× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01869e4098a7269897a7d5420b5a34a9f45b61955b57117d5882b83f03dea379
File name: Flash
Detection ratio: 21 / 71
Analysis date: 2019-01-15 02:35:12 UTC ( 4 months, 1 week ago )
Antivirus Result Update
Avast FileRepMalware 20190115
AVG FileRepMalware 20190115
Avira (no cloud) JOKE/Desktits.A 20190115
Bkav W32.HfsAutoB. 20190108
CAT-QuickHeal Trojan.Zpevdo 20190114
Comodo Malware@#hc9u24qxx02i 20190114
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cyren W32/GenBl.0030DB5A!Olympus 20190115
Endgame malicious (high confidence) 20181108
Malwarebytes JokeTool.Zoodesk 20190115
MAX malware (ai score=85) 20190116
McAfee RDN/Generic.hra 20190115
McAfee-GW-Edition Artemis!Trojan 20190115
Microsoft Trojan:Win32/Zpevdo.A 20190114
Rising Trojan.Zpevdo!8.F912 (CLOUD) 20190115
Sophos AV Generic PUA IE (PUA) 20190115
Symantec ML.Attribute.HighConfidence 20190115
Trapmine suspicious.low.ml.score 20190103
TrendMicro-HouseCall TROJ_GEN.R002H0CA219 20190115
VIPRE Trojan.Win32.Generic!BT 20190115
Webroot W32.Malware.Heur 20190116
Acronis 20190111
Ad-Aware 20190115
AegisLab 20190115
AhnLab-V3 20190114
Alibaba 20180921
ALYac 20190115
Antiy-AVL 20190115
Arcabit 20190115
Avast-Mobile 20190115
Babable 20180918
Baidu 20190115
BitDefender 20190115
ClamAV 20190115
CMC 20190114
Cybereason 20190109
Cylance 20190116
DrWeb 20190114
eGambit 20190116
Emsisoft 20190114
ESET-NOD32 20190114
F-Prot 20190115
F-Secure 20190114
Fortinet 20190114
GData 20190115
Ikarus 20190115
Sophos ML 20181128
Jiangmin 20190115
K7AntiVirus 20190115
K7GW 20190115
Kaspersky 20190115
Kingsoft 20190116
eScan 20190115
NANO-Antivirus 20190114
Palo Alto Networks (Known Signatures) 20190116
Panda 20190114
Qihoo-360 20190116
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190109
TACHYON 20190115
Tencent 20190116
TheHacker 20190115
TotalDefense 20190115
TrendMicro 20190115
Trustlook 20190116
VBA32 20190115
ViRobot 20190115
Yandex 20190111
Zillya 20190115
ZoneAlarm by Check Point 20190115
Zoner 20190115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-99 Macromedia, Inc.

