× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6cd9c157a917b7281ff7000c199dd1bcef77e458e1347466c636ca94e0571d4c
File name: sp51765.exe
Detection ratio: 0 / 69
Analysis date: 2019-02-10 04:01:26 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Acronis 20190207
Ad-Aware 20190209
AegisLab 20190209
AhnLab-V3 20190209
Alibaba 20180921
ALYac 20190209
Antiy-AVL 20190209
Arcabit 20190209
Avast 20190209
Avast-Mobile 20190209
AVG 20190209
Avira (no cloud) 20190209
Babable 20180917
Baidu 20190201
BitDefender 20190209
Bkav 20190201
CAT-QuickHeal 20190209
ClamAV 20190209
CMC 20190209
Comodo 20190209
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190209
Cyren 20190209
DrWeb 20190209
eGambit 20190209
Emsisoft 20190209
Endgame 20181108
ESET-NOD32 20190209
F-Prot 20190209
F-Secure 20190209
Fortinet 20190209
GData 20190209
Sophos ML 20181128
Jiangmin 20190209
K7AntiVirus 20190209
K7GW 20190209
Kaspersky 20190209
Kingsoft 20190209
Malwarebytes 20190209
MAX 20190209
McAfee 20190209
McAfee-GW-Edition 20190209
Microsoft 20190209
eScan 20190209
NANO-Antivirus 20190209
Palo Alto Networks (Known Signatures) 20190209
Panda 20190209
Qihoo-360 20190209
Rising 20190210
SentinelOne (Static ML) 20190203
Sophos AV 20190209
SUPERAntiSpyware 20190206
Symantec 20190209
Symantec Mobile Insight 20190206
TACHYON 20190209
Tencent 20190209
TheHacker 20190203
TotalDefense 20190206
Trapmine 20190123
TrendMicro 20190210
TrendMicro-HouseCall 20190209
Trustlook 20190209
VBA32 20190208
ViRobot 20190209
Webroot 20190209
Yandex 20190207
Zillya 20190208
ZoneAlarm by Check Point 20190209
Zoner 20190209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product HP Webcam Software
Original name stub32i.exe
Internal name stub32
File version 1.0.25.0 A
Description HP Webcam Software, when paired with the integrated web came
Comments
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 11:27 AM 3/8/2011
Signers
[+] Hewlett-Packard Company
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 12:00 AM 12/18/2008
Valid to 11:59 PM 12/18/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 90CD7EBA8F57B719780122142B38ECA83E1271E4
Serial number 08 99 45 31 FD F1 B2 EB B8 C7 82 1B F6 50 FD CF
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 11:00 PM 07/15/2004
Valid to 10:59 PM 07/15/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 01/29/1996
Valid to 10:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 11:00 PM 06/14/2007
Valid to 10:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT CAB, appended
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-29 21:22:49
Entry Point 0x00008927
Number of sections 4
PE sections
Overlays
MD5 8bf8a7cb96f9d5261ec9fbbe20bbe586
File type data
Offset 278528
Size 32182752
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetObjectA
TextOutA
CreateCompatibleDC
DeleteDC
SetBkMode
GetTextExtentPointA
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
GetDeviceCaps
SelectPalette
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
EnumFontFamiliesExA
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
LoadResource
FindClose
FormatMessageA
HeapAlloc
RemoveDirectoryA
GetPrivateProfileStringA
GetSystemDefaultLCID
MultiByteToWideChar
WritePrivateProfileSectionA
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetVersion
HeapFree
SetHandleCount
lstrcmpiA
FreeLibrary
IsBadWritePtr
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalLock
GetFileType
GetPrivateProfileSectionA
CreateFileA
ExitProcess
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetEnvironmentStrings
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
LZCopy
LZClose
LZOpenFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
MapDialogRect
DrawTextA
BeginPaint
CreateDialogIndirectParamA
CheckRadioButton
ShowWindow
SetWindowPos
SendDlgItemMessageA
IsWindow
LoadIconA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
GetSysColorBrush
IsWindowEnabled
GetWindow
GetSysColor
CheckDlgButton
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SetParent
TranslateMessage
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetNextDlgTabItem
ScreenToClient
InvalidateRect
GetWindowLongA
UpdateWindow
GetActiveWindow
FillRect
IsDlgButtonChecked
CharNextA
SetActiveWindow
GetDesktopWindow
LoadImageA
wsprintfA
EndPaint
GetWindowTextA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 10
RT_STRING 7
RT_ICON 4
RT_BITMAP 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.100.1189

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
HP Webcam Software, when paired with the integrated web came

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
212992

EntryPoint
0x8927

OriginalFileName
stub32i.exe

MIMEType
application/octet-stream

FileVersion
1.0.25.0 A

TimeStamp
2001:08:29 14:22:49-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub32

ProductVersion
1.0.25.0 A

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hewlett-Packard

CodeSize
73728

ProductName
HP Webcam Software

ProductVersionNumber
4.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8fae325edc9c8dec3520192cfc0ff2b9
SHA1 6b39a4981958c6bb3d17ed779a574ce6708e73f2
SHA256 6cd9c157a917b7281ff7000c199dd1bcef77e458e1347466c636ca94e0571d4c
ssdeep
393216:SlDEgMxvKFdlawwNb7jkgpUtSHNC7xRgKoNdZNnmdGLhHVpIYlLmLtYuNI9/3eOa:SCyPwJXpUkGRgLNTpMYl4tY5HnYXb

authentihash 3cac226c04379b4eadff53e061b85cb59217907bc3ddfd8b806c448fb4934514
imphash 5a9b89741dd0eb9be8754b41c4d30c55
File size 31.0 MB ( 32461280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.0%)
Win64 Executable (generic) (34.0%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.4%)
Generic Win/DOS Executable (2.4%)
Tags
revoked-cert peexe armadillo signed overlay

VirusTotal metadata
First submission 2013-01-16 15:34:47 UTC ( 6 years, 4 months ago )
Last submission 2018-05-07 07:34:46 UTC ( 1 year ago )
File names sp51765.exe
sp51765.exe
6CD9C157A917B7281FF7000C199DD1BCEF77E458E1347466C636CA94E0571D4C
sp51765 Web cam driver.exe
stub32i.exe
filename
sp51765 (1).exe
stub32
web.exe
sp51765.exe
sp51765.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!