× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 0c35af8439d503d7cf99776fe69f4d6a47436f536201617873c2c9c59fc2a00e
Dateiname: Adobe%20Flash%20Player%2011.exe
Erkennungsrate: 10 / 51
Analyse-Datum: 2014-02-05 16:26:15 UTC ( vor 5 Jahre, 1 Monat ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Yandex Packed/MPress 20140204
CMC Virus.Win32.Sality!O 20140122
ESET-NOD32 a variant of Win32/FirseriaInstaller.D 20140205
GData Win32.Application.Morstar.A 20140205
K7GW Unwanted-Program ( 00491fc01 ) 20140205
Panda Trj/Genetic.gen 20140205
Qihoo-360 HEUR/Malware.QVM18.Gen 20140205
Sophos AV Solimba Installer 20140205
VBA32 Downware.Morstar 20140205
VIPRE DownloadMR (fs) 20140205
Ad-Aware 20140205
AegisLab 20140205
AhnLab-V3 20140205
AntiVir 20140205
Antiy-AVL 20140205
Avast 20140205
AVG 20140205
Baidu-International 20140205
BitDefender 20140205
Bkav 20140125
ByteHero 20140205
CAT-QuickHeal 20140205
ClamAV 20140205
Commtouch 20140205
Comodo 20140205
DrWeb 20140205
Emsisoft 20140205
F-Prot 20140205
F-Secure 20140205
Fortinet 20140205
Ikarus 20140205
Jiangmin 20140205
K7AntiVirus 20140205
Kaspersky 20140205
Kingsoft 20140205
Malwarebytes 20140205
McAfee 20140205
McAfee-GW-Edition 20140205
Microsoft 20140205
eScan 20140205
NANO-Antivirus 20140205
Norman 20140205
nProtect 20140205
Rising 20140205
SUPERAntiSpyware 20140205
Symantec 20140205
TheHacker 20140205
TotalDefense 20140205
TrendMicro 20140205
TrendMicro-HouseCall 20140205
ViRobot 20140205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright ©2014

Original name setup_installer
Internal name setup
File version 3.0.30.2
Description SetupManager
Signature verification Signed file, verified signature
Signing date 11:12 AM 2/5/2014
Signers
[+] SETUPPROCESS
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 11/27/2013
Valid to 1:00 PM 12/1/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 7A1B6ABC2D3DECFB7D31850C6B68E8BF401430C0
Serial number 0A 8A BF C7 C8 0D 0C 2F 0A 3A 89 CF 61 39 A9 1D
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-04 14:57:42
Entry Point 0x0007F117
Number of sections 3
PE sections
Overlays
MD5 79da57e15e70370bc52a4caf3bb80482
File type data
Offset 276480
Size 8048
Entropy 7.16
PE imports
RegOpenKeyExW
GetProcAddress
GetModuleHandleA
ShellExecuteExW
CharNextW
Number of PE resources by type
RT_RCDATA 6
RT_BITMAP 5
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 17
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.0.30.2

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
393728

EntryPoint
0x7f117

OriginalFileName
setup_installer

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
3.0.30.2

TimeStamp
2014:02:04 15:57:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
3.0.30

FileDescription
SetupManager

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
setupprocess

CodeSize
104448

FileSubtype
0

ProductVersionNumber
3.0.30.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e93d5136bea778fdc13e8bfbdb27d3b3
SHA1 d5454ff4af6f615e270ab9dba7a15c2febcda628
SHA256 0c35af8439d503d7cf99776fe69f4d6a47436f536201617873c2c9c59fc2a00e
ssdeep
6144:gLaARS0LBZmht0eQMlvNjwD4CAVvmEYX303EHweC78DjVsxz:gmAU0LrK6Mlvp6MUn0Des8DxQz

authentihash b951606a0d3959aee2fce20d3bdcdbfd7c98f608aa8050bcf8cbd6827b87c67a
imphash 51e06f9696239eb2a7e528ff7194c2fa
File size 277.9 KB ( 284528 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2014-02-05 16:26:15 UTC ( vor 5 Jahre, 1 Monat )
Last submission 2014-05-23 08:04:50 UTC ( vor 4 Jahre, 10 Monate )
Dateinamen setup
Adobe Flash Player 11.exe
setup_installer
Adobe%20Flash%20Player%2011.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!