Product Flash 4.0
Original name SwFlsh32.exe
Internal name Flash
File version 4,0,7,0
Description Flash Player 4.0 r7
Packers identified
PEiD Macromedia Windows Flash Projector/Player v4.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-06-04 19:07:50
Entry Point 0x000081B0
Number of sections 6
PE sections
PE imports
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
GetSystemPaletteEntries
CreatePen
GetBkMode
SaveDC
SetTextAlign
GetTextMetricsA
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
IntersectClipRect
BitBlt
CreateDIBSection
EnumFontFamiliesA
RealizePalette
SetTextColor
SetDIBitsToDevice
MoveToEx
CreatePalette
GetStockObject
SelectPalette
ExtTextOutA
GdiFlush
CreateCompatibleDC
StretchDIBits
CreateFontIndirectA
DeleteObject
GetTextExtentPoint32A
CreateSolidBrush
SelectObject
SetBkColor
GetBkColor
CreateCompatibleBitmap
GetLastError
EnterCriticalSection
lstrlenA
GlobalFree
QueryPerformanceCounter
CopyFileA
ExitProcess
GlobalUnlock
GetVersionExA
LoadLibraryA
IsDBCSLeadByte
WinExec
GetACP
GetStartupInfoA
GetFileSize
DeleteFileA
CreateThread
SetErrorMode
MultiByteToWideChar
GetModuleFileNameA
WaitForMultipleObjects
GetModuleHandleA
GetCPInfo
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetCommandLineA
ExitThread
GlobalLock
CreateProcessA
InitializeCriticalSection
GlobalAlloc
Sleep
SetEndOfFile
CreateFileA
GetProcAddress
LeaveCriticalSection
DragAcceptFiles
DragQueryFileA
SetFocus
GetMessageA
TranslateAcceleratorA
RegisterClassA
UpdateWindow
PostMessageA
EndDialog
LoadMenuA
MoveWindow
GetCapture
DefWindowProcA
KillTimer
DestroyMenu
PostQuitMessage
ScreenToClient
ShowWindow
SetWindowPos
SetWindowLongA
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
LoadStringA
SetCapture
ReleaseCapture
GetDlgItemTextA
WindowFromPoint
MessageBoxA
GetClipboardData
TranslateMessage
DialogBoxParamA
GetWindow
SetDlgItemTextA
GetDC
GetKeyState
GetCursorPos
ReleaseDC
BeginPaint
CheckMenuItem
GetMenu
GetSubMenu
SetClipboardData
GetClientRect
CreateWindowExA
GetDlgItem
EnableMenuItem
ClientToScreen
DeleteMenu
InvalidateRect
LoadAcceleratorsA
GetWindowLongA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
OpenClipboard
GetDesktopWindow
EnableWindow
CloseClipboard
DestroyWindow
SetCursor
timeKillEvent
waveOutReset
waveOutOpen
waveOutClose
waveOutUnprepareHeader
timeGetTime
waveOutGetDevCapsA
timeEndPeriod
waveOutPrepareHeader
timeSetEvent
waveOutWrite
timeGetDevCaps
timeBeginPeriod
GetOpenFileNameA
GetSaveFileNameA
Number of PE resources by type
RT_MENU 23
RT_DIALOG 16
RT_ICON 12
RT_STRING 4
RT_CURSOR 4
RT_GROUP_CURSOR 2
RT_GROUP_ICON 2
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 28
GERMAN 6
JAPANESE DEFAULT 6
SWEDISH 5
PORTUGUESE 5
FRENCH 5
SPANISH MODERN 5
ITALIAN 5
PE resources
ExifTool file metadata
CodeSize
208896

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.7.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Flash Player 4.0 r7

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
81920

EntryPoint
0x81b0

OriginalFileName
SwFlsh32.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-99 Macromedia, Inc.

FileVersion
4,0,7,0

TimeStamp
1999:06:04 20:07:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Flash

ProductVersion
4,0,7,0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Macromedia, Inc.

LegalTrademarks
Flash

ProductName
Flash 4.0

ProductVersionNumber
4.0.7.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0030db5ad229742dada0fbdaab3f6ce6
SHA1 84f4e8e83fd01a3516d184ad3904c6036c34d6a0
SHA256 01869e4098a7269897a7d5420b5a34a9f45b61955b57117d5882b83f03dea379
ssdeep
6144:HY71eudi4U9YHxmRws9/sEhZCw18PvP1M/CRGdqH4E6GQfBPOFCaubo8aeS9H:4B1dhwvRL0S8PgtqH4EF0lPFs

authentihash c5382218265e69e4e9a7ba46d05a892569cacea3e4ffde91c4736c194221af46
imphash 75c3811b239a6c75e270610d830e276d
File size 468.0 KB ( 479232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Macromedia Projector/Flash executable (95.8%)
Win32 Executable MS Visual C++ (generic) (2.6%)
Win32 Dynamic Link Library (generic) (0.5%)
Win32 Executable (generic) (0.3%)
OS/2 Executable (generic) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-08 15:45:14 UTC ( 6 years, 9 months ago )
Last submission 2018-12-19 02:31:50 UTC ( 5 months ago )
File names output.2030326.txt
0030db5ad229742dada0fbdaab3f6ce6
aa
Desktop.exe
Flash
YSXu.xlsm
479232_0030db5ad229742dada0fbdaab3f6ce6.exe
virussign.com_0030db5ad229742dada0fbdaab3f6ce6.vxe
0030db5ad229742dada0fbdaab3f6ce6.exe
DWbeBoq.tif
VirusShare_0030db5ad229742dada0fbdaab3f6ce6
2030326
55.exe
isheriff_0030db5ad229742dada0fbdaab3f6ce6.bin
Desktop.exe
SwFlsh32.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys