× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb
File name: stub
Detection ratio: 43 / 50
Analysis date: 2014-02-20 15:15:53 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
AVG Zbot.ADT 20140220
Ad-Aware Trojan.Zbot.5311 20140220
Agnitum Trojan.DR.Dapato!UmXa84SWNkE 20140220
AhnLab-V3 Win-Trojan/Poison.102400.CT 20140220
AntiVir TR/Spy.ZBot.qux.17 20140220
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20140219
Avast Win32:Zbot-QUX [Trj] 20140220
Baidu-International Trojan.Win32.Generic.Ag 20140220
BitDefender Trojan.Zbot.5311 20140220
Bkav HW32.CDB.78b0 20140220
CAT-QuickHeal Backdoor.Poison 20140220
ClamAV Win.Trojan.PoisonIvy-262 20140220
Commtouch W32/Zbot.UXMX-0622 20140220
Comodo TrojWare.Win32.Injector.AKDS 20140220
DrWeb Trojan.DownLoader8.57374 20140220
ESET-NOD32 a variant of Win32/Injector.AGGF 20140220
Emsisoft Trojan.Zbot.5311 (B) 20140220
F-Prot W32/Zbot.BRT 20140220
F-Secure Trojan-Spy:W32/Zbot.BBHW 20140220
Fortinet W32/Zbot.LI!tr 20140220
GData Trojan.Zbot.5311 20140220
Ikarus Backdoor.Win32.Poison 20140220
Jiangmin TrojanDropper.Dapato.thj 20140220
K7AntiVirus Trojan ( 0040f3fd1 ) 20140219
K7GW Trojan ( 0040f3fd1 ) 20140219
Kaspersky HEUR:Trojan.Win32.Generic 20140220
Malwarebytes Trojan.Zbot 20140220
McAfee Generic BackDoor.u 20140220
McAfee-GW-Edition Generic BackDoor.u 20140220
MicroWorld-eScan Trojan.Zbot.5311 20140220
Microsoft Backdoor:Win32/Poison.E 20140220
Norman Suspicious_Gen4.DTNGM 20140220
Panda Trj/CI.A 20140220
Qihoo-360 Win32/Trojan.Dropper.a73 20140220
Rising PE:Malware.Generic/QRS!1.9E2D 20140219
Sophos Troj/Agent-ABOB 20140220
Symantec Backdoor.Darkmoon 20140220
TrendMicro BKDR_POISON.MEA 20140220
TrendMicro-HouseCall BKDR_POISON.MEA 20140220
VBA32 TrojanDropper.Dapato 20140220
VIPRE Trojan.Win32.Zbot.aa (v) 20140220
ViRobot Backdoor.Win32.PoisonIvy.102400 20140220
nProtect Trojan.Zbot.5311 20140220
ByteHero 20140220
CMC 20140220
Kingsoft 20140220
NANO-Antivirus 20140220
SUPERAntiSpyware 20140220
TheHacker 20140220
TotalDefense 20140219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) 2013

Product stub Application
Original name stub.EXE
Internal name stub
File version 1, 0, 0, 1
Description Application
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-06 15:53:18
Link date 4:53 PM 4/6/2013
Entry Point 0x00006566
Number of sections 4
PE sections
PE imports
GetStartupInfoA
MoveFileExW
GetModuleHandleA
GetModuleFileNameW
CreateFileW
VirtualAlloc
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(2446)
Ord(815)
Ord(641)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_exit
_adjust_fdiv
__setusermatherr
_setmbcp
__dllonexit
_onexit
_controlfp
memcpy
exit
_XcptFilter
__getmainargs
_initterm
__p__commode
__set_app_type
GetSystemMetrics
AppendMenuA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
LoadIconA
Number of PE resources by type
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_VXD 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
73728

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
1, 0, 0, 1

TimeStamp
2013:04:06 16:53:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub

FileAccessDate
2014:02:20 16:16:39+01:00

ProductVersion
1, 0, 0, 1

FileDescription
Application

OSVersion
4.0

FileCreateDate
2014:02:20 16:16:39+01:00

OriginalFilename
stub.EXE

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
stub Application

ProductVersionNumber
1.0.0.1

EntryPoint
0x6566

ObjectFileType
Executable application

File identification
MD5 8f287f2bc83a8df06a39020f25cd91da
SHA1 470ccc2f22c73a92bea2d50d1267edd584a8b50e
SHA256 ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb
ssdeep
1536:Zdkg7M6EYxxeQDMhPXoepBr09qCb6Uov1PzCZC12YdUbjlkaYBPA:TS6EYfeXhvoeTwe1GZw2zmayA

imphash c8b1bdfe20072c9ec15643e9f3389f85
File size 100.0 KB ( 102400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-30 23:36:36 UTC ( 11 months, 3 weeks ago )
Last submission 2013-05-06 15:32:33 UTC ( 11 months, 2 weeks ago )
File names ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb
dol.ns01.us:8081-update-bookmark.png-300413-232623-cuckoo-file.17.decoded
stub.EXE
stub
bookmark.exe
bookmark.png.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.