× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 709fada5310cdca9cd212e99def6c7681b69430d721caeecf5d7d0ef431224c0
File name: UpdateFlashPlayer_88e8e1f7.exe
Detection ratio: 53 / 61
Analysis date: 2017-04-15 20:59:09 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39901 20170415
AegisLab Troj.W32.Gen.mAVk 20170414
AhnLab-V3 Backdoor/Win32.Necurs.R101380 20170415
ALYac Gen:Variant.Symmi.39901 20170415
Antiy-AVL Trojan[Backdoor]/Win32.Symmi 20170415
Arcabit Trojan.Symmi.D9BDD 20170415
Avast Win32:Crypt-QYW [Trj] 20170415
AVG Generic_r.DSR 20170415
Avira (no cloud) TR/Dropper.Gen 20170415
AVware Trojan.Win32.Rovnix.f (v) 20170410
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170414
BitDefender Gen:Variant.Symmi.39901 20170415
CAT-QuickHeal TrojanPWS.Zbot.AP4 20170415
Comodo TrojWare.Win32.Cidox.AKND 20170415
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.JUPC-4219 20170415
DrWeb Trojan.Inject1.25849 20170415
Emsisoft Gen:Variant.Symmi.39901 (B) 20170415
Endgame malicious (high confidence) 20170413
ESET-NOD32 Win32/Rovnix.F 20170415
F-Secure Gen:Variant.Symmi.39901 20170415
Fortinet W32/ZBOT.QU!tr 20170415
GData Gen:Variant.Symmi.39901 20170415
Ikarus Virus.Win32.CeeInject 20170415
Sophos ML virus.win32.sality.at 20170413
Jiangmin TrojanSpy.Zbot.edda 20170415
K7AntiVirus Trojan ( 0040f7f41 ) 20170415
K7GW Trojan ( 0040f7f41 ) 20170415
Kaspersky HEUR:Trojan.Win32.Generic 20170415
Malwarebytes Trojan.Zbot 20170415
McAfee Downloader-FYH!53D11B3100DD 20170415
McAfee-GW-Edition BehavesLike.Win32.Pinkslipbot.cc 20170415
Microsoft VirTool:Win32/CeeInject.gen!KK 20170415
eScan Gen:Variant.Symmi.39901 20170415
NANO-Antivirus Trojan.Win32.Cidox.cvaccz 20170415
Palo Alto Networks (Known Signatures) generic.ml 20170415
Panda Trj/Dtcontx.L 20170415
Qihoo-360 Win32/Trojan.565 20170415
Rising Trojan.Generic (cloud:CPk9e9EEmbB) 20170415
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Zbot-QU 20170415
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20170415
Symantec Trojan.Zbot 20170415
Tencent Win32.Trojan.Generic.Swur 20170415
TrendMicro TROJ_SPNR.0BD314 20170415
TrendMicro-HouseCall TROJ_SPNR.0BD314 20170415
VBA32 Trojan.Cidox 20170414
VIPRE Trojan.Win32.Rovnix.f (v) 20170415
ViRobot Backdoor.Win32.S.Agent.155648.DJ[h] 20170415
Webroot Trojan.Dropper.Gen 20170415
Yandex Trojan.Rovnix!dc47J4N4iLw 20170414
Zillya Trojan.Zbot.Win32.173333 20170414
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170415
Alibaba 20170415
ClamAV 20170415
CMC 20170415
F-Prot 20170415
Kingsoft 20170415
nProtect 20170415
Symantec Mobile Insight 20170414
TheHacker 20170412
TotalDefense 20170415
Trustlook 20170415
WhiteArmor 20170409
Zoner 20170415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2001

Product Histogram Application
Original name Histogram.EXE
Internal name Histogram
File version 1, 0, 0, 1
Description Histogram
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-13 15:15:57
Entry Point 0x000027C6
Number of sections 4
PE sections
PE imports
SelectObject
CreatePen
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetModuleFileNameA
GetStartupInfoA
VirtualAlloc
CreateFileW
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4424)
Ord(665)
Ord(5440)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(1233)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(2985)
Ord(1979)
Ord(3742)
Ord(815)
Ord(641)
Ord(2152)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4353)
Ord(567)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(5199)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(4441)
Ord(6383)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(823)
Ord(2107)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(3573)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(3693)
Ord(2396)
Ord(3831)
Ord(6394)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(4297)
Ord(3922)
Ord(6052)
Ord(4160)
Ord(4376)
Ord(1776)
Ord(818)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(289)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5302)
Ord(1640)
Ord(4133)
Ord(2841)
Ord(4486)
Ord(4698)
Ord(613)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(3571)
Ord(5731)
Ord(3318)
__p__fmode
_acmdln
srand
__dllonexit
_except_handler3
_onexit
exit
_XcptFilter
__setusermatherr
rand
_adjust_fdiv
__CxxFrameHandler
memset
__p__commode
wcscat
__getmainargs
_controlfp
_setmbcp
time
_initterm
_exit
__set_app_type
GetSystemMetrics
SetTimer
AppendMenuA
InvalidateRect
GetWindowRect
EnableWindow
KillTimer
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
FillRect
IsIconic
LoadIconA
Number of PE resources by type
RT_DIALOG 2
RT_RCDATA 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
143360

ImageVersion
0.0

ProductName
Histogram Application

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Histogram

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Histogram.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2014:03:13 16:15:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Histogram

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2001

MachineType
Intel 386 or later, and compatibles

CodeSize
8192

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x27c6

ObjectFileType
Executable application

Compressed bundles
PCAP parents
File identification
MD5 53d11b3100dd08f828c176b8d75e0344
SHA1 fc667c76f6fb0b02d7bb98e210ee91116bf301aa
SHA256 709fada5310cdca9cd212e99def6c7681b69430d721caeecf5d7d0ef431224c0
ssdeep
3072:0hefMUEI6pOBk0XzyLLBV/uYVbl+eY94KxyZtBo7j1qflqOQgn9:0hgvfXgFkYVbl+l5xKCAflqJe

authentihash 86d18d68e24ccc9f3dc2257f4f35dc28a312483ea23b671302476e9189be3056
imphash a6740c7cdfc1d4fc5b938766f87943ef
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-14 02:02:02 UTC ( 4 years, 9 months ago )
Last submission 2017-04-15 20:59:09 UTC ( 1 year, 8 months ago )
File names Histogram.EXE
UpdateFlashPlayer_88e8e1f7.exe
index.html.txt
Histogram
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.