× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6619e364f79969639d59243801864e36a816e8fa2b99eb2f87d3ce64f17f2c82
File name: SwFlash
Detection ratio: 7 / 56
Analysis date: 2015-04-15 22:10:28 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Avast Win32:WrongInf-D [Susp] 20150416
Bkav W32.HfsAutoB.367F 20150415
McAfee Artemis!2366136EEC67 20150416
Norman Suspicious_Gen4.CODWK 20150415
Symantec WS.Reputation.1 20150416
TrendMicro-HouseCall Suspicious_GEN.F47V0301 20150416
VIPRE Trojan.Win32.Generic!BT 20150416
Ad-Aware 20150416
AegisLab 20150416
Yandex 20150414
AhnLab-V3 20150415
Alibaba 20150416
ALYac 20150416
Antiy-AVL 20150415
AVG 20150416
AVware 20150417
Baidu-International 20150415
BitDefender 20150416
ByteHero 20150416
CAT-QuickHeal 20150415
ClamAV 20150415
CMC 20150413
Comodo 20150416
Cyren 20150416
DrWeb 20150416
Emsisoft 20150416
ESET-NOD32 20150416
F-Prot 20150416
F-Secure 20150415
Fortinet 20150416
GData 20150416
Ikarus 20150416
Jiangmin 20150414
K7AntiVirus 20150415
K7GW 20150415
Kaspersky 20150416
Kingsoft 20150416
Malwarebytes 20150416
McAfee-GW-Edition 20150416
Microsoft 20150416
eScan 20150416
NANO-Antivirus 20150416
nProtect 20150415
Panda 20150415
Qihoo-360 20150416
Rising 20150415
Sophos AV 20150416
SUPERAntiSpyware 20150416
Tencent 20150416
TheHacker 20150415
TotalDefense 20150415
TrendMicro 20150416
VBA32 20150415
ViRobot 20150415
Zillya 20150416
Zoner 20150413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) Macromedia, Inc. 1996-97

Publisher Macromedia, Inc.
Product Shockwave Flash
Original name SwFlsh32.exe
Internal name SwFlash
File version 3, 0, 8, 0
Description Shockwave Flash 3.0 r8
Packers identified
PEiD Macromedia Windows Flash Projector/Player v3.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-04-21 21:30:05
Entry Point 0x00003973
Number of sections 7
PE sections
PE imports
RegCloseKey
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
GetSystemPaletteEntries
SaveDC
CreateFontIndirectA
GetTextMetricsA
GetClipBox
GetDeviceCaps
DeleteDC
RestoreDC
SetBkMode
IntersectClipRect
BitBlt
CreateDIBSection
EnumFontFamiliesA
RealizePalette
SetTextColor
SetTextAlign
SetDIBitsToDevice
CreatePalette
SelectPalette
ExtTextOutA
GdiFlush
CreateCompatibleDC
StretchDIBits
SelectObject
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
EnterCriticalSection
lstrlenA
GlobalFree
QueryPerformanceCounter
CopyFileA
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
WinExec
GetStartupInfoA
GetFileSize
DeleteFileA
GetCommandLineA
GlobalLock
GetModuleHandleA
SetFilePointer
ReadFile
WriteFile
CloseHandle
InitializeCriticalSection
GlobalAlloc
Sleep
SetEndOfFile
CreateFileA
LeaveCriticalSection
DragAcceptFiles
DragQueryFileA
GetMessageA
RegisterClassA
UpdateWindow
EndDialog
LoadMenuA
MoveWindow
GetCapture
DefWindowProcA
KillTimer
DestroyMenu
PostQuitMessage
ScreenToClient
ShowWindow
SetWindowPos
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
GetWindowLongA
SetCapture
ReleaseCapture
WindowFromPoint
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetWindow
GetDC
GetCursorPos
ReleaseDC
BeginPaint
CheckMenuItem
GetMenu
LoadStringA
GetClientRect
CreateWindowExA
EnableMenuItem
ClientToScreen
InvalidateRect
LoadAcceleratorsA
GetSubMenu
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
GetDesktopWindow
TranslateAcceleratorA
DestroyWindow
SetCursor
timeKillEvent
waveOutReset
waveOutOpen
waveOutClose
waveOutUnprepareHeader
timeGetTime
waveOutGetDevCapsA
timeEndPeriod
waveOutPrepareHeader
timeSetEvent
waveOutWrite
timeGetDevCaps
timeBeginPeriod
GetOpenFileNameA
GetSaveFileNameA
Number of PE resources by type
RT_MENU 20
RT_ICON 12
RT_DIALOG 4
RT_STRING 4
RT_CURSOR 4
RT_GROUP_CURSOR 2
RT_GROUP_ICON 2
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
GERMAN 7
JAPANESE DEFAULT 7
FRENCH 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.8.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
42496

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Macromedia, Inc. 1996-97

FileVersion
3, 0, 8, 0

TimeStamp
1998:04:21 22:30:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SwFlash

ProductVersion
3, 0, 8, 0

FileDescription
Shockwave Flash 3.0 r8

OSVersion
4.0

OriginalFilename
SwFlsh32.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Macromedia, Inc.

CodeSize
111104

ProductName
Shockwave Flash

ProductVersionNumber
3.0.8.0

EntryPoint
0x3973

ObjectFileType
Executable application

File identification
MD5 2366136eec673fa4600629eec34cae35
SHA1 9bf98a68185408d4a2e16a7d24cc1067b760ed0d
SHA256 6619e364f79969639d59243801864e36a816e8fa2b99eb2f87d3ce64f17f2c82
ssdeep
3072:4rwugfGLbjXtDMv6XoOBbZa+L3WqX9qxawBKzuwvW8z1e0ITVhOVkS60fMXNj:ibJ4vuHa+LLqMs7OatLX

authentihash 8e19f56527e6ea751d2df5de598b8b4afc810f951d8e822335b964bd97f61ba1
imphash e0f41be3cb937dabff34123390991845
File size 192.0 KB ( 196608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Macromedia Projector/Flash executable (94.9%)
Win32 Executable MS Visual C++ (generic) (2.6%)
Windows Screen Saver (1.1%)
Win32 Dynamic Link Library (generic) (0.5%)
Win32 Executable (generic) (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-08 15:44:36 UTC ( 6 years, 9 months ago )
Last submission 2014-02-10 11:46:21 UTC ( 5 years, 3 months ago )
File names Dancer.exe
EGfOjBw2F.jar
aa
file-4355312_exe
196608_2366136eec673fa4600629eec34cae35.exe
SwFlash
Foumuv3.xlsm
output.2030328.txt
virussign.com_2366136eec673fa4600629eec34cae35.vxe
2366136eec673fa4600629eec34cae35.exe
2366136eec673fa4600629eec34cae35
2030328
SwFlsh32.exe
Dancer.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys