× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7dc2b5b8ee3b84db47c814e7f0b122f6eea6c9c741fc94cb01762c7533b91e82
File name: sblw9xup.exe
Detection ratio: 0 / 67
Analysis date: 2018-01-10 01:51:02 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180110
AegisLab 20180110
AhnLab-V3 20180109
Alibaba 20180109
ALYac 20180109
Antiy-AVL 20180109
Arcabit 20180109
Avast 20180109
Avast-Mobile 20180109
AVG 20180109
Avira (no cloud) 20180109
AVware 20180103
Baidu 20180109
BitDefender 20180110
Bkav 20180106
CAT-QuickHeal 20180109
ClamAV 20180109
CMC 20180109
Comodo 20180110
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180110
Cyren 20180110
DrWeb 20180110
eGambit 20180110
Emsisoft 20180110
Endgame 20171130
ESET-NOD32 20180110
F-Prot 20180110
F-Secure 20180110
Fortinet 20180110
GData 20180110
Ikarus 20180109
Sophos ML 20170914
Jiangmin 20180109
K7AntiVirus 20180109
K7GW 20180110
Kaspersky 20180110
Kingsoft 20180110
Malwarebytes 20180110
MAX 20180110
McAfee 20180110
McAfee-GW-Edition 20180110
Microsoft 20180110
eScan 20180110
NANO-Antivirus 20180110
nProtect 20180110
Palo Alto Networks (Known Signatures) 20180110
Panda 20180109
Qihoo-360 20180110
Rising 20180106
SentinelOne (Static ML) 20171224
Sophos AV 20180109
SUPERAntiSpyware 20180110
Symantec 20180110
Symantec Mobile Insight 20180109
Tencent 20180110
TheHacker 20180108
TotalDefense 20180109
TrendMicro 20180110
TrendMicro-HouseCall 20180109
Trustlook 20180110
VBA32 20180109
VIPRE 20180109
ViRobot 20180109
Webroot 20180110
WhiteArmor 20171226
Yandex 20180109
Zillya 20180108
ZoneAlarm by Check Point 20180109
Zoner 20180110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996 InstallShield Software Corporation

Product PackageForTheWeb Stub
Original name STUB32.EXE
Internal name STUB.EXE
File version 2.02.001
Description PackageForTheWeb Stub
Packers identified
F-PROT CAB, embedded
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-03-26 14:31:20
Entry Point 0x0000C110
Number of sections 5
PE sections
Overlays
MD5 10858ab2a84bff3edaa714a76199c454
File type data
Offset 130560
Size 5554927
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
PropertySheetA
Ord(17)
GetDeviceCaps
GetObjectA
SetBkMode
TextOutA
CreateFontIndirectA
SelectObject
GetTextExtentPointA
DeleteObject
SetTextColor
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
LCMapStringW
LoadResource
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
FreeLibrary
LCMapStringA
HeapDestroy
ExitProcess
CreateDirectoryA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
RemoveDirectoryA
GetACP
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetPrivateProfileStringA
FreeEnvironmentStringsW
GetFileSize
lstrcatA
LockResource
SetFileTime
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
MultiByteToWideChar
SetHandleCount
GetModuleFileNameA
GetProcAddress
GetFileType
SetStdHandle
lstrlenA
GetTempPathA
CloseHandle
GetCPInfo
MapViewOfFile
GetStringTypeA
SetFilePointer
lstrcmpA
ReadFile
GetCommandLineA
WriteFile
GetCurrentProcess
FindFirstFileA
CompareStringA
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetOEMCP
TerminateProcess
CreateProcessA
WideCharToMultiByte
UnhandledExceptionFilter
UnmapViewOfFile
lstrcpyA
VirtualFree
LocalFileTimeToFileTime
FindClose
Sleep
FormatMessageA
CreateFileA
HeapAlloc
GetVersion
FindResourceA
VirtualAlloc
HeapCreate
GetModuleHandleA
MulDiv
LZCopy
LZClose
LZOpenFileA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SetFocus
MapWindowPoints
GetParent
SystemParametersInfoA
EndDialog
KillTimer
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
IsCharAlphaA
TranslateMessage
DialogBoxParamA
GetWindow
GetSysColor
GetDC
SetWindowLongA
ReleaseDC
SetWindowTextA
GetWindowLongA
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
wsprintfA
SetTimer
LoadStringA
CharNextA
GetDesktopWindow
GetClassNameA
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 5
RT_GROUP_ICON 2
RTF 1
AVI 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 23
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.5.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
75776

EntryPoint
0xc110

OriginalFileName
STUB32.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996 InstallShield Software Corporation

FileVersion
2.02.001

TimeStamp
1998:03:26 15:31:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
STUB.EXE

ProductVersion
2.02.001

FileDescription
PackageForTheWeb Stub

OSVersion
4.0

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
InstallShield Software Corporation

CodeSize
69120

ProductName
PackageForTheWeb Stub

ProductVersionNumber
2.1.5.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 15d6113e55f284fd96c30d4fd66af06a
SHA1 2fc2da14694d6af8c1876479bdbea8e727e77e7b
SHA256 7dc2b5b8ee3b84db47c814e7f0b122f6eea6c9c741fc94cb01762c7533b91e82
ssdeep
98304:jA03cmNfJazSbq3R9kZb4w6nL8dxgXLd8sUSsjxaqGlkK2RnDGlECoPz2+ZLy:73ZV4Il4w6L8gdOjxaDkK21DEoPzDy

authentihash 338c48bf7d93fc1598da8f4e9b2f4011de84a595bb6df8593ac0a3521f3a9ca5
imphash 4204e1fe9e2e0a7f6bec612446ce171b
File size 5.4 MB ( 5685487 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (52.6%)
InstallShield setup (16.8%)
Win32 Executable MS Visual C++ (generic) (12.1%)
Win64 Executable (generic) (10.7%)
Win32 Dynamic Link Library (generic) (2.5%)
Tags
peexe installshield overlay

VirusTotal metadata
First submission 2008-04-04 10:24:36 UTC ( 10 years, 3 months ago )
Last submission 2018-05-26 10:25:04 UTC ( 1 month, 3 weeks ago )
File names STUB32.EXE
7DC2B5B8EE3B84DB47C814E7F0B122F6EEA6C9C741FC94CB01762C7533B91E82
1002-2fc2da14694d6af8c1876479bdbea8e727e77e7b
sblw9xup.exe
sblw9xup.exe
STUB.EXE
Win9X.exe
sblw9xup.exe
sblw9xup.exe
SBLW9XUP.EXE
sblw9xup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!