× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b49cee09fa2d6ada7cac699bd923ec88f37f52fc5145c74898b1f51a0c994842
File name: okostub.exe
Detection ratio: 51 / 69
Analysis date: 2018-09-27 14:42:16 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Koobface.495 20180927
AegisLab Worm.Win32.Koobface.p!c 20180927
ALYac Trojan.Koobface.495 20180927
Antiy-AVL Worm[Net]/Win32.Koobface 20180927
Arcabit Trojan.Koobface.495 20180927
Avast FileRepMetagen [Malware] 20180927
AVG FileRepMetagen [Malware] 20180927
Avira (no cloud) TR/Drop.Koobface.L 20180927
AVware BehavesLike.Win32.Koobface!a (v) 20180925
BitDefender Trojan.Koobface.495 20180927
Bkav W32.DmokoXAH.Rootkit 20180927
CAT-QuickHeal TrojanDropper.Koobface 20180927
ClamAV Win.Trojan.Koobface-554 20180927
CMC Net-Worm.Win32.Koobface!O 20180927
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cybereason malicious.5807f4 20180225
Cylance Unsafe 20180927
Cyren W32/Koobface.L.gen!Eldorado 20180927
DrWeb Win32.HLLW.Facebook.944 20180927
Emsisoft Trojan.Koobface.495 (B) 20180927
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Tinxy.BJ 20180927
F-Prot W32/Koobface.HF 20180927
F-Secure Trojan.Koobface.495 20180927
Fortinet W32/Koobface.C!worm.im 20180927
GData Trojan.Koobface.495 20180927
Ikarus Trojan-Dropper.Win32.Koobface 20180927
Sophos ML heuristic 20180717
Jiangmin Worm/Koobface.auq 20180927
Kaspersky Net-Worm.Win32.Koobface.ggr 20180927
MAX malware (ai score=100) 20180927
McAfee Generic.dx!0C0211C5807F 20180927
McAfee-GW-Edition BehavesLike.Win32.ICLoader.dc 20180927
Microsoft TrojanDropper:Win32/Koobface.J 20180927
eScan Trojan.Koobface.495 20180927
Palo Alto Networks (Known Signatures) generic.ml 20180927
Panda Generic Malware 20180927
Qihoo-360 Win32/Worm.300 20180927
Rising Worm.Koobface!8.27A (CLOUD) 20180927
Sophos AV Mal/Koobface-C 20180927
Symantec W32.Koobface!gen4 20180927
Tencent Win32.Worm-net.Koobface.Eog 20180927
TheHacker Trojan/Tinxy.bj 20180927
TotalDefense Win32/Koobface.MT 20180925
TrendMicro TROJ_KOOBFACE.JA 20180927
TrendMicro-HouseCall TROJ_KOOBFACE.JA 20180927
VIPRE BehavesLike.Win32.Koobface!a (v) 20180927
Webroot W32.Infostealer.Koobface 20180927
Yandex Trojan.DR.Koobface!MN+Ebnh5GBA 20180926
Zillya Worm.Koobface.Win32.5783 20180926
ZoneAlarm by Check Point Net-Worm.Win32.Koobface.ggr 20180925
AhnLab-V3 20180927
Alibaba 20180921
Avast-Mobile 20180927
Babable 20180918
Baidu 20180927
Comodo 20180927
eGambit 20180927
K7AntiVirus 20180927
K7GW 20180927
Kingsoft 20180927
Malwarebytes 20180927
NANO-Antivirus 20180927
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180927
Trustlook 20180927
VBA32 20180927
ViRobot 20180927
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©Broadcom Corporation, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Product Windows Display Firewall SCSI
Original name okostub.exe
Internal name okostub.exe
File version 4.79.42
Description Norton Scheduled NDIS IM Viewer Lexmark
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-01 22:00:28
Entry Point 0x000019F6
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
SetFilePointer
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReleaseMutex
SetHandleCount
GetSystemInfo
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
TlsAlloc
FlushFileBuffers
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetEnvironmentStringsW
GetLocaleInfoA
GetCurrentProcessId
lstrcatA
UnhandledExceptionFilter
SetFileTime
GetCPInfo
ExitProcess
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
FileTimeToSystemTime
GetFileType
SetStdHandle
CompareStringW
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
FindFirstFileA
InterlockedExchange
WriteFile
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
SetEnvironmentVariableA
TlsFree
TerminateProcess
ResumeThread
GetTimeZoneInformation
InitializeCriticalSection
HeapCreate
lstrcpyA
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
DeleteTimerQueue
TlsSetValue
CreateFileA
HeapAlloc
GetVersion
LeaveCriticalSection
VirtualAlloc
SetLastError
CloseHandle
CharToOemA
DestroyWindow
OpenIcon
IsWindow
GetGuiResources
socket
bind
WSACleanup
WSAStartup
gethostbyname
connect
shutdown
htons
closesocket
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.79.42.14

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Norton Scheduled NDIS IM Viewer Lexmark

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
181760

EntryPoint
0x19f6

OriginalFileName
okostub.exe

MIMEType
application/octet-stream

LegalCopyright
Broadcom Corporation, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

FileVersion
4.79.42

TimeStamp
2004:04:01 23:00:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
okostub.exe

ProductVersion
4.79.42.14

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Broadcom Corporation

CodeSize
52224

ProductName
Windows Display Firewall SCSI

ProductVersionNumber
4.79.42.14

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0c0211c5807f481033a91a25ee970052
SHA1 c9ab38c6bd27842fb31722355da8a4d0c1a579ba
SHA256 b49cee09fa2d6ada7cac699bd923ec88f37f52fc5145c74898b1f51a0c994842
ssdeep
6144:v0gXeTNi58GuKCYDOwjgRT4Kbkseaia7MJit9UH:v042imGuJEBgRT4Kbk3a94Jit9UH

authentihash 716df49c371f8ef126fb3c4a6afff7896340cdd0cbde57f5d5fdadb56556be05
imphash 6c2e10a55e58055286c6c9483db2ab5b
File size 223.0 KB ( 228352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (35.5%)
Win32 Executable MS Visual C++ (generic) (25.7%)
Win64 Executable (generic) (22.8%)
Win32 Dynamic Link Library (generic) (5.4%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2010-04-04 11:31:36 UTC ( 8 years, 8 months ago )
Last submission 2011-07-18 02:01:35 UTC ( 7 years, 4 months ago )
File names okostub.exe
0C0211C5807F481033A91A25EE970052
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections