× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb
File name: stub
Detection ratio: 43 / 57
Analysis date: 2015-03-23 04:19:16 UTC ( 1 week, 2 days ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.39901 20150323
AVG Zbot.ADT 20150323
AVware Trojan.Win32.Zbot.aa (v) 20150320
Ad-Aware Gen:Variant.Symmi.39901 20150323
Agnitum Trojan.DR.Dapato!UmXa84SWNkE 20150322
AhnLab-V3 Win-Trojan/Poison.102400.CT 20150323
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20150323
Avast Win32:Zbot-QUX [Trj] 20150323
Avira TR/Spy.ZBot.qux.17 20150322
Baidu-International Trojan.Win32.Injector.AGGF 20150322
BitDefender Gen:Variant.Symmi.39901 20150323
Bkav HW32.Packed.78B0 20150321
CAT-QuickHeal Backdoor.Poison.r4 20150321
ClamAV Win.Trojan.PoisonIvy-262 20150323
Comodo TrojWare.Win32.Injector.AKDS 20150323
Cyren W32/Zbot.UXMX-0622 20150323
DrWeb Trojan.DownLoader8.57374 20150323
ESET-NOD32 a variant of Win32/Injector.AGGF 20150322
Emsisoft Gen:Variant.Symmi.39901 (B) 20150323
F-Prot W32/Zbot.BRT 20150323
F-Secure Trojan-Spy:W32/Zbot.BBHW 20150322
Fortinet W32/Zbot.LI!tr 20150323
GData Gen:Variant.Symmi.39901 20150323
Ikarus Backdoor.Win32.Poison 20150323
Jiangmin TrojanDropper.Dapato.thj 20150322
K7AntiVirus Trojan ( 0040f3fd1 ) 20150322
K7GW Trojan ( 0040f3fd1 ) 20150322
Kaspersky HEUR:Trojan.Win32.Generic 20150323
Malwarebytes Trojan.Zbot 20150323
McAfee Generic BackDoor.u 20150323
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20150323
MicroWorld-eScan Gen:Variant.Symmi.39901 20150323
Microsoft Backdoor:Win32/Poison.E 20150323
Norman Suspicious_Gen4.DTNGM 20150322
Qihoo-360 Win32/Trojan.Dropper.a73 20150323
Sophos Troj/Agent-ABOB 20150323
Symantec Backdoor.Darkmoon 20150323
Tencent Trojan.Win32.YY.Gen.24 20150323
TrendMicro BKDR_POISON.MEA 20150323
TrendMicro-HouseCall BKDR_POISON.MEA 20150323
VBA32 TrojanDropper.Dapato 20150322
VIPRE Trojan.Win32.Zbot.aa (v) 20150323
ViRobot Backdoor.Win32.PoisonIvy.102400[h] 20150323
AegisLab 20150323
Alibaba 20150323
ByteHero 20150323
CMC 20150317
Kingsoft 20150323
NANO-Antivirus 20150323
Panda 20150318
Rising 20150322
SUPERAntiSpyware 20150321
TheHacker 20150322
TotalDefense 20150322
Zillya 20150322
Zoner 20150320
nProtect 20150320
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright (C) 2013

Product stub Application
Original name stub.EXE
Internal name stub
File version 1, 0, 0, 1
Description Application
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-06 15:53:18
Link date 4:53 PM 4/6/2013
Entry Point 0x00006566
Number of sections 4
PE sections
PE imports
GetStartupInfoA
MoveFileExW
GetModuleHandleA
GetModuleFileNameW
CreateFileW
VirtualAlloc
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(2446)
Ord(815)
Ord(641)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_exit
_adjust_fdiv
__setusermatherr
_setmbcp
__dllonexit
_onexit
_controlfp
memcpy
exit
_XcptFilter
__getmainargs
_initterm
__p__commode
__set_app_type
GetSystemMetrics
AppendMenuA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
LoadIconA
Number of PE resources by type
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_VXD 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
73728

OriginalFilename
stub.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
1, 0, 0, 1

TimeStamp
2013:04:06 16:53:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub

ProductVersion
1, 0, 0, 1

FileDescription
Application

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
stub Application

ProductVersionNumber
1.0.0.1

EntryPoint
0x6566

ObjectFileType
Executable application

File identification
MD5 8f287f2bc83a8df06a39020f25cd91da
SHA1 470ccc2f22c73a92bea2d50d1267edd584a8b50e
SHA256 ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb
ssdeep
1536:Zdkg7M6EYxxeQDMhPXoepBr09qCb6Uov1PzCZC12YdUbjlkaYBPA:TS6EYfeXhvoeTwe1GZw2zmayA

authentihash 50e453c132b5c2e2385683ee82d4e62dd10c41863be137e02cde9bdf7cf60e26
imphash c8b1bdfe20072c9ec15643e9f3389f85
File size 100.0 KB ( 102400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-30 23:36:36 UTC ( 1 year, 11 months ago )
Last submission 2015-03-23 04:19:16 UTC ( 1 week, 2 days ago )
File names ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb
dol.ns01.us:8081-update-bookmark.png-300413-232623-cuckoo-file.17.decoded
stub.EXE
stub
bookmark.exe
bookmark.png.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.