallShield Software Corporation

Product PackageForTheWeb Stub
Original name STUB32.EXE
Internal name STUB.EXE
File version 2.02.001
Description PackageForTheWeb Stub
Packers identified
F-PROT CAB, appended, embedded
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-03-26 14:31:20
Entry Point 0x0000C110
Number of sections 5
PE sections
Overlays
MD5 95a390bd3bc16eab1c369bda713e8839
File type data
Offset 130560
Size 14898506
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
PropertySheetA
Ord(17)
GetDeviceCaps
GetObjectA
SetBkMode
TextOutA
CreateFontIndirectA
SelectObject
GetTextExtentPointA
DeleteObject
SetTextColor
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
LCMapStringW
LoadResource
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
FreeLibrary
LCMapStringA
HeapDestroy
ExitProcess
CreateDirectoryA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
RemoveDirectoryA
GetACP
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetPrivateProfileStringA
FreeEnvironmentStringsW
GetFileSize
lstrcatA
LockResource
SetFileTime
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
MultiByteToWideChar
SetHandleCount
GetModuleFileNameA
GetProcAddress
GetFileType
SetStdHandle
lstrlenA
GetTempPathA
CloseHandle
GetCPInfo
MapViewOfFile
GetStringTypeA
SetFilePointer
lstrcmpA
ReadFile
GetCommandLineA
WriteFile
GetCurrentProcess
FindFirstFileA
CompareStringA
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetOEMCP
TerminateProcess
CreateProcessA
WideCharToMultiByte
UnhandledExceptionFilter
UnmapViewOfFile
lstrcpyA
VirtualFree
LocalFileTimeToFileTime
FindClose
Sleep
FormatMessageA
CreateFileA
HeapAlloc
GetVersion
FindResourceA
VirtualAlloc
HeapCreate
GetModuleHandleA
MulDiv
LZCopy
LZClose
LZOpenFileA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SetFocus
MapWindowPoints
GetParent
SystemParametersInfoA
EndDialog
KillTimer
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
IsCharAlphaA
TranslateMessage
DialogBoxParamA
GetWindow
GetSysColor
GetDC
SetWindowLongA
ReleaseDC
SetWindowTextA
GetWindowLongA
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
wsprintfA
SetTimer
LoadStringA
CharNextA
GetDesktopWindow
GetClassNameA
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 5
RT_GROUP_ICON 2
RTF 1
AVI 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 23
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.5.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PackageForTheWeb Stub

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
75776

EntryPoint
0xc110

OriginalFileName
STUB32.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996 InstallShield Software Corporation

FileVersion
2.02.001

TimeStamp
1998:03:26 15:31:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
STUB.EXE

ProductVersion
2.02.001

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
InstallShield Software Corporation

CodeSize
69120

ProductName
PackageForTheWeb Stub

ProductVersionNumber
2.1.5.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bcd635a77a295b56c89efd354bc4cc51
SHA1 4565de5589804e654a0871f806c8638b3976f8e2
SHA256 46f5003c2bd34176cc2c9fc2f927f6341d30602f691faced0ab54b83c7352672
ssdeep
393216:HtBKzGLxWwJG7HrtpGqIQngTH8Rl5qzfUxpNuf:jxa7Vn08Rl5bgf

authentihash c4f84700a702a947eeaeaa6f4aa5d5decc685dacc8a1f5d38bc6cb70b4664a24
imphash 4204e1fe9e2e0a7f6bec612446ce171b
File size 14.3 MB ( 15029066 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (52.6%)
InstallShield setup (16.8%)
Win32 Executable MS Visual C++ (generic) (12.1%)
Win64 Executable (generic) (10.7%)
Win32 Dynamic Link Library (generic) (2.5%)
Tags
peexe installshield overlay

VirusTotal metadata
First submission 2010-09-09 12:29:39 UTC ( 8 years, 6 months ago )
Last submission 2018-02-28 18:34:55 UTC ( 1 year ago )
File names 46F5003C2BD34176CC2C9FC2F927F6341D30602F691FACED0AB54B83C7352672
BrBplen0Y.jpg
aa
STUB32.EXE
tzagdemo.exe
STUB.EXE
SdXtgjpKD.bin
16528637
141500425194732-tzagdemo.exe
TARZAN GAMES 20-3-2015.exe
2391-tzagdemo.exe
tarzan_download.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!