× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 790591a5891a83fa2d998528f18e8ce79ddd2ea20fe4b250343cc05a20ee75c3
File name: Flash Player 12.exe
Detection ratio: 9 / 48
Analysis date: 2013-10-18 10:54:52 UTC ( 1 year, 5 months ago )
Antivirus Result Update
AntiVir ADWARE/Adware.Gen7 20131018
Avast Win32:Installer-L [PUP] 20131018
Comodo Application.Win32.AirAdInstaller.A 20131018
ESET-NOD32 a variant of Win32/AirAdInstaller.A 20131018
Fortinet Riskware/AirInstaller 20131018
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
Malwarebytes PUP.Optional.AirInstaller 20131018
Sophos AirInstaller 20131018
VIPRE AirInstaller (fs) 20131018
AVG 20131018
Agnitum 20131017
AhnLab-V3 20131018
Antiy-AVL 20131018
Baidu-International 20131018
BitDefender 20131012
Bkav 20131018
ByteHero 20130924
CAT-QuickHeal 20131018
ClamAV 20131018
Commtouch 20131018
DrWeb 20131018
Emsisoft 20131018
F-Prot 20131018
F-Secure 20131018
GData 20131018
Ikarus 20131018
Jiangmin 20131018
K7AntiVirus 20131017
K7GW 20131017
Kaspersky 20131018
McAfee 20131018
McAfee-GW-Edition 20131017
MicroWorld-eScan 20131018
Microsoft 20131018
NANO-Antivirus 20131018
Norman 20131018
PCTools 20131002
Panda 20131018
Rising 20131018
SUPERAntiSpyware 20131018
Symantec 20131018
TheHacker 20131018
TotalDefense 20131017
TrendMicro 20131018
TrendMicro-HouseCall 20131018
VBA32 20131017
ViRobot 20131018
nProtect 20131018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
(c) AirInstaller

Publisher Air Software
Product Adobe Flash Player
Version 2.0.4.54
Original name setup.exe
Internal name setup.exe
File version 2.0.4.54
Description Adobe Flash Player
Signature verification Signed file, verified signature
Signing date 11:52 AM 10/18/2013
Signers
[+] Air Software
Status Valid
Valid from 1:00 AM 1/25/2013
Valid to 12:59 AM 3/27/2015
Valid usage Code Signing
Algorithm SHA1
Thumbrint AC28E2D7ECDD00692D44AC1A4FEA83FD49042A21
Serial number 3A C7 86 E0 92 19 DF 82 DA 83 0E 46 1D 4F C3 9F
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-16 21:50:31
Entry Point 0x0025CB50
Number of sections 3
PE sections
PE imports
InitCommonControlsEx
GetFileTitleW
Escape
ImmGetContext
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
LresultFromObject
Ord(190)
PathIsUNCW
InternetOpenW
PlaySoundW
OpenPrinterW
GdipFree
DoDragDrop
OleUIBusyW
IsValidURL
Number of PE resources by type
RT_STRING 17
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_DIALOG 12
RT_ICON 4
RT_BITMAP 3
RT_HTML 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 65
ENGLISH CAN 6
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
36864

ImageVersion
0.0

ProductName
Adobe Flash Player

FileVersionNumber
2.0.4.54

UninitializedDataSize
1679360

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.4.54

TimeStamp
2013:10:16 22:50:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
2.0.4.54

FileDescription
Adobe Flash Player

OSVersion
5.1

OriginalFilename
setup.exe

LegalCopyright
(c) AirInstaller

MachineType
Intel 386 or later, and compatibles

CompanyName
AirInstaller

CodeSize
794624

FileSubtype
0

ProductVersionNumber
2.0.4.54

EntryPoint
0x25cb50

ObjectFileType
Executable application

File identification
MD5 bc9044daa8793c14578493d973d737d9
SHA1 92915456c2236ea8a462e55f04c43fda3f407577
SHA256 790591a5891a83fa2d998528f18e8ce79ddd2ea20fe4b250343cc05a20ee75c3
ssdeep
24576:x/JprwXDBCoCqgQBMiW1l2j3L05G1l4mPqr/Y:x/JpETB5C6iiWL2j705GD3

File size 814.4 KB ( 833960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx signed

VirusTotal metadata
First submission 2013-10-18 10:54:52 UTC ( 1 year, 5 months ago )
Last submission 2013-10-18 10:54:52 UTC ( 1 year, 5 months ago )
File names setup.exe
Flash Player 12.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!