× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2a4b0fe7490ad09bb519e87b8448f25ec2d5796e339d4f5bcfb2aa0a81c8a9d
Detection ratio: 27 / 40
Analysis date: 2010-05-12 18:44:58 UTC ( 8 years, 4 months ago )
Antivirus Result Update
a-squared Trojan-Dropper.Win32.Koobface!IK 20100510
AhnLab-V3 Win-Trojan/Koobface.230912 20100512
AntiVir TR/Drop.Koobface.J.35 20100512
Avast Win32:Malware-gen 20100512
Avast5 Win32:Malware-gen 20100512
AVG Dropper.Generic.CJNE 20100512
BitDefender Trojan.Generic.KD.5120 20100512
Comodo UnclassifiedMalware 20100512
eSafe Win32.TRDrop.Koobfac 20100511
F-Secure Trojan.Generic.KD.5120 20100512
Fortinet W32/Koobface.C 20100512
GData Trojan.Generic.KD.5120 20100512
Ikarus Trojan-Dropper.Win32.Koobface 20100512
Jiangmin TrojanDropper.Koobface.af 20100512
Kaspersky Trojan-Dropper.Win32.Koobface.ah 20100512
McAfee-GW-Edition Heuristic.LooksLike.Worm.Koobface.B 20100512
Microsoft TrojanDropper:Win32/Koobface.J 20100512
NOD32 a variant of Win32/Tinxy.BJ 20100512
Norman W32/Koobface.GST 20100512
nProtect Trojan.Generic.KD.5120 20100512
Panda Generic Trojan 20100511
PCTools Voronezh.1600.A 20100512
Rising Trojan.Win32.Generic.51FDE896 20100512
Sophos AV Mal/Koobface-C 20100512
Sunbelt Trojan.Win32.Generic!BT 20100512
Symantec W32.Koobface!gen4 20100512
TheHacker Trojan/Tinxy.bj 20100511
Antiy-AVL 20100512
Authentium 20100512
CAT-QuickHeal 20100512
ClamAV 20100512
DrWeb 20100512
eTrust-Vet 20100512
F-Prot 20100512
McAfee 20100512
TrendMicro 20100512
TrendMicro-HouseCall 20100512
VBA32 20100512
ViRobot 20100512
VirusBuster 20100512
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
FileVersionInfo properties
Copyright
(c) WinZip Computing, S.L. All rights reserved.

Publisher WinZip Computing, S.L.
Product Bat_ Applet
Original name okostub.exe
Internal name okostub.exe
File version 3.62.36.4
Description Firewall Manager Winamp Microsoft Control Hewlett-Packard Kodak
PE header basic information
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
WriteFile
Sleep
GetSystemDirectoryA
lstrcatA
GetStdHandle
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
ReleaseMutex
CloseHandle
GetCurrentProcessId
GetTempPathA
GetTickCount
GetLastError
ResumeThread
SetFileTime
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
HeapSize
LCMapStringW
LCMapStringA
lstrcpyA
CreateFileA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
RtlUnwind
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
QueryPerformanceCounter
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
SetEnvironmentVariableA
GetGuiResources
DestroyWindow
IsWindow
OpenIcon
CharToOemA
9 more function(s) imported by ordinal)
File identification
MD5 0ffbfd40c48aa56b6c2a99c440301b66
SHA1 79ae3b2c7e4172b9e3cf8a6aff795a07bf428553
SHA256 c2a4b0fe7490ad09bb519e87b8448f25ec2d5796e339d4f5bcfb2aa0a81c8a9d
ssdeep
6144:0g0cJJDL/4EXzODZndz2US0zxstipPmNn:0gv/Efvz9Sqr6

File size 225.5 KB ( 230912 bytes )
File type unknown
Magic literal

TrID Win64 Executable Generic (58.8%)
Win32 Executable MS Visual C++ (generic) (25.9%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.2%)
Clipper DOS Executable (1.3%)
VirusTotal metadata
First submission 2010-04-08 13:39:57 UTC ( 8 years, 5 months ago )
Last submission 2010-05-12 18:44:58 UTC ( 8 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!