× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b246ede11a9b46712d640f365ff0ba3017fbf75bca58fb4b2e61f74f8dff5d43
File name: 2015-09-03-Nuclear-EK-Payload.exe
Detection ratio: 19 / 56
Analysis date: 2015-09-06 19:00:59 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.56094 20150906
Yandex Trojan.Fsysna! 20150906
Antiy-AVL Trojan/Win32.Fsysna 20150906
Avast Win32:Trojan-gen 20150906
AVG Inject3.DVK 20150906
Avira (no cloud) TR/Dropper.VB.35372 20150906
Baidu-International Trojan.Win32.Fsysna.cgqg 20150906
BitDefender Gen:Variant.Symmi.56094 20150906
ByteHero Virus.Win32.Heur.p 20150906
DrWeb Trojan.Inject2.2589 20150906
Emsisoft Gen:Variant.Symmi.56094 (B) 20150906
ESET-NOD32 a variant of Win32/Injector.CIBY 20150906
GData Gen:Variant.Symmi.56094 20150906
Kaspersky Trojan.Win32.Fsysna.cgqg 20150906
Malwarebytes Trojan.Injector.VX 20150906
eScan Gen:Variant.Symmi.56094 20150906
Panda Trj/Genetic.gen 20150906
Qihoo-360 Win32/Trojan.1d3 20150906
Symantec Infostealer.Limitail 20150906
AegisLab 20150906
AhnLab-V3 20150906
Alibaba 20150902
ALYac 20150906
Arcabit 20150905
AVware 20150901
Bkav 20150905
CAT-QuickHeal 20150905
ClamAV 20150906
CMC 20150902
Comodo 20150906
Cyren 20150906
F-Prot 20150906
F-Secure 20150905
Fortinet 20150906
Ikarus 20150906
Jiangmin 20150905
K7AntiVirus 20150906
K7GW 20150906
Kingsoft 20150906
McAfee 20150906
McAfee-GW-Edition 20150906
Microsoft 20150906
NANO-Antivirus 20150906
nProtect 20150904
Rising 20150906
Sophos 20150906
SUPERAntiSpyware 20150905
Tencent 20150906
TheHacker 20150904
TrendMicro 20150906
TrendMicro-HouseCall 20150906
VBA32 20150905
VIPRE 20150906
ViRobot 20150906
Zillya 20150905
Zoner 20150906
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Ceripokertop
Original name Stab.exe
Internal name Stab
File version 5.11.0052
Description fflash game Sign in. Forgot Your Password? Practice an Online Assessment · Learn More about CERT. View a Video Overview. System Requirements · Contact Us.
Comments Sign in. Forgot Your Password? Practice an Online Assessment · Learn More about CERT. View a Video Overview. System Requirements · Contact Us.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-03 14:35:43
Entry Point 0x00001108
Number of sections 3
PE sections
Overlays
MD5 5893360ba1387f920b9847df1abb5205
File type data
Offset 61440
Size 37916
Entropy 7.85
PE imports
EVENT_SINK_QueryInterface
Ord(689)
Ord(537)
Ord(570)
Ord(595)
Ord(685)
Ord(607)
Ord(525)
EVENT_SINK_AddRef
Ord(717)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(608)
Ord(100)
ProcCallEngine
Ord(690)
EVENT_SINK_Release
Ord(616)
Ord(617)
Ord(581)
Ord(631)
Ord(619)
Ord(563)
Number of PE resources by type
Struct(0) 3
RT_STRING 1
59 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
TELUGU DEFAULT 1
ENGLISH US 1
NORWEGIAN NYNORSK 1
PE resources
ExifTool file metadata
LegalTrademarks
Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.

SubsystemVersion
4.0

Comments
Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.

LinkerVersion
6.0

ImageVersion
5.11

FileSubtype
0

FileVersionNumber
5.11.0.52

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
fflash game Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x1108

Tagh
ame Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.

OriginalFileName
Stab.exe

MIMEType
application/octet-stream

FileVersion
5.11.0052

TimeStamp
2015:09:03 15:35:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Stab

ProductVersion
5.11.0052

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
45056

ProductName
Ceripokertop

ProductVersionNumber
5.11.0.52

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b66b7e4aa009c30d7ff48c638a96cbf8
SHA1 05dae79f629f24679ac2e4a67e05a64224786ebf
SHA256 b246ede11a9b46712d640f365ff0ba3017fbf75bca58fb4b2e61f74f8dff5d43
ssdeep
1536:nn6lHxM0Axw28WOrld7ojVnpG9ovwsnw6EyPWBsKPIkjEc:nnW3Xhd7ojVnw6ooWBjjj7

authentihash e9ad9a41e123b69e9b3a32b46b280fb051cbf58e647e6cffd920030b2ac4c4c0
imphash 70404cfeb3a0b6bcf20a9d0e065bb479
File size 97.0 KB ( 99356 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-06 18:50:35 UTC ( 1 year, 7 months ago )
Last submission 2015-09-06 19:00:59 UTC ( 1 year, 7 months ago )
File names Stab.exe
Stab
2015-09-03-Nuclear-EK-Payload.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!