× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e9749762d7390ac3e6ba4ff7e93ce3fe2fcf6a05ad6cef736e1d4d782858dec
File name: FP_AX_CAB_INSTALLER64.exe
Detection ratio: 0 / 56
Analysis date: 2015-01-14 20:50:28 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150114
AegisLab 20150114
Yandex 20150114
AhnLab-V3 20150114
Alibaba 20150114
ALYac 20150114
Antiy-AVL 20150114
Avast 20150114
AVG 20150114
Avira (no cloud) 20150114
AVware 20150114
Baidu-International 20150114
BitDefender 20150114
Bkav 20150114
ByteHero 20150114
CAT-QuickHeal 20150114
ClamAV 20150114
CMC 20150113
Comodo 20150114
Cyren 20150114
DrWeb 20150114
Emsisoft 20150114
ESET-NOD32 20150114
F-Prot 20150114
F-Secure 20150114
Fortinet 20150114
GData 20150114
Ikarus 20150114
Jiangmin 20150114
K7AntiVirus 20150114
K7GW 20150114
Kaspersky 20150114
Kingsoft 20150114
Malwarebytes 20150114
McAfee 20150114
McAfee-GW-Edition 20150114
Microsoft 20150114
eScan 20150114
NANO-Antivirus 20150114
Norman 20150114
nProtect 20150114
Qihoo-360 20150114
Rising 20150114
Sophos 20150114
SUPERAntiSpyware 20150114
Symantec 20150114
Tencent 20150114
TheHacker 20150112
TotalDefense 20150114
TrendMicro 20150114
TrendMicro-HouseCall 20150114
VBA32 20150113
VIPRE 20150114
ViRobot 20150114
Zillya 20150114
Zoner 20150114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2015 Adobe Systems Incorporated

Publisher Adobe Systems Incorporated
Product Adobe® Flash® Player Installer/Uninstaller
Original name FlashUtil.exe
Internal name Adobe® Flash® Player Installer/Uninstaller 16.0
File version 16,0,0,257
Description Adobe® Flash® Player Installer/Uninstaller 16.0 r0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-18 04:51:30
Entry Point 0x00022F7C
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
CloseServiceHandle
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
FreeSid
CryptGetHashParam
OpenSCManagerW
RegOpenKeyExW
CheckTokenMembership
OpenServiceW
RegSetValueExA
ControlService
AllocateAndInitializeSid
CryptHashData
RegQueryValueExW
DeleteDC
SetBkMode
CreateFontA
StretchBlt
GetTextExtentExPointW
SelectObject
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
CreateSolidBrush
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
HeapAlloc
QueueUserAPC
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
OutputDebugStringW
InterlockedDecrement
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
LoadResource
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
ExitThread
TerminateProcess
WriteConsoleA
SetEndOfFile
SetWaitableTimer
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateWaitableTimerW
GetModuleFileNameW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
FindResourceW
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
CreateProcessW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
LresultFromObject
SysFreeString
VariantInit
VariantClear
SysAllocString
EnumProcesses
GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
Ord(680)
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
MapWindowPoints
GetForegroundWindow
GetParent
GetPropW
BeginPaint
DefWindowProcW
MoveWindow
GetMessageW
PostQuitMessage
ShowWindow
SetPropW
SetWindowLongW
GetWindowRect
RegisterClassExW
SetCapture
ReleaseCapture
SetWindowPos
TranslateMessage
GetWindow
PostMessageW
DispatchMessageW
GetKeyState
ReleaseDC
GetWindowLongW
LoadStringW
GetClientRect
DrawTextW
GetDC
ClientToScreen
SetRect
InvalidateRect
SetTimer
CallWindowProcW
FillRect
SetWindowTextW
LoadCursorW
CreateWindowExW
EndPaint
SetForegroundWindow
DestroyWindow
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
PE exports
Number of PE resources by type
RT_STRING 65
TYPELIB 1
RT_VERSION 1
LZMG 1
Number of PE resources by language
ENGLISH US 8
TURKISH DEFAULT 4
SWEDISH NEUTRAL 4
GERMAN 4
CHINESE TRADITIONAL 4
CZECH DEFAULT 4
FRENCH 4
CHINESE SIMPLIFIED 4
PORTUGUESE BRAZILIAN 4
JAPANESE DEFAULT 4
SPANISH MODERN 4
POLISH DEFAULT 4
DUTCH 4
RUSSIAN 4
KOREAN 4
ITALIAN 4
PE resources
Debug information
ExifTool file metadata
CodeSize
202240

FileDescription
Adobe Flash Player Installer/Uninstaller 16.0 r0

InitializedDataSize
117248

ImageVersion
0.0

ProductName
Adobe Flash Player Installer/Uninstaller

FileVersionNumber
16.0.0.257

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
FlashUtil.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
16,0,0,257

TimeStamp
2014:12:18 05:51:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Adobe Flash Player Installer/Uninstaller 16.0

SubsystemVersion
5.0

ProductVersion
16,0,0,257

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 1996-2015 Adobe Systems Incorporated

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

LegalTrademarks
Adobe Flash Player

FileSubtype
0

ProductVersionNumber
16.0.0.257

EntryPoint
0x22f7c

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 9efe9afd7adc82742cbcc0cd5411d67b
SHA1 7e3bd2e5d324393559a8a07c83daba3ca20c99c8
SHA256 3e9749762d7390ac3e6ba4ff7e93ce3fe2fcf6a05ad6cef736e1d4d782858dec
ssdeep
6144:t/bkjWIoe3cDY3vdKhhEeZO3isPCUFNhkWLVgC:tQqXE31Kh5ZxC

authentihash e735c00b3a296187f76ad74eac540b8963448ae3d9e57f9bb6ced6eb5bedd29d
imphash 84f0d7c5373860ca2c15bb1fa1928315
File size 306.0 KB ( 313344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-13 16:02:24 UTC ( 2 years, 5 months ago )
Last submission 2015-01-26 21:39:16 UTC ( 2 years, 4 months ago )
File names vs340719.g51
vscf0333.sko
vsekh3os.oqa
vs9qgmji.827
vst60bs0.hou
vs340719.g3b
vsm91mdr.gma
vstd06dd.hnf
FP_AX_CAB_INSTALLER64.exe
vstdg6gj.qke
vsekgkge.oj1
vsu107n8.ot7
vti-rescan
vsdl19s5.80q
vs6kg6gs.1kk
vskfg6hg.alu
vsrv06g9.388
vsll077r.o5l
vso61n99.gh4
vs1n1fv0.88h
fp_ax_cab_installer64.exe
vsd00mk5.gup
vs8j1ioi.c6s
vso31e78.gbp
vs3800tp.00r
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections