× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74adac807b186ffbe6e760eff24752ffefd377b8ddf6f301d37d164e047e3f26
File name: downloadcomsp_StubInstaller.exe
Detection ratio: 1 / 68
Analysis date: 2018-06-09 16:34:03 UTC ( 1 week, 1 day ago ) View latest
Antivirus Result Update
NANO-Antivirus Trojan.Win32.Dwn.dinppb 20180609
Ad-Aware 20180609
AegisLab 20180609
AhnLab-V3 20180609
Alibaba 20180608
ALYac 20180609
Antiy-AVL 20180609
Arcabit 20180609
Avast 20180609
Avast-Mobile 20180609
AVG 20180609
Avira (no cloud) 20180609
AVware 20180609
Babable 20180406
Baidu 20180608
BitDefender 20180609
Bkav 20180609
CAT-QuickHeal 20180609
ClamAV 20180609
CMC 20180609
Comodo 20180609
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180609
Cyren 20180609
DrWeb 20180609
eGambit 20180609
Emsisoft 20180609
Endgame 20180507
ESET-NOD32 20180609
F-Prot 20180609
F-Secure 20180606
Fortinet 20180609
GData 20180609
Ikarus 20180609
Sophos ML 20180601
Jiangmin 20180609
K7AntiVirus 20180609
K7GW 20180609
Kaspersky 20180609
Kingsoft 20180609
Malwarebytes 20180609
MAX 20180609
McAfee 20180609
McAfee-GW-Edition 20180609
Microsoft 20180609
eScan 20180609
Palo Alto Networks (Known Signatures) 20180609
Panda 20180609
Qihoo-360 20180609
Rising 20180609
SentinelOne (Static ML) 20180225
Sophos AV 20180609
SUPERAntiSpyware 20180609
Symantec 20180609
Symantec Mobile Insight 20180605
TACHYON 20180608
Tencent 20180609
TheHacker 20180608
TotalDefense 20180609
TrendMicro 20180609
TrendMicro-HouseCall 20180609
Trustlook 20180609
VBA32 20180608
VIPRE 20180609
ViRobot 20180609
Webroot 20180609
Yandex 20180609
Zillya 20180608
ZoneAlarm by Check Point 20180609
Zoner 20180608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) The Weather Channel Interactive. All rights reserved.

Product The Weather Channel Interactive Consumer Application Software
Original name TheWeatherChannel_Stub____.exe
Internal name TheWeatherChannel_StubInstaller.exe
File version 7, 0, 0, 31
Signature verification Certificate out of its validity period
Signers
[+] The Weather Channel Interactive, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 8/18/2010
Valid to 12:59 AM 8/25/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 49761B7DC32CEB31B60E1083DFEF686FF17DFEF0
Serial number 0C F2 7D 8C B4 ED A3 91 43 49 71 0E 84 B0 6F B1
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-04 16:15:36
Entry Point 0x00108C42
Number of sections 5
PE sections
Overlays
MD5 14ac8e841a2a7f509754279cea9a3e73
File type data
Offset 2375168
Size 3256
Entropy 7.06
PE imports
GetTokenInformation
RegDeleteKeyA
RegFlushKey
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
GetUserNameA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegEnumKeyExA
ImageList_GetIconSize
GetFileTitleA
SetMapMode
GetWindowOrgEx
GetTextMetricsA
CombineRgn
GetViewportOrgEx
GetObjectType
GetBoundsRect
SetLayout
SetPixel
SetPaletteEntries
OffsetWindowOrgEx
CreateEllipticRgn
CreatePalette
CreateDIBitmap
SetTextAlign
StretchBlt
GetTextFaceA
ScaleViewportExtEx
GetPaletteEntries
SetWindowExtEx
SetViewportExtEx
SetBkColor
GetBkColor
SetRectRgn
GetTextCharsetInfo
GetSystemPaletteEntries
OffsetRgn
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
GetPixel
GetLayout
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
PtInRegion
BitBlt
EnumFontFamiliesA
GetDeviceCaps
FillRgn
FrameRgn
ScaleWindowExtEx
PtVisible
ExtSelectClipRgn
SelectPalette
SetROP2
GetNearestPaletteIndex
SetDIBColorTable
GetTextColor
SetPixelV
DeleteObject
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
Rectangle
GetObjectA
CreateDCA
LineTo
DeleteDC
RealizePalette
CreateHatchBrush
CreatePatternBrush
IntersectClipRect
CreateBitmap
RectVisible
GetStockObject
ExtTextOutA
SelectClipRgn
GetTextExtentPoint32A
SetWindowOrgEx
GetViewportExtEx
CreatePolygonRgn
Polygon
GetRgnBox
SaveDC
RestoreDC
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
CreateRectRgn
Escape
SelectObject
SetPolyFillMode
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
CopyMetaFileA
Ellipse
EnumFontFamiliesExA
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
GetPrivateProfileSectionNamesA
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
DeactivateActCtx
WaitForSingleObject
GetDriveTypeA
EncodePointer
lstrcmpW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetFileInformationByHandle
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
ReleaseActCtx
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
GetProfileIntA
OutputDebugStringA
SetLastError
GetUserDefaultUILanguage
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
GetVolumeInformationA
CreateActCtxW
GetPrivateProfileStringA
SetThreadPriority
ActivateActCtx
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FormatMessageA
CreateMutexA
SetFilePointer
CreateThread
GetSystemDefaultUILanguage
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetNumberFormatA
VirtualQuery
SearchPathA
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
UnlockFile
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetCPInfo
GetProcAddress
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
FreeEnvironmentStringsW
lstrcmpA
FindFirstFileExA
FindFirstFileA
GetCurrentThreadId
lstrcpyA
CompareStringA
GetTempFileNameA
GetDiskFreeSpaceExA
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateFileW
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
LockFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
HeapQueryInformation
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
CopyFileA
GetModuleHandleW
FreeResource
IsValidCodePage
HeapCreate
WriteFile
Sleep
GetFileAttributesExA
FindResourceA
VirtualAlloc
GetOEMCP
TransparentBlt
AlphaBlend
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VarBstrFromDate
VariantClear
SysAllocString
SysFreeString
VariantInit
SHGetFileInfoA
ShellExecuteExA
DragFinish
SHGetDesktopFolder
SHGetFolderPathA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHAppBarMessage
DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
MapWindowPoints
RegisterClipboardFormatA
GetForegroundWindow
SetWindowRgn
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
DrawStateA
MoveWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
EndPaint
GetWindowLongA
CharUpperBuffA
GrayStringA
WindowFromPoint
PeekMessageA
DrawIcon
GetMessageTime
SetActiveWindow
GetDC
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
IsClipboardFormatAvailable
DefFrameProcA
GetClientRect
SetMenuDefaultItem
LoadImageW
SetScrollPos
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CharUpperA
CopyAcceleratorTableA
TrackPopupMenu
GetTopWindow
LoadImageA
LoadAcceleratorsW
ScrollWindow
MapVirtualKeyExA
GetKeyState
PtInRect
DrawEdge
GetParent
MapDialogRect
UpdateWindow
SetPropA
EqualRect
DefWindowProcA
GetClassInfoExA
ShowWindow
SetClassLongA
DrawFrameControl
GetNextDlgGroupItem
GetWindowPlacement
EnumDisplayMonitors
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
LockWindowUpdate
LoadIconW
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
InsertMenuItemA
GetIconInfo
SetParent
SetClipboardData
IsCharLowerA
IsZoomed
IsWindowVisible
GetWindowTextA
GetWindowRgn
DrawMenuBar
IsIconic
InvertRect
GetMenuItemCount
TabbedTextOutA
DrawFocusRect
SetTimer
GetActiveWindow
GetKeyboardLayout
FillRect
MonitorFromPoint
CopyRect
GetSysColorBrush
RealChildWindowFromPoint
CreateMenu
GetCursorPos
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
GetMessageA
PostMessageA
BeginPaint
OffsetRect
EndDialog
GetScrollPos
CopyIcon
KillTimer
GetMonitorInfoA
RegisterWindowMessageA
DefMDIChildProcA
ToAsciiEx
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
RegisterClassA
SetCapture
ReleaseCapture
GetScrollRange
SetWindowLongA
CheckDlgButton
WaitMessage
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateWindowExA
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ClientToScreen
GetClassLongA
InsertMenuA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
GetKeyboardState
SetWindowsHookExA
GetMenuItemInfoA
DestroyAcceleratorTable
ValidateRect
ShowOwnedPopups
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetMenuItemID
SetForegroundWindow
NotifyWinEvent
PostThreadMessageA
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
SetLayeredWindowAttributes
GetScrollInfo
LoadMenuA
HideCaret
GetCapture
RemovePropA
ScreenToClient
SetWindowTextA
MessageBeep
LoadMenuW
DrawTextExA
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
AppendMenuA
GetMenuState
GetPropA
UnhookWindowsHookEx
SetDlgItemTextA
SetRectEmpty
GetMenuStringA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
CopyImage
EndDeferWindowPos
SystemParametersInfoA
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
GetKeyNameTextA
GetDesktopWindow
ShowScrollBar
GetUpdateRect
SubtractRect
UnpackDDElParam
SetCursorPos
WinHelpA
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
InvalidateRect
SendMessageA
DestroyWindow
TranslateAcceleratorA
IsRectEmpty
IsMenu
GetFocus
CloseClipboard
ModifyMenuA
SetMenu
SetCursor
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
HttpQueryInfoA
PlaySoundA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
WSAStartup
gethostbyname
WSACleanup
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipDisposeImage
GdipBitmapUnlockBits
GdiplusStartup
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImagePaletteSize
GdipDrawImageI
GdipDrawImageRectI
GdipSetInterpolationMode
GdipFree
GdipGetImageHeight
GdipCloneImage
GdipGetImageGraphicsContext
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
CoInitialize
CoTaskMemAlloc
RevokeDragDrop
IsAccelerator
CoCreateGuid
OleTranslateAccelerator
OleCreateMenuDescriptor
CoLockObjectExternal
OleDestroyMenuDescriptor
DoDragDrop
ReleaseStgMedium
CoUninitialize
OleGetClipboard
CoInitializeEx
OleDuplicateData
CoTaskMemFree
RegisterDragDrop
URLDownloadToFileA
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 9
RT_DIALOG 4
RT_BITMAP 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 62
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.0.31

