× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d0a3c51b43e402b67717375fd1a65db1f11332ed48eba601f6d54f497b05fce1
File name: stub32
Detection ratio: 2 / 56
Analysis date: 2015-04-21 06:09:09 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Antiy-AVL Trojan/Win32.TGeneric 20150421
Rising PE:Malware.FakePDF@CV!1.6AB2 20150420
Ad-Aware 20150421
AegisLab 20150421
Yandex 20150420
AhnLab-V3 20150421
Alibaba 20150421
ALYac 20150421
Avast 20150421
AVG 20150421
AVware 20150421
Baidu-International 20150420
BitDefender 20150421
Bkav 20150420
ByteHero 20150421
CAT-QuickHeal 20150421
ClamAV 20150421
CMC 20150418
Comodo 20150421
Cyren 20150421
DrWeb 20150421
Emsisoft 20150421
ESET-NOD32 20150421
F-Prot 20150421
F-Secure 20150421
Fortinet 20150421
GData 20150421
Ikarus 20150421
Jiangmin 20150420
K7AntiVirus 20150421
K7GW 20150421
Kaspersky 20150421
Kingsoft 20150421
Malwarebytes 20150421
McAfee 20150421
McAfee-GW-Edition 20150420
Microsoft 20150421
eScan 20150421
NANO-Antivirus 20150421
Norman 20150421
nProtect 20150420
Panda 20150420
Qihoo-360 20150421
Sophos AV 20150421
SUPERAntiSpyware 20150421
Symantec 20150421
Tencent 20150421
TheHacker 20150421
TotalDefense 20150420
TrendMicro 20150421
TrendMicro-HouseCall 20150421
VBA32 20150420
VIPRE 20150421
ViRobot 20150421
Zillya 20150420
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Publisher Samsung Electronics CO.
Product SCX-4600 Series_Print_64bit
Original name stub32i.exe
Internal name stub32
File version
Description
Comments
Signature verification Certificate out of its validity period
Signers
[+] Samsung Electronics CO.
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/18/2008
Valid to 12:59 AM 12/23/2010
Valid usage Code Signing
Algorithm SHA1
Thumbprint CDD90F19D1805360FC80777454C18DA061F10D5B
Serial number 54 C3 C9 10 52 8E 53 7C 3E D4 22 50 38 66 6D 42
[+] VeriSign Class 3 Code Signing 2004 CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm MD2
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Packers identified
F-PROT CAB, appended, UTF-8, Unicode, NSIS
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-08-02 07:01:18
Entry Point 0x00008AF7
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetObjectA
TextOutA
CreateCompatibleDC
DeleteDC
SetBkMode
GetTextExtentPointA
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
GetDeviceCaps
SelectPalette
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
EnumFontFamiliesExA
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
GetEnvironmentVariableA
LoadResource
FindClose
FormatMessageA
HeapAlloc
GetVersionExA
RemoveDirectoryA
GetPrivateProfileStringA
GetSystemDefaultLCID
MultiByteToWideChar
WritePrivateProfileSectionA
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetVersion
HeapFree
SetHandleCount
lstrcmpiA
FreeLibrary
IsBadWritePtr
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalLock
GetFileType
GetPrivateProfileSectionA
CreateFileA
ExitProcess
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetEnvironmentStrings
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
LZCopy
LZClose
LZOpenFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
MapDialogRect
DrawTextA
BeginPaint
CreateDialogIndirectParamA
CheckRadioButton
ShowWindow
SetWindowPos
SendDlgItemMessageA
IsWindow
LoadIconA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
GetSysColorBrush
IsWindowEnabled
GetWindow
GetSysColor
CheckDlgButton
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SetParent
TranslateMessage
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetNextDlgTabItem
ScreenToClient
InvalidateRect
wsprintfA
UpdateWindow
GetActiveWindow
FillRect
LoadStringA
IsDlgButtonChecked
CharNextA
SetActiveWindow
GetDesktopWindow
LoadImageA
EndPaint
GetWindowTextA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 10
RT_STRING 7
RT_ICON 4
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 26
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.100.1332

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
208896

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

TimeStamp
2002:08:02 08:01:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub32

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
stub32i.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Samsung

CodeSize
77824

ProductName
SCX-4600 Series_Print_64bit

ProductVersionNumber
4.1.0.0

EntryPoint
0x8af7

ObjectFileType
Executable application

File identification
MD5 5702c018a44d76f551d865dcbcc4eab8
SHA1 38829e61d86cae3783fb8c92782e3c045ede46cb
SHA256 d0a3c51b43e402b67717375fd1a65db1f11332ed48eba601f6d54f497b05fce1
ssdeep
393216:zUpqJHEhSgTU+KzzjrHrPdNb+QKY4+gjKN8fAK26NP9hQiY4ptcnz:zUgJHBgw7zzjXHbrN8fAK26NP/Qv4ptC

authentihash 46fb4698fad4a406830d42acf7c70dc3cad8ef34c88557c359290a449561f47b
imphash d84d991d25f1d024e6888428c049c5f2
File size 18.0 MB ( 18908864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
nsis peexe signed

VirusTotal metadata
First submission 2011-05-26 23:13:21 UTC ( 8 years ago )
Last submission 2011-05-26 23:13:21 UTC ( 8 years ago )
File names stub32
stub32i.exe
file-2295660_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs