× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 99d33b20ac860b720d5adf24ae837c843160c7c5db08eb8b2d2fae8b03a9289f
File name: stub32
Detection ratio: 1 / 60
Analysis date: 2017-06-05 20:25:01 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Zillya Backdoor.Wapomi.Win32.25 20170605
Ad-Aware 20170605
AegisLab 20170605
AhnLab-V3 20170605
Alibaba 20170605
ALYac 20170605
Arcabit 20170605
Avast 20170605
AVG 20170605
Avira (no cloud) 20170605
AVware 20170605
Baidu 20170601
BitDefender 20170605
Bkav 20170602
CAT-QuickHeal 20170605
ClamAV 20170605
CMC 20170605
Comodo 20170605
CrowdStrike Falcon (ML) 20170420
Cyren 20170605
DrWeb 20170605
Emsisoft 20170605
Endgame 20170515
ESET-NOD32 20170605
F-Prot 20170605
F-Secure 20170605
Fortinet 20170605
GData 20170605
Ikarus 20170605
Sophos ML 20170604
Jiangmin 20170605
K7AntiVirus 20170605
K7GW 20170605
Kaspersky 20170605
Kingsoft 20170605
Malwarebytes 20170605
McAfee 20170605
McAfee-GW-Edition 20170605
Microsoft 20170605
eScan 20170605
NANO-Antivirus 20170605
nProtect 20170605
Palo Alto Networks (Known Signatures) 20170605
Panda 20170605
Qihoo-360 20170605
Rising 20170602
SentinelOne (Static ML) 20170516
Sophos AV 20170605
SUPERAntiSpyware 20170605
Symantec 20170605
Symantec Mobile Insight 20170605
Tencent 20170605
TheHacker 20170605
TotalDefense 20170605
TrendMicro-HouseCall 20170605
Trustlook 20170605
VBA32 20170605
VIPRE 20170605
ViRobot 20170605
Webroot 20170605
WhiteArmor 20170601
Yandex 20170602
ZoneAlarm by Check Point 20170605
Zoner 20170605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product SCX-4600Series_Print_32bit
Original name stub32i.exe
Internal name stub32
File version
Description
Comments
Signature verification Certificate out of its validity period
Signers
[+] Samsung Electronics CO., LTD.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 12/18/2008
Valid to 12:59 AM 12/23/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint CDD90F19D1805360FC80777454C18DA061F10D5B
Serial number 54 C3 C9 10 52 8E 53 7C 3E D4 22 50 38 66 6D 42
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Packers identified
F-PROT CAB, appended, UTF-8, Unicode, NSIS
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-08-02 07:01:18
Entry Point 0x00008AF7
Number of sections 4
PE sections
Overlays
MD5 bf926d07f8b8346d3c5f8094f3a3d4e8
File type data
Offset 290816
Size 28937536
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetObjectA
TextOutA
CreateCompatibleDC
DeleteDC
SetBkMode
GetTextExtentPointA
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
GetDeviceCaps
SelectPalette
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
EnumFontFamiliesExA
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
GetEnvironmentVariableA
LoadResource
FindClose
FormatMessageA
HeapAlloc
GetVersionExA
RemoveDirectoryA
GetPrivateProfileStringA
GetSystemDefaultLCID
MultiByteToWideChar
WritePrivateProfileSectionA
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetVersion
HeapFree
SetHandleCount
lstrcmpiA
FreeLibrary
IsBadWritePtr
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalLock
GetFileType
GetPrivateProfileSectionA
CreateFileA
ExitProcess
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetEnvironmentStrings
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
LZCopy
LZClose
LZOpenFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
MapDialogRect
DrawTextA
BeginPaint
CreateDialogIndirectParamA
CheckRadioButton
ShowWindow
SetWindowPos
SendDlgItemMessageA
IsWindow
LoadIconA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
GetSysColorBrush
IsWindowEnabled
GetWindow
GetSysColor
CheckDlgButton
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SetParent
TranslateMessage
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetNextDlgTabItem
ScreenToClient
InvalidateRect
wsprintfA
UpdateWindow
GetActiveWindow
FillRect
LoadStringA
IsDlgButtonChecked
CharNextA
SetActiveWindow
GetDesktopWindow
LoadImageA
EndPaint
GetWindowTextA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 10
RT_STRING 7
RT_ICON 4
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 26
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.100.1332

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
208896

EntryPoint
0x8af7

OriginalFileName
stub32i.exe

MIMEType
application/octet-stream

TimeStamp
2002:08:02 08:01:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Samsung

CodeSize
77824

ProductName
SCX-4600Series_Print_32bit

ProductVersionNumber
4.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 51ace73a3a8c8bfbe4934a5a30a9f81c
SHA1 f61483e060afd1c69057b44eb29c9b9708da18b2
SHA256 99d33b20ac860b720d5adf24ae837c843160c7c5db08eb8b2d2fae8b03a9289f
ssdeep
786432:APo4TRsy2OEQlBHUQkwYtT2sfaE0DSrn4A:Ko4VsySYoVtFfaE3rn4A

authentihash 63aca0185fcf9b20f6ebaf4a4633c3743bd51451459f660ef8df7007e5e3d4cd
imphash d84d991d25f1d024e6888428c049c5f2
File size 27.9 MB ( 29228352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
nsis peexe armadillo signed overlay

VirusTotal metadata
First submission 2013-06-08 13:48:42 UTC ( 5 years, 11 months ago )
Last submission 2013-06-08 13:48:42 UTC ( 5 years, 11 months ago )
File names stub32
stub32i.exe
99d33b20ac860b720d5adf24ae837c843160c7c5db08eb8b2d2fae8b03a9289f
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!