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
1153024

EntryPoint
0x108c42

OriginalFileName
TheWeatherChannel_Stub____.exe

MIMEType
application/octet-stream

LegalCopyright
(c) The Weather Channel Interactive. All rights reserved.

FileVersion
7, 0, 0, 31

TimeStamp
2012:04:04 17:15:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TheWeatherChannel_StubInstaller.exe

ProductVersion
0, 0, 0, 31

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The Weather Channel Interactive

CodeSize
1252352

ProductName
The Weather Channel Interactive Consumer Application Software

ProductVersionNumber
0.0.0.31

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0854952227ff20c0a1386bc91c0e1c2f
SHA1 f4276f923b6c8462a2f2e05b2cd2427f3de0cd13
SHA256 74adac807b186ffbe6e760eff24752ffefd377b8ddf6f301d37d164e047e3f26
ssdeep
49152:MCIOc48TWabcJR9m3jmTSisaD34Pz+FINd13u+7LFW8G3rYucHjrzkfjAiHp8vzx:2e8TWFJR9m3ISisaLOz+FINdN9vG3rYH

authentihash 3071eb97e1240ae8aa706cecce0239774400008fdd31594c113cc9f21821a326
imphash e6eefa3b6add4795d133a51c147c2985
File size 2.3 MB ( 2378424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-09-06 14:10:39 UTC ( 5 years, 9 months ago )
Last submission 2018-05-27 07:23:02 UTC ( 3 weeks ago )
File names 058C2A2340297886FC78FA232BCD58C3 - downloadcomsp_StubInstaller.exe
downloadcomsp_StubInstaller.exe
TheWeatherChannel_Stub____.exe
downloadcomsp_StubInstaller.exe
2086DBA1B8EB8E4B4A4D245E4621DA001AECF8AA.exe
TheWeatherChannel_StubInstaller.exe
downloadcomsp_StubInstaller.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications