× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa8bd296ba174baa58c54f78d0322e68834a173d2d4a67a7dbd7df0fa85cee9e
File name: Dhl_Aktueller_Status___01___04___2015___nolp_dhl_de_0923049505782...
Detection ratio: 32 / 57
Analysis date: 2015-04-02 09:46:54 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2265564 20150402
AhnLab-V3 Trojan/Win32.Emotet 20150402
ALYac Trojan.Dropper.XKT 20150402
Avast Win32:Malware-gen 20150402
AVG Inject2.BWFC 20150402
Avira (no cloud) TR/Emotet.A.97 20150402
AVware Trojan.Win32.Generic.pak!cobra 20150402
Baidu-International Trojan.Win32.Inject.uqte 20150402
BitDefender Trojan.GenericKD.2265564 20150402
ByteHero Virus.Win32.Heur.p 20150402
Emsisoft Trojan.GenericKD.2265564 (B) 20150402
ESET-NOD32 a variant of Win32/Injector.BXJY 20150402
F-Secure Trojan.GenericKD.2265564 20150402
Fortinet W32/Injector.BXJY!tr 20150402
GData Trojan.GenericKD.2265564 20150402
Ikarus Trojan.Win32.Injector 20150402
K7AntiVirus Trojan ( 004bbab61 ) 20150402
K7GW Trojan ( 004bbab61 ) 20150402
Kaspersky Trojan.Win32.Inject.uqte 20150402
McAfee GenericR-DHK!0993180EE66D 20150402
Microsoft Trojan:Win32/Emotet.G 20150402
eScan Trojan.GenericKD.2265564 20150402
nProtect Trojan.GenericKD.2265564 20150402
Panda Generic Suspicious 20150401
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150402
Sophos AV Mal/VBZbot-H 20150402
Symantec Trojan.Zbot 20150402
Tencent Trojan.Win32.Qudamah.Gen.17 20150402
TrendMicro TSPY_EMOTET.CH 20150402
TrendMicro-HouseCall TSPY_EMOTET.CH 20150402
VIPRE Trojan.Win32.Generic.pak!cobra 20150402
ViRobot Trojan.Win32.S.Emotet.166909[h] 20150402
AegisLab 20150402
Yandex 20150401
Alibaba 20150402
Antiy-AVL 20150402
Bkav 20150401
CAT-QuickHeal 20150402
ClamAV 20150401
CMC 20150402
Comodo 20150402
Cyren 20150402
DrWeb 20150402
F-Prot 20150401
Jiangmin 20150401
Kingsoft 20150402
Malwarebytes 20150402
McAfee-GW-Edition 20150401
NANO-Antivirus 20150402
Norman 20150402
Rising 20150401
SUPERAntiSpyware 20150402
TheHacker 20150401
TotalDefense 20150401
VBA32 20150401
Zillya 20150402
Zoner 20150402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Goodreads
Original name DUSOstb.exe
Internal name Callstb
File version 1.00.0149
Description Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.
Comments Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-01 06:54:03
Entry Point 0x00001128
Number of sections 3
PE sections
Overlays
MD5 f3d31439ead5fd62419ab8326faed448
File type data
Offset 114688
Size 52221
Entropy 7.89
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(648)
Ord(516)
Ord(685)
Ord(594)
Ord(689)
Ord(525)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(100)
Ord(599)
Ord(570)
Ord(571)
ProcCallEngine
Ord(690)
EVENT_SINK_Release
Ord(595)
Ord(593)
Ord(306)
Ord(631)
Ord(588)
Ord(563)
Number of PE resources by type
RT_ICON 4
ABOUT 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
TELUGU DEFAULT 1
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.149

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x1128

OriginalFileName
DUSOstb.exe

MIMEType
application/octet-stream

FileVersion
1.00.0149

TimeStamp
2015:04:01 07:54:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Callstb

ProductVersion
1.00.0149

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
In CSS3

CodeSize
81920

ProductName
Goodreads

ProductVersionNumber
1.0.0.149

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0993180ee66d7600bc9f78ce6000b320
SHA1 8592d3000a62730411e62555419e34b053b93000
SHA256 aa8bd296ba174baa58c54f78d0322e68834a173d2d4a67a7dbd7df0fa85cee9e
ssdeep
3072:cs6M6O1SQpKpfei956M6Fr5Oyc2xKZbcnyVUEof7KI:ICrgyclpA+I

authentihash cd2ec4183e5148ccb6e40c46ce727844bd59c8e0987b81de817f14d79d3fe46a
imphash e8024eabec2d3b73b11dee538353bfc9
File size 163.0 KB ( 166909 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-01 07:23:42 UTC ( 4 years, 1 month ago )
Last submission 2019-01-07 22:36:39 UTC ( 4 months, 2 weeks ago )
File names DUSOstb.exe
7B4A.tmp
VirusShare_0993180ee66d7600bc9f78ce6000b320
aa8bd296ba174baa58c54f78d0322e68834a173d2d4a67a7dbd7df0fa85cee9e.exe.000
Callstb
8H0X.fon
Dhl_Aktueller_Status___01___04___2015___nolp_dhl_de_092304950578236_lang___De___01_04_2015.exe
8a1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!