× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9bbac7021e205cb33decbde1966c6f32dc0c80cf24a3aa823bf1e737dc496815
File name: hubiC-latest.exe
Detection ratio: 0 / 48
Analysis date: 2013-10-17 15:45:30 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
AVG 20131017
Agnitum 20131016
AhnLab-V3 20131017
AntiVir 20131017
Antiy-AVL 20131017
Avast 20131017
Baidu-International 20131017
BitDefender 20131012
Bkav 20131017
ByteHero 20130924
CAT-QuickHeal 20131017
ClamAV 20131017
Commtouch 20131017
Comodo 20131017
DrWeb 20131017
ESET-NOD32 20131017
Emsisoft 20131017
F-Prot 20131017
F-Secure 20131017
Fortinet 20131017
GData 20131017
Ikarus 20131017
Jiangmin 20131017
K7AntiVirus 20131017
K7GW 20131017
Kaspersky 20131017
Kingsoft 20130829
Malwarebytes 20131017
McAfee 20131017
McAfee-GW-Edition 20131017
MicroWorld-eScan 20131017
Microsoft 20131017
NANO-Antivirus 20131017
Norman 20131017
PCTools 20131002
Panda 20131017
Rising 20131017
SUPERAntiSpyware 20131017
Sophos 20131017
Symantec 20131017
TheHacker 20131017
TotalDefense 20131016
TrendMicro 20131017
TrendMicro-HouseCall 20131017
VBA32 20131017
VIPRE 20131017
ViRobot 20131017
nProtect 20131017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
2012 - 2013 OVH

Publisher OVH SAS
Product hubiC
Original name hubiC-installer.exe
Internal name setup
File version 1.1.12.128
Description hubiC
Signature verification Signed file, verified signature
Signing date 5:51 PM 10/7/2013
Signers
[+] OVH SAS
Status Valid
Valid from 1:00 AM 12/28/2012
Valid to 12:59 AM 12/29/2014
Valid usage Code Signing
Algorithm SHA1
Thumbrint C5103997A55BC78DA96584A73F93411BB90ADADC
Serial number 0F 51 68 C4 C0 18 56 F0 65 06 52 D8 6F DA E8 62
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-26 18:02:28
Entry Point 0x000265C1
Number of sections 7
PE sections
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
CheckTokenMembership
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
InitializeSecurityDescriptor
RegDeleteValueW
QueryServiceConfigW
CryptGetHashParam
RegSetValueExW
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
InitiateSystemShutdownExW
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
CertGetCertificateContextProperty
CryptHashPublicKeyInfo
Ord(23)
Ord(20)
Ord(22)
DeleteDC
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
StretchBlt
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
ProcessIdToSessionId
GetFileAttributesW
VerifyVersionInfoW
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
SetFilePointer
LoadLibraryExW
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
ConnectNamedPipe
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
SetLastError
GetSystemTime
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
CreateEventW
SetFileAttributesW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
SystemTimeToFileTime
GetWindowsDirectoryW
LCMapStringW
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
CompareStringA
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
CreateFileMappingW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
IsValidCodePage
UnmapViewOfFile
WriteFile
VirtualFree
Sleep
SystemTimeToTzSpecificLocalTime
VirtualAlloc
GetOEMCP
ResetEvent
Ord(6)
Ord(8)
Ord(2)
Ord(9)
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
SetWindowLongW
IsWindow
PeekMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
RegisterClassW
UnregisterClassW
MessageBoxW
PostThreadMessageW
MonitorFromPoint
WaitForInputIdle
IsDialogMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetSetOptionW
HttpSendRequestW
InternetErrorDlg
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
Ord(190)
Ord(70)
Ord(205)
Ord(171)
Ord(45)
Ord(173)
Ord(90)
Ord(111)
Ord(125)
Ord(169)
Ord(17)
Ord(141)
Ord(116)
Ord(118)
Ord(238)
Ord(115)
Ord(8)
Ord(88)
Ord(137)
CoInitializeEx
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.12.128

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
282624

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
2012 - 2013 OVH

FileVersion
1.1.12.128

TimeStamp
2013:08:26 19:02:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
1.1.12.128

FileDescription
hubiC

OSVersion
5.1

OriginalFilename
hubiC-installer.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OVH

CodeSize
234496

ProductName
hubiC

ProductVersionNumber
1.1.12.128

EntryPoint
0x265c1

ObjectFileType
Executable application

File identification
MD5 a70a7817572a76520283c04a1ecb47f6
SHA1 b1a550d46f91546deb3423e38f6e590525d5959c
SHA256 9bbac7021e205cb33decbde1966c6f32dc0c80cf24a3aa823bf1e737dc496815
ssdeep
98304:ZS0klveE14/C3D5/36cxQn5p8IqsQJLI9yFYZXUeyzuA/UleeJEYVc:ZSTV4s5LG89VJLMyKT5l3y9

File size 5.7 MB ( 5996808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-10-09 11:08:01 UTC ( 6 months, 2 weeks ago )
Last submission 2013-10-18 15:49:02 UTC ( 6 months, 1 week ago )
File names setup
hubiC-latest.exe
hubiC-latest.exe
hubic-1.1.12-windows.exe
hubiC-installer.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications