× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a9a6f4a9a6d82e817cc782b3a60bb05211181b23d9ca28e858aa78aa41f4935
File name: Authorware_Web_Player_Plugin.exe
Detection ratio: 0 / 68
Analysis date: 2018-06-15 08:44:02 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180615
AegisLab 20180615
AhnLab-V3 20180615
Alibaba 20180615
ALYac 20180615
Antiy-AVL 20180615
Arcabit 20180615
Avast 20180615
Avast-Mobile 20180614
AVG 20180615
Avira (no cloud) 20180615
AVware 20180615
Babable 20180406
Baidu 20180615
BitDefender 20180615
Bkav 20180614
CAT-QuickHeal 20180615
ClamAV 20180615
CMC 20180614
Comodo 20180615
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180615
Cyren 20180615
DrWeb 20180615
eGambit 20180615
Emsisoft 20180615
Endgame 20180612
ESET-NOD32 20180615
F-Prot 20180615
F-Secure 20180615
Fortinet 20180615
GData 20180615
Ikarus 20180615
Sophos ML 20180601
Jiangmin 20180615
K7AntiVirus 20180615
K7GW 20180615
Kaspersky 20180615
Kingsoft 20180615
Malwarebytes 20180615
MAX 20180615
McAfee 20180615
McAfee-GW-Edition 20180615
Microsoft 20180615
eScan 20180615
NANO-Antivirus 20180615
Palo Alto Networks (Known Signatures) 20180615
Panda 20180614
Qihoo-360 20180615
Rising 20180615
SentinelOne (Static ML) 20180225
Sophos AV 20180615
SUPERAntiSpyware 20180614
Symantec 20180615
Symantec Mobile Insight 20180614
TACHYON 20180614
Tencent 20180615
TheHacker 20180613
TotalDefense 20180615
TrendMicro 20180615
TrendMicro-HouseCall 20180615
Trustlook 20180615
VBA32 20180614
VIPRE 20180615
ViRobot 20180615
Webroot 20180615
Yandex 20180614
Zillya 20180614
ZoneAlarm by Check Point 20180615
Zoner 20180614
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1987-2004 Macromedia, Inc.

File version 2004
Description Authorware Web Player 2004 Installer
Packers identified
PEiD Wise Installer Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-08-17 15:25:48
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 06b89e6bb6c05de07859aa55766fa07e
File type binary Computer Graphics Metafile
Offset 14848
Size 196398
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
ExitWindowsEx
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
5632

ImageVersion
4.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2004

TimeStamp
1999:08:17 15:25:48+00:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Authorware Web Player 2004 Installer

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Copyright 1987-2004 Macromedia, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Macromedia, Inc.

CodeSize
8704

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x21af

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 c16d071a982c4705b0ede9fd0f84ecb1
SHA1 9c57fc7cb654dc3ded87322bf9320f8b1254346c
SHA256 4a9a6f4a9a6d82e817cc782b3a60bb05211181b23d9ca28e858aa78aa41f4935
ssdeep
6144:zwOd17dx6mOdiW9lWtrXcxSJAhubQ+JI+CB9:UkdwmCqrXHAhp+Jy9

authentihash 894c763543b1a87ff055a42785e8ebec6ccf2d81ae16575660689f3ac5c6a976
imphash 52304e2a18fa5608f4f4aeb8041c7da0
File size 206.3 KB ( 211246 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe wise overlay

VirusTotal metadata
First submission 2009-03-05 02:49:22 UTC ( 10 years, 2 months ago )
Last submission 2018-05-26 07:07:15 UTC ( 12 months ago )
File names sbs_ve_ambr_20150329013410.557_ 255255
sbs_ve_ambr_20150317062633.530_ 64830
sbs_ve_ambr_20151115210403.161_ 1588
sbs_ve_ambr_20150103152054.144_ 2910
sbs_ve_ambr_20150909210347.187_ 748
sbs_ve_ambr_20150413010230.823_ 368813
sbs_ve_ambr_20150424010919.737_ 474291
sbs_ve_ambr_20160010225913.947_ 235704
Authorware_Web_Player_Plugin_Netscape.exe
webplayer_install.exe
sbs_ve_ambr_20150227031839.114_ 2190
sbs_ve_ambr_20150103152038.404_ 1998
Authorware_Web_Player_Plugin.exe
sbs_ve_ambr_20150202034436.909_ 238791
Authorware-Web-Player-Plugin.exe
authorware_web_player_plugin.exe
A0081358.exe
sbs_ve_ambr_20150418010948.729_ 6521
sbs_ve_ambr_20150220020054.611_ 239647
Authorware Player for Firefox v2004.0.0.73.exe
macromedia-authorware.exe
sbs_ve_ambr_20150601012946.405_ 259749
sbs_ve_ambr_20150608013301.705_ 434758
pbswt.exe
sbs_ve_ambr_20150205013307.155_ 515522
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!