× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5e15686b9c77c3b98d1a43bca51776d1d86dc0fa1f932d86bb3fc9f004ceac9d
File name: rubsbubs.exe
Detection ratio: 7 / 55
Analysis date: 2015-07-15 10:50:46 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150715
ESET-NOD32 Win32/Dridex.P 20150715
Fortinet W32/Dridex.M!tr 20150715
McAfee Artemis!D16425D00434 20150715
McAfee-GW-Edition Artemis 20150715
Panda Trj/Chgt.O 20150715
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150715
Ad-Aware 20150715
AegisLab 20150715
Yandex 20150713
AhnLab-V3 20150715
Alibaba 20150715
ALYac 20150715
Antiy-AVL 20150715
Arcabit 20150715
AVG 20150715
Avira (no cloud) 20150715
AVware 20150715
Baidu-International 20150715
BitDefender 20150715
Bkav 20150715
ByteHero 20150715
CAT-QuickHeal 20150715
ClamAV 20150715
Comodo 20150715
Cyren 20150715
DrWeb 20150715
Emsisoft 20150715
F-Prot 20150714
F-Secure 20150715
GData 20150715
Ikarus 20150715
Jiangmin 20150714
K7AntiVirus 20150715
K7GW 20150715
Kaspersky 20150715
Kingsoft 20150715
Malwarebytes 20150715
Microsoft 20150715
eScan 20150715
NANO-Antivirus 20150715
nProtect 20150715
Rising 20150713
Sophos AV 20150715
SUPERAntiSpyware 20150715
Symantec 20150715
Tencent 20150715
TheHacker 20150713
TrendMicro 20150715
TrendMicro-HouseCall 20150715
VBA32 20150715
VIPRE 20150715
ViRobot 20150715
Zillya 20150715
Zoner 20150715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name SendCMsg.dll
Internal name SENDCMSG
File version 5.1.2500.5524 (xpsp.080413-2108)
Description Отправка сообщения консоли
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 18:12:16
Entry Point 0x0000E290
Number of sections 7
PE sections
PE imports
GetModuleHandleA
lstrcmpiA
WaitForSingleObject
PulseEvent
ResetEvent
CreateFileA
GetDevicePowerState
GetModuleHandleW
StrRStrIA
SetWindowsHookExW
PostMessageW
SetWindowsHookExA
Number of PE resources by type
RT_DIALOG 3
RT_STRING 2
TYPELIB 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 9
PE resources
ExifTool file metadata
UninitializedDataSize
5120

LinkerVersion
2.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.1.2600.5514

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0xe290

OriginalFileName
SendCMsg.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2500.5524 (xpsp.080413-2108)

TimeStamp
1970:01:01 19:12:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SENDCMSG

ProductVersion
5.1.2500.5524

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
30720

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 d16425d00434fbf45bc804b7185c87f4
SHA1 9a775f26e8a40362ac6eff9ff0461ac59a14744e
SHA256 5e15686b9c77c3b98d1a43bca51776d1d86dc0fa1f932d86bb3fc9f004ceac9d
ssdeep
1536:BJKkWSfvCMBxYLYWSoHfnhlewLv1eptv61UMbkm0T0YXi+:6IFmxSW2oytv6OMYeYXi

authentihash 3cc8a46be049bf092d4edfc36bf1356b64b83d0c20f297bc34e6db32fc569bfd
imphash b3369e869c000298ae9a1ae01c3f85ed
File size 135.0 KB ( 138240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-15 07:53:29 UTC ( 3 years, 10 months ago )
Last submission 2018-05-08 03:52:15 UTC ( 1 year ago )
File names SendCMsg.dll
D16425D00434FBF45BC804B7185C87F4
12.txt
SENDCMSG
12.exe
rubsbubs.exe
9A775F26E8A40362AC6EFF9FF0461AC59A14744E
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections