× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e995778bfb98dbc76bd05f19e51c798a76446326e2794e9a919de1f92c3bb9bd
File name: 745417f3cb8e87a958655709e6b72496
Detection ratio: 36 / 68
Analysis date: 2018-08-10 18:09:03 UTC ( 7 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.374675 20180810
AhnLab-V3 Trojan/Win32.Injector.R233941 20180810
ALYac Gen:Variant.Razy.374675 20180810
Arcabit Trojan.Razy.D5B793 20180810
Avast FileRepMalware 20180810
AVG FileRepMalware 20180810
AVware Trojan.Win32.Generic!BT 20180810
BitDefender Gen:Variant.Razy.374675 20180810
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cylance Unsafe 20180810
Cyren W32/Fareit.GD.gen!Eldorado 20180810
Emsisoft Trojan.Injector (A) 20180810
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZRP 20180810
F-Prot W32/Fareit.GD.gen!Eldorado 20180810
F-Secure Gen:Variant.Razy.374675 20180810
Fortinet W32/Injector.DZRG!tr 20180810
GData Gen:Variant.Razy.374675 20180810
Ikarus Trojan.VB.Crypt 20180810
Sophos ML heuristic 20180717
Kaspersky Trojan.Win32.VBKrypt.zsuf 20180810
Malwarebytes Trojan.MalPack.VB 20180810
MAX malware (ai score=85) 20180810
McAfee Packed-FJQ!745417F3CB8E 20180810
McAfee-GW-Edition BehavesLike.Win32.Fareit.hc 20180810
Microsoft Trojan:Win32/Dynamer!rfn 20180810
Panda Trj/Genetic.gen 20180810
Qihoo-360 HEUR/QVM03.0.1841.Malware.Gen 20180810
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180810
Symantec ML.Attribute.HighConfidence 20180810
Tencent Win32.Trojan.Vbkrypt.Agbc 20180810
TrendMicro TROJ_GEN.R004C0DHA18 20180810
TrendMicro-HouseCall TROJ_GEN.R004C0DHA18 20180810
VIPRE Trojan.Win32.Generic!BT 20180810
ZoneAlarm by Check Point Trojan.Win32.VBKrypt.zsuf 20180810
AegisLab 20180810
Alibaba 20180713
Antiy-AVL 20180810
Avast-Mobile 20180810
Avira (no cloud) 20180810
Babable 20180725
Baidu 20180810
Bkav 20180810
CAT-QuickHeal 20180810
ClamAV 20180810
CMC 20180810
Comodo 20180810
Cybereason 20180225
DrWeb 20180810
eGambit 20180810
Jiangmin 20180810
K7AntiVirus 20180810
K7GW 20180810
Kingsoft 20180810
eScan 20180810
NANO-Antivirus 20180810
Palo Alto Networks (Known Signatures) 20180810
Rising 20180810
SUPERAntiSpyware 20180810
Symantec Mobile Insight 20180809
TACHYON 20180810
TheHacker 20180807
TotalDefense 20180810
Trustlook 20180810
VBA32 20180810
ViRobot 20180810
Webroot 20180810
Yandex 20180810
Zillya 20180810
Zoner 20180810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
CAmStudio OPen SOurce DEv TEam

Product LAstPass
Original name Hubbell.exe
Internal name Hubbell
File version 6.02
Description Www.Orbitdownloader.Com
Comments VEntis MEdia INc.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-04-21 20:12:00
Entry Point 0x00001380
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaLenVar
_CIcos
__vbaStrCmp
Ord(521)
_allmul
_adj_fdivr_m64
__vbaLateIdCallLd
__vbaObjSetAddref
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(544)
Ord(526)
Ord(563)
_adj_fdivr_m16i
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaR8Sgn
Ord(673)
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaStrToUnicode
__vbaRecDestruct
__vbaStrMove
EVENT_SINK_Release
__vbaCyMul
_adj_fdiv_r
Ord(100)
__vbaVarAdd
__vbaI2Var
__vbaFreeVar
__vbaVarTstNe
__vbaLateMemCallLd
Ord(519)
_CItan
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaLenBstrB
Ord(612)
__vbaVarIdiv
__vbaLsetFixstr
Ord(616)
__vbaVarTstEq
_adj_fptan
_adj_fprem
Ord(610)
__vbaI4Var
__vbaFpI4
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
Ord(660)
_adj_fdivr_m32i
__vbaStrComp
_CIexp
Ord(678)
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaVarCopy
__vbaFreeStrList
__vbaVarCat
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
INtel

SubsystemVersion
4.0

Comments
VEntis MEdia INc.

InitializedDataSize
24576

ImageVersion
6.2

ProductName
LAstPass

FileVersionNumber
6.2.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Hubbell.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.02

TimeStamp
2007:04:21 21:12:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Hubbell

ProductVersion
6.02

FileDescription
Www.Orbitdownloader.Com

OSVersion
4.0

FileOS
Win32

LegalCopyright
CAmStudio OPen SOurce DEv TEam

MachineType
Intel 386 or later, and compatibles

CompanyName
BItcoin Project

CodeSize
503808

FileSubtype
0

ProductVersionNumber
6.2.0.0

EntryPoint
0x1380

ObjectFileType
Executable application

File identification
MD5 745417f3cb8e87a958655709e6b72496
SHA1 90769529c5a3b1fd43ab9c60864a0c1765d6a3b3
SHA256 e995778bfb98dbc76bd05f19e51c798a76446326e2794e9a919de1f92c3bb9bd
ssdeep
6144:BeqKB6fEIVtvzcWZf8MMPfZwNJm7+5lltps:ofYfXbZf8BP2D5lNs

authentihash 34c69c3e9f0a327d8c1de8e4f38ebb0ad7c35106a80fb35d71bffc73ae4775e1
imphash d78fc8fe4fad5ae0ff322f1c77463675
File size 516.0 KB ( 528384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-10 18:09:03 UTC ( 7 months, 2 weeks ago )
Last submission 2018-08-10 18:09:03 UTC ( 7 months, 2 weeks ago )
File names Hubbell.exe
Hubbell
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.