» stub.exe
Overview
Analysis
File Details

stub.exe

i6dT9G77WVjk3vwsc0SabdrIuH3zO33Dm78

NB00a0RJ6Vtb2SvrqSqar714TZ4uEU2rblk2ByUTS

The executable stub.exe, “wydGyTHE9P74sctU2CcR2” has been detected as malware by 20 anti-virus scanners.

File name:

stub.exe

Publisher:

NB00a0RJ6Vtb2SvrqSqar714TZ4uEU2rblk2ByUTS

Product:

i6dT9G77WVjk3vwsc0SabdrIuH3zO33Dm78

Description:

wydGyTHE9P74sctU2CcR2

Version:

2.2.3.2

MD5:

8a55bf76fdc70f830442744709d21d07

SHA-1:

95e8ce4f591fd974f4e5753a4e785a0c486a9efe

SHA-256:

bee31d03a675de4ba18634b913bb303edbb8854357dcac687facbcf2afb42804

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/26/2024 6:09:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.7807245

896

Avira AntiVirus

TR/Downloader.Gen

7.11.151.104

avast!

Win32:Dropper-gen [Drp]

2014.9-140822

AVG

Dropper.Generic5

2015.0.3374

Bitdefender

Trojan.Generic.7807245

1.0.20.1170

Emsisoft Anti-Malware

Trojan.Generic.7807245

8.14.08.22.05

ESET NOD32

MSIL/TrojanDropper.Agent.APB

8.9848

F-Secure

Trojan.Generic.7807245

11.2014-22-08_6

G Data

Trojan.Generic.7807245

14.8.24

IKARUS anti.virus

Virus.Win32.Dropper

t3scan.1.6.1.0

McAfee

PWS-FAYU!8A55BF76FDC7

5600.7030

MicroWorld eScan

Trojan.Generic.7807245

15.0.0.702

NANO AntiVirus

Trojan.Win32.FAYU.cxfxtg

0.28.0.59921

nProtect

Trojan.Generic.7807245

14.05.25.01

Panda Antivirus

Trj/CI.A

14.08.22.05

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Dropper

10406

Trend Micro House Call

TROJ_GEN.R0CBH06E514

7.2.234

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

29608

File size:

165 KB (168,960 bytes)

Product version:

7.3.2.8

XuCmM0FK5x770tboWb2jX7yS4E7dx0pDE

Original file name:

C:\Users\Cya\Desktop\DarkRAT v11 Full v4\Release\extra\Binder\Stub.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

2/21/2011 6:56:58 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:EG8+Gy+G3cuPsllllllY2uQPZcXu3V7J7R7j5tcXu3V7J7R7j5M3QrPPJfz2J:EGshZ42Vb7f42Vb7pJy

Entry address:

0x2758C

Entry point:

FF, 25, 7C, 75, 42, 00, 00, 00, 5F, 43, 6F, 72, 45, 78, 65, 4D, 61, 69, 6E, 00, 6D, 73, 63, 6F, 72, 65, 65, 2E, 64, 6C, 6C, 00, F4, 03, 00, 00, 7B, 7A, 7D, 02, 6E, 93, B4, 9A, AD, DB, DC, E8, 86, 33, B3, B6, 02, 01, E0, C3, A7, E0, 4A, 46, 83, 63, 14, 61, 32, 77, 88, BD, 5E, 88, 2C, 3D, B0, FB, 0F, 14, 9D, FC, F2, 45, B0, CF, DB, A4, 3F, 6B, 5E, 00, 2F, B7, 6C, D0, 09, B6, 48, 29, 42, 8A, DC, DC, 26, E6, 0C, 22, 77, A0, 79, FA, 3A, E3, 64, 2D, 3A, 62, 8D, 10, 05, 8D, 54, D3, 74, 7E, 52, C0, 15, B5, 38, ED... 
[+]

Entropy:

6.8089

Code size:

32 KB (32,768 bytes)

Remove stub.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.