× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb
File name: stub
Detection ratio: 43 / 57
Analysis date: 2015-08-28 11:28:02 UTC ( 4 days, 2 hours ago )
Antivirus Result Update
ALYac Trojan.Lethic.Gen.4 20150828
AVG Zbot.ADT 20150828
AVware Trojan.Win32.Zbot.aa (v) 20150828
Ad-Aware Trojan.Lethic.Gen.4 20150828
Agnitum Trojan.DR.Dapato!UmXa84SWNkE 20150827
AhnLab-V3 Win-Trojan/Poison.102400.CT 20150828
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20150828
Arcabit Trojan.Lethic.Gen.4 20150828
Avast Win32:Zbot-QUX [Trj] 20150828
Avira TR/Dropper.Gen 20150828
Baidu-International Trojan.Win32.Injector.AGGF 20150828
BitDefender Trojan.Lethic.Gen.4 20150828
Bkav HW32.Packed.78B0 20150826
CAT-QuickHeal Backdoor.Poison.r4 20150828
ClamAV Win.Trojan.PoisonIvy-262 20150828
Comodo TrojWare.Win32.Injector.AKDS 20150828
Cyren W32/Zbot.UXMX-0622 20150828
DrWeb Trojan.DownLoader8.57374 20150828
ESET-NOD32 a variant of Win32/Injector.AGGF 20150828
Emsisoft Trojan.Lethic.Gen.4 (B) 20150828
F-Prot W32/Zbot.BRT 20150828
F-Secure Trojan-Spy:W32/Zbot.BBHW 20150828
Fortinet W32/Zbot.LI!tr 20150828
GData Trojan.Lethic.Gen.4 20150828
Ikarus Backdoor.Win32.Poison 20150828
Jiangmin TrojanDropper.Dapato.thj 20150827
K7AntiVirus Trojan ( 0040f3fd1 ) 20150828
K7GW Trojan ( 0040f3fd1 ) 20150828
Kaspersky HEUR:Trojan.Win32.Generic 20150828
McAfee Generic BackDoor.u 20150828
McAfee-GW-Edition Generic BackDoor.u 20150828
MicroWorld-eScan Trojan.Lethic.Gen.4 20150828
Microsoft Trojan:Win32/Bulta!rfn 20150827
Panda Trj/CI.A 20150828
Qihoo-360 Win32/Trojan.Spy.ec6 20150828
Sophos Troj/Agent-ABOB 20150828
Symantec Backdoor.Darkmoon 20150827
TrendMicro BKDR_POISON.MEA 20150828
TrendMicro-HouseCall BKDR_POISON.MEA 20150828
VBA32 TrojanDropper.Dapato 20150828
VIPRE Trojan.Win32.Zbot.aa (v) 20150828
ViRobot Backdoor.Win32.PoisonIvy.102400[h] 20150828
nProtect Trojan.Lethic.Gen.4 20150828
AegisLab 20150828
Alibaba 20150828
ByteHero 20150828
CMC 20150827
Kingsoft 20150828
Malwarebytes 20150828
NANO-Antivirus 20150828
Rising 20150826
SUPERAntiSpyware 20150826
Tencent 20150828
TheHacker 20150828
TotalDefense 20150828
Zillya 20150828
Zoner 20150828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013

Product stub Application
Original name stub.EXE
Internal name stub
File version 1, 0, 0, 1
Description Application
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-06 15:53:18
Link date 4:53 PM 4/6/2013
Entry Point 0x00006566
Number of sections 4
PE sections
PE imports
GetStartupInfoA
MoveFileExW
GetModuleHandleA
GetModuleFileNameW
CreateFileW
VirtualAlloc
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(2446)
Ord(815)
Ord(641)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_exit
_adjust_fdiv
__setusermatherr
_setmbcp
__dllonexit
_onexit
_controlfp
memcpy
exit
_XcptFilter
__getmainargs
_initterm
__p__commode
__set_app_type
GetSystemMetrics
AppendMenuA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
LoadIconA
Number of PE resources by type
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_VXD 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
73728

EntryPoint
0x6566

OriginalFileName
stub.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
1, 0, 0, 1

TimeStamp
2013:04:06 16:53:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub

ProductVersion
1, 0, 0, 1

FileDescription
Application

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
stub Application

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8f287f2bc83a8df06a39020f25cd91da
SHA1 470ccc2f22c73a92bea2d50d1267edd584a8b50e
SHA256 ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb
ssdeep
1536:Zdkg7M6EYxxeQDMhPXoepBr09qCb6Uov1PzCZC12YdUbjlkaYBPA:TS6EYfeXhvoeTwe1GZw2zmayA

authentihash 50e453c132b5c2e2385683ee82d4e62dd10c41863be137e02cde9bdf7cf60e26
imphash c8b1bdfe20072c9ec15643e9f3389f85
File size 100.0 KB ( 102400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-30 23:36:36 UTC ( 2 years, 4 months ago )
Last submission 2015-03-23 04:19:16 UTC ( 5 months, 1 week ago )
File names ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb
dol.ns01.us:8081-update-bookmark.png-300413-232623-cuckoo-file.17.decoded
stub.EXE
stub
bookmark.exe
bookmark.png.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.