× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 15a73c2716bf3d29cdfc6379ce039a21f2e3560182675bc92864eb5f051ca8d6
File name: flash.exe
Detection ratio: 16 / 53
Analysis date: 2014-07-25 07:42:49 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.EPACK.23977 20140725
Avast Win32:Malware-gen 20140725
Baidu-International Trojan.Win32.Kryptik.bCGJJ 20140725
BitDefender Trojan.GenericKD.1775983 20140725
ByteHero Trojan.Win32.Heur.089 20140725
Emsisoft Trojan.GenericKD.1775983 (B) 20140725
ESET-NOD32 a variant of Win32/Kryptik.CGJJ 20140725
GData Trojan.GenericKD.1775983 20140725
Kaspersky Trojan-Spy.Win32.Zbot.tpxl 20140725
McAfee PWSZbot-FYQ!0BFD1C98F3CC 20140725
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J 20140724
eScan Trojan.GenericKD.1775983 20140725
Qihoo-360 HEUR/Malware.QVM19.Gen 20140725
Sophos AV Mal/Generic-S 20140725
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140725
TrendMicro-HouseCall Suspicious_GEN.F47V0724 20140725
Ad-Aware 20140725
AegisLab 20140725
Yandex 20140724
AhnLab-V3 20140724
Antiy-AVL 20140725
AVG 20140725
Bkav 20140724
CAT-QuickHeal 20140725
ClamAV 20140725
CMC 20140724
Commtouch 20140725
Comodo 20140725
DrWeb 20140725
F-Prot 20140725
F-Secure 20140725
Fortinet 20140725
Ikarus 20140725
Jiangmin 20140725
K7AntiVirus 20140724
K7GW 20140724
Kingsoft 20140725
Malwarebytes 20140725
Microsoft 20140725
NANO-Antivirus 20140725
Norman 20140725
nProtect 20140724
Panda 20140724
Rising 20140724
SUPERAntiSpyware 20140725
Symantec 20140725
TheHacker 20140722
TotalDefense 20140724
TrendMicro 20140725
VBA32 20140724
VIPRE 20140725
ViRobot 20140725
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-02 22:28:30
Entry Point 0x00001000
Number of sections 7
PE sections
PE imports
GdiGetDC
AddFontResourceA
ScaleViewportExtEx
GdiGetPageCount
FrameRgn
PatBlt
CopyEnhMetaFileW
GetICMProfileA
GetWorldTransform
SetPolyFillMode
ResizePalette
CreateRectRgnIndirect
PaintRgn
ColorMatchToTarget
SetBkColor
GetDCOrgEx
GetCharWidth32A
GetFontAssocStatus
CreateFontW
SetSystemPaletteUse
CreateMetaFileW
CallNamedPipeW
Heap32ListFirst
lstrlenA
lstrcmpiA
GetProfileSectionW
QueryPerformanceCounter
GetThreadLocale
VirtualProtect
lstrcmpiW
CreatePipe
Process32First
ClearCommBreak
GetCommandLineW
EnumSystemLocalesW
MultiByteToWideChar
GetDateFormatW
GetCurrentThread
CreateDirectoryExW
_lcreat
LocalFlags
FindNextFileW
SetNamedPipeHandleState
lstrcpyA
MulDiv
IsValidLocale
SetHandleInformation
GetProcessAffinityMask
SetFileAttributesA
FindCloseChangeNotification
GetProcessShutdownParameters
IsValidCodePage
SearchPathA
AllocConsole
LocalShrink
GetVersion
GetClipboardFormatNameA
ChangeMenuA
GetWindowRect
GetKeyboardLayout
GetActiveWindow
PostQuitMessage
HideCaret
GetClientRect
mouse_event
GetShellWindow
SetMenuItemInfoW
GetKeyboardType
LoadIconA
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:08:02 23:28:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
253952

LinkerVersion
0.0

FileTypeExtension
exe

InitializedDataSize
65040

SubsystemVersion
4.1

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 0bfd1c98f3cc42bc6a32ca0daf0ddfdb
SHA1 3a913988a8b80fe73f14c182c79fa0cc309f920c
SHA256 15a73c2716bf3d29cdfc6379ce039a21f2e3560182675bc92864eb5f051ca8d6
ssdeep
3072:L7XT/qFfEHjcO2S6DSbiApPOFj40i049jcrp9kJ:L77ef8vn6DkV2F00Li

authentihash 5a6e94c63c40de34086170e3ede26a15068c1591ea55b46322167d68cf977d2e
imphash 2fb4d9ac9097474eba3f5db8f9f5d512
File size 312.5 KB ( 320000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-24 19:05:32 UTC ( 4 years, 7 months ago )
Last submission 2014-07-25 07:42:49 UTC ( 4 years, 7 months ago )
File names 15a73c2716bf3d29cdfc6379ce039a21f2e3560182675bc92864eb5f051ca8d6.exe
400d31f75af441f5213f1539db1f357170755beae9af1662886fa6237e1fca21-1406228729
flash.exe
GGzd4.jpeg
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.