× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ae0a3b3c987c659f072e1ce63081c83c42788fb4ee79c5e7eb1486eac4c2f76
Detection ratio: 26 / 40
Analysis date: 2010-04-13 08:46:50 UTC ( 8 years, 3 months ago )
Antivirus Result Update
a-squared Trojan-Dropper.Win32.Koobface!IK 20100413
AhnLab-V3 Win-Trojan/Koobface.232448 20100412
AntiVir TR/Drop.Koobface.J.38 20100412
Avast Win32:Malware-gen 20100412
Avast5 Win32:Malware-gen 20100412
AVG Dropper.Generic.CKAO 20100412
BitDefender Trojan.Generic.KD.5551 20100413
DrWeb Win32.HLLW.Facebook.630 20100413
eSafe Win32.TrojanDropperK 20100412
F-Secure Trojan.Generic.KD.5551 20100413
Fortinet W32/Koobface.C!worm.im 20100412
GData Trojan.Generic.KD.5551 20100413
Ikarus Trojan-Dropper.Win32.Koobface 20100413
Kaspersky Trojan-Dropper.Win32.Koobface.ai 20100413
McAfee Generic Dropper!cxd 20100413
McAfee-GW-Edition Heuristic.LooksLike.Trojan.Drop.Koobface.H 20100413
Microsoft TrojanDropper:Win32/Koobface.J 20100413
NOD32 a variant of Win32/Tinxy.BJ 20100412
Norman W32/Koobface.GUB 20100412
Panda W32/Koobface.KD.worm 20100412
Prevx Medium Risk Malware 20100413
Rising Trojan.Win32.Generic.51FD4FA8 20100413
Sophos AV Mal/Koobface-C 20100413
Sunbelt Trojan.Win32.Generic!BT 20100413
TheHacker Trojan/Tinxy.bj 20100412
VirusBuster Trojan.DR.Koobface.DQB 20100412
Antiy-AVL 20100413
Authentium 20100412
CAT-QuickHeal 20100413
ClamAV 20100413
Comodo 20100413
eTrust-Vet 20100412
F-Prot 20100412
Jiangmin 20100413
nProtect 20100406
PCTools 20100413
Symantec 20100413
TrendMicro 20100413
VBA32 20100409
ViRobot 20100413
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
FileVersionInfo properties
Copyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

Publisher Greatis Software
Product Protection Tools Management
Original name okostub.exe
Internal name okostub.exe
File version 5.8.45.22
Description Plug-in Player Antivirus Kernel
PE header basic information
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
WriteFile
Sleep
GetSystemDirectoryA
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetVersion
GetTempPathA
ResumeThread
lstrcpyA
GetTickCount
GetStdHandle
GetLastError
DeleteTimerQueue
GetCurrentProcessId
SetFileTime
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
HeapSize
LCMapStringW
CreateFileA
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
RtlUnwind
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
QueryPerformanceCounter
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
SetEnvironmentVariableA
IsWindow
GetGuiResources
DestroyWindow
CharToOemA
9 more function(s) imported by ordinal)
File identification
MD5 72e0997837fbcffa5c52125b9052e618
SHA1 cd2691cc1e448d9448c65f84c96cd019fd17ecf6
SHA256 7ae0a3b3c987c659f072e1ce63081c83c42788fb4ee79c5e7eb1486eac4c2f76
ssdeep
3072:PEoQiWOCqePtqymPpap4wVZcDDT317+SsswvzobSm+GbSm+IwpAIbPKNR4AeuW8e:MoQCeP6PUhI/BB9Azobrd+I34Q4LuW

File size 227.0 KB ( 232448 bytes )
File type unknown
Magic literal

TrID Win64 Executable Generic (58.8%)
Win32 Executable MS Visual C++ (generic) (25.9%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.2%)
Clipper DOS Executable (1.3%)
VirusTotal metadata
First submission 2010-04-03 14:03:34 UTC ( 8 years, 3 months ago )
Last submission 2010-04-13 08:46:50 UTC ( 8 years, 3 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!