× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c028fcfdfaab81db073c079c628d330e1dc795583e5fa0fadb48eeb6c7808cb
File name: install_flash_player.exe
Detection ratio: 0 / 68
Analysis date: 2018-02-09 06:14:03 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180209
AegisLab 20180209
AhnLab-V3 20180208
Alibaba 20180208
ALYac 20180209
Antiy-AVL 20180209
Arcabit 20180209
Avast 20180209
Avast-Mobile 20180209
AVG 20180209
Avira (no cloud) 20180208
AVware 20180209
Baidu 20180208
BitDefender 20180209
Bkav 20180208
CAT-QuickHeal 20180209
ClamAV 20180209
CMC 20180209
Comodo 20180209
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180209
Cyren 20180209
DrWeb 20180209
eGambit 20180209
Emsisoft 20180209
Endgame 20171130
ESET-NOD32 20180209
F-Prot 20180209
F-Secure 20180209
Fortinet 20180209
GData 20180209
Ikarus 20180208
Sophos ML 20180121
Jiangmin 20180209
K7AntiVirus 20180208
K7GW 20180209
Kaspersky 20180209
Kingsoft 20180209
Malwarebytes 20180209
MAX 20180209
McAfee 20180209
McAfee-GW-Edition 20180209
Microsoft 20180209
eScan 20180209
NANO-Antivirus 20180209
nProtect 20180208
Palo Alto Networks (Known Signatures) 20180209
Panda 20180208
Qihoo-360 20180209
Rising 20180209
SentinelOne (Static ML) 20180115
Sophos AV 20180209
SUPERAntiSpyware 20180209
Symantec 20180209
Symantec Mobile Insight 20180209
Tencent 20180209
TheHacker 20180208
TotalDefense 20180208
TrendMicro 20180209
TrendMicro-HouseCall 20180209
Trustlook 20180209
VBA32 20180208
VIPRE 20180209
ViRobot 20180209
Webroot 20180209
WhiteArmor 20180205
Yandex 20180207
Zillya 20180208
ZoneAlarm by Check Point 20180209
Zoner 20180209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1996-2018 Adobe Systems Incorporated

Product Adobe® Flash® Player Installer/Uninstaller
Original name FlashUtil.exe
Internal name Adobe® Flash® Player Installer/Uninstaller 29.0
File version 29,0,0,96
Description Adobe® Flash® Player Installer/Uninstaller 29.0 d0
Signature verification Signed file, verified signature
Signing date 4:34 AM 2/6/2018
Signers
[+] Adobe Systems Incorporated
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 3/15/2017
Valid to 1:00 PM 3/20/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 2E419CCC647F94FE0DFC5460D0740B93D3572E54
Serial number 06 F0 47 88 03 10 55 D3 1D EF FE FC D0 26 D6 C5
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 1:00 AM 1/2/2017
Valid to 12:59 AM 4/2/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 1/12/2016
Valid to 12:59 AM 1/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 4/2/2008
Valid to 12:59 AM 12/2/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-06 01:47:38
Entry Point 0x0002DA92
Number of sections 5
PE sections
Overlays
MD5 a21e61fd93b4f5c6f408ceb5f7b5c8f3
File type data
Offset 20913664
Size 7680
Entropy 7.25
PE imports
RegCreateKeyExW
OpenServiceW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
FreeSid
CryptGetHashParam
RegQueryValueExA
OpenSCManagerW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
QueryServiceStatusEx
RegSetValueExA
ControlService
AllocateAndInitializeSid
CryptHashData
RegOpenKeyExA
CloseServiceHandle
RegQueryValueExW
DeleteDC
SetBkMode
CreateFontA
CreateCompatibleBitmap
GetTextExtentExPointW
SelectObject
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
CreateSolidBrush
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
HeapAlloc
QueueUserAPC
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
OutputDebugStringW
FindClose
InterlockedDecrement
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetFileAttributesW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
GetSystemDirectoryA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
SetEndOfFile
SetWaitableTimer
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateWaitableTimerW
GetFileSizeEx
RemoveDirectoryW
FindNextFileW
FindFirstFileW
DuplicateHandle
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
Process32NextW
CreateProcessW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SysFreeString
VariantInit
VariantClear
SysAllocString
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
Ord(680)
CommandLineToArgvW
MapWindowPoints
GetForegroundWindow
GetParent
GetPropW
BeginPaint
DefWindowProcW
MoveWindow
GetMessageW
PostQuitMessage
ShowWindow
SetWindowPos
SetWindowLongW
MessageBoxW
GetWindowRect
RegisterClassExW
SetCapture
ReleaseCapture
SetPropW
TranslateMessage
GetWindow
PostMessageW
DispatchMessageW
GetKeyState
ReleaseDC
GetWindowLongW
LoadStringW
GetClientRect
DrawTextW
GetDC
ClientToScreen
SetRect
InvalidateRect
SetTimer
CallWindowProcW
FillRect
SetWindowTextW
LoadCursorW
CreateWindowExW
EndPaint
SetForegroundWindow
DestroyWindow
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
Number of PE resources by type
RT_STRING 112
RT_RCDATA 11
RT_ICON 7
LZMG 1
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 11
ENGLISH CAN 8
TURKISH DEFAULT 7
SWEDISH NEUTRAL 7
GERMAN 7
CHINESE TRADITIONAL 7
CZECH DEFAULT 7
JAPANESE DEFAULT 7
FRENCH 7
CHINESE SIMPLIFIED 7
PORTUGUESE BRAZILIAN 7
SPANISH MODERN 7
POLISH DEFAULT 7
DUTCH 7
RUSSIAN 7
KOREAN 7
ITALIAN 7
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Adobe Flash Player

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
29.0.0.96

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Adobe Flash Player Installer/Uninstaller 29.0 d0

CharacterSet
Unicode

InitializedDataSize
20658176

EntryPoint
0x2da92

OriginalFileName
FlashUtil.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2018 Adobe Systems Incorporated

FileVersion
29,0,0,96

TimeStamp
2018:02:06 02:47:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Adobe Flash Player Installer/Uninstaller 29.0

ProductVersion
29,0,0,96

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
254464

ProductName
Adobe Flash Player Installer/Uninstaller

ProductVersionNumber
29.0.0.96

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 92271a52ffc200645a5fbacdf3fdb037
SHA1 5fb814457b47e1ec4f97e9cff2ecf175e072fa5e
SHA256 2c028fcfdfaab81db073c079c628d330e1dc795583e5fa0fadb48eeb6c7808cb
ssdeep
393216:I826s1h8Bmn4Vi2FQ0g6UQu3GtfVWcx2ZiXvlTPVCFcMgbucQI:I8I1YmnqjFK6UQIiWcxi0vlTPV+qucQI

authentihash 148c61f25d24791f372a440e2f1a0849cc382ef798ff010ae41d5cc84482dfd5
imphash 9ef2637127763f24c280f481edbcf238
File size 20.0 MB ( 20921344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-02-07 11:50:45 UTC ( 5 months, 1 week ago )
Last submission 2018-05-27 07:39:06 UTC ( 1 month, 3 weeks ago )
File names install_flash_player v29 beta (2018-02-07).exe
install_flash_player_29.0.0.96.exe
install_flash_player.exe
install_flash_player.exe
FlashUtil.exe
install_flash_player.exe
install_flash_player.exe
install_flash_player.exe
install_flash_player.exe
Uninstaller 29.0
install_flash_player.exe
install_flash_player.exe
install_flash_player.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
TCP connections