× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 704f37886aed784c8a0074a79a3366d4128246c665b565036711a1a6438b4004
File name: install_flashplayer12x22_mssd_aaa_aih.exe
Detection ratio: 42 / 57
Analysis date: 2015-02-16 14:24:32 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2010764 20150216
Yandex Backdoor.Androm!mODGQYvWyKg 20150216
AhnLab-V3 Trojan/Win32.Gen 20150216
ALYac Trojan.GenericKD.2010764 20150216
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150216
Avast Win32:Agent-AUQY [Trj] 20150216
AVG Inject2.BGTD 20150216
Avira (no cloud) TR/Crypt.Xpack.102815 20150216
AVware Trojan.Win32.Generic!BT 20150216
Baidu-International Backdoor.Win32.Androm.fomt 20150216
BitDefender Trojan.GenericKD.2010764 20150216
CAT-QuickHeal TrojanRansom.Crowti.A4 20150216
ClamAV Win.Trojan.Agent-822336 20150216
Comodo UnclassifiedMalware 20150216
DrWeb Trojan.Siggen6.24906 20150216
Emsisoft Trojan.GenericKD.2010764 (B) 20150216
ESET-NOD32 a variant of Win32/Injector.BQQB 20150216
F-Prot W32/Rovnix.A.gen!Eldorado 20150216
F-Secure Trojan.GenericKD.2010764 20150216
Fortinet W32/Androm.FOMT!tr.bdr 20150216
GData Trojan.GenericKD.2010764 20150216
Ikarus Backdoor.Win32.Androm 20150216
Jiangmin Trojan/Yakes.awuo 20150215
K7AntiVirus Trojan ( 004b1c911 ) 20150216
K7GW Trojan ( 004b1c911 ) 20150216
Kaspersky Backdoor.Win32.Androm.fomt 20150216
Malwarebytes Trojan.Agent.DED 20150216
McAfee RDN/Generic BackDoor!b2s 20150216
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20150215
Microsoft Worm:Win32/Gamarue.AN 20150216
eScan Trojan.GenericKD.2010764 20150216
NANO-Antivirus Trojan.Win32.Siggen6.djtarb 20150216
Norman Troj_Generic.XNJZV 20150216
nProtect Trojan.GenericKD.2010764 20150216
Panda Generic Suspicious 20150216
Qihoo-360 Trojan.Generic 20150216
Sophos AV Mal/Wonton-Y 20150216
Symantec Trojan.Gen 20150216
TrendMicro TROJ_GEN.F0C2C00LH14 20150216
TrendMicro-HouseCall TROJ_GEN.F0C2C00LH14 20150216
VBA32 Trojan.Yakes 20150216
VIPRE Trojan.Win32.Generic!BT 20150216
AegisLab 20150216
Alibaba 20150216
Bkav 20150213
ByteHero 20150216
CMC 20150214
Cyren 20150216
Kingsoft 20150216
Rising 20150215
SUPERAntiSpyware 20150215
Tencent 20150216
TheHacker 20150213
TotalDefense 20150216
ViRobot 20150216
Zillya 20150215
Zoner 20150216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-13 16:07:55
Entry Point 0x0001D6AC
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
EnableWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 24
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:13 17:07:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
165888

LinkerVersion
9.0

FileAccessDate
2015:02:16 15:24:39+01:00

EntryPoint
0x1d6ac

InitializedDataSize
193024

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2015:02:16 15:24:39+01:00

UninitializedDataSize
0

File identification
MD5 e1bba577472345d5f1a03b139ac6e892
SHA1 b3a6bd7b7bf4ba461902ebfc5d75cd44a792798b
SHA256 704f37886aed784c8a0074a79a3366d4128246c665b565036711a1a6438b4004
ssdeep
6144:ia9tGE4Kby8j2xdHlFbqxnyme5ULtAEz+dBZH41jjnOr:ia9tGEY8ixdHexnyKhAEyPZqjjc

authentihash 94ab65c8094b8e3f01891984827b984439235455dfa109afd0c8f8feeb2f1282
imphash 986447145f752ee174944cbcb0f6260b
File size 285.9 KB ( 292811 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-04 01:32:04 UTC ( 3 years ago )
Last submission 2014-12-04 06:12:40 UTC ( 3 years ago )
File names install_flashplayer12x22_mssd_aaa_aih.exe
704f37886aed784c8a0074a79a3366d4128246c665b565036711a1a6438b4004
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.