× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85be64025453711c9c7396efe3965b79f0115fd6647c68d186edf88d6398c21f
File name: Google_Adobe_FlashPlayer.exe
Detection ratio: 51 / 67
Analysis date: 2018-10-22 16:33:05 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.135195 20181022
ALYac Gen:Variant.Kazy.135195 20181022
Antiy-AVL Trojan[Banker]/Win32.Banbra 20181022
Arcabit Trojan.Kazy.D2101B 20181022
Avast Win32:Trojan-gen 20181022
AVG Win32:Trojan-gen 20181022
Avira (no cloud) TR/Rogue.KD.829256 20181022
BitDefender Gen:Variant.Kazy.135195 20181022
CAT-QuickHeal TrojanBanker.Banbra 20181022
ClamAV Win.Trojan.Agent-1251542 20181022
CMC Trojan-Banker.Win32.Banbra!O 20181022
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.d4be44 20180225
Cylance Unsafe 20181022
Cyren W32/Banbra.TKNA-3095 20181022
DrWeb Trojan.AVKill.27463 20181022
Emsisoft Gen:Variant.Kazy.135195 (B) 20181022
ESET-NOD32 a variant of MSIL/ProxyChanger.Q 20181022
F-Prot W32/Banbra.AG 20181022
F-Secure Gen:Variant.Kazy.135195 20181022
Fortinet W32/Banbra.AXDA!tr 20181022
GData Gen:Variant.Kazy.135195 20181022
Ikarus Trojan-Banker.Win32.Banbra 20181022
Sophos ML heuristic 20180717
Jiangmin Trojan/Banker.Banbra.qih 20181022
K7AntiVirus Proxy-Program ( 004ce4aa1 ) 20181022
K7GW Proxy-Program ( 004ce4aa1 ) 20181022
Kaspersky Trojan-Banker.Win32.Banbra.axda 20181022
Malwarebytes Trojan.Downloader 20181022
MAX malware (ai score=100) 20181022
McAfee Generic.dx!9B8EC48D4BE4 20181022
McAfee-GW-Edition Generic.dx!9B8EC48D4BE4 20181022
Microsoft Trojan:Win32/Dynamer!ac 20181022
eScan Gen:Variant.Kazy.135195 20181022
NANO-Antivirus Trojan.Win32.Banbra.besjoy 20181022
Palo Alto Networks (Known Signatures) generic.ml 20181022
Panda Trj/Banbra.DQQ 20181022
Qihoo-360 Win32/Trojan.ad4 20181022
Sophos AV Troj/MSIL-EDF 20181022
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20181015
Symantec ML.Attribute.HighConfidence 20181022
TACHYON Trojan/W32.Small.9728.NA 20181022
Tencent Win32.Trojan-banker.Banbra.Hvte 20181022
TheHacker Trojan/ProxyChanger.t 20181018
TrendMicro TROJ_FRS.0NA003HU15 20181022
TrendMicro-HouseCall TROJ_FRS.0NA003HU15 20181022
VBA32 TrojanBanker.Banbra 20181022
Webroot W32.Malware.Gen 20181022
Yandex Trojan.PWS.Banbra!dUgeHi2O6ZU 20181020
Zillya Trojan.Banbra.Win32.19217 20181019
ZoneAlarm by Check Point Trojan-Banker.Win32.Banbra.axda 20181022
AegisLab 20181022
AhnLab-V3 20181022
Alibaba 20180921
Avast-Mobile 20181022
Babable 20180918
Baidu 20181022
Bkav 20181022
eGambit 20181022
Endgame 20180730
Kingsoft 20181022
Rising 20181022
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181001
TotalDefense 20181022
Trustlook 20181022
ViRobot 20181022
Zoner 20181021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name FPX_13jan.exe
Internal name FPX_13jan.exe
File version 2.1.2.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-13 11:48:58
Entry Point 0x00003A86
Number of sections 3
.NET details
Module Version ID 875b6ba2-bfd0-442e-b8c0-b96fc5c91701
TypeLib ID 1651c56b-dc65-450d-b20c-7b35855ad805
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
2.1.2.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x3a86

OriginalFileName
FPX_13jan.exe

MIMEType
application/octet-stream

FileVersion
2.1.2.0

TimeStamp
2013:01:13 12:48:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FPX_13jan.exe

ProductVersion
2.1.2.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
7168

FileSubtype
0

ProductVersionNumber
2.1.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
2.1.2.0

File identification
MD5 9b8ec48d4be4405140d7555dad2b66ef
SHA1 bc755383a8a9920b26bb9e7ef836dd3f3f4b589d
SHA256 85be64025453711c9c7396efe3965b79f0115fd6647c68d186edf88d6398c21f
ssdeep
192:xhD+Plv1QrJ/4M0EOMbjQ16jLgFhXLKO0T:xhcv1QrJg1EOMbUIjL+he

authentihash 39bc843089553fa9fa371ce41fdba6e64e12575d1f576ee15c8083304d637532
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 9.5 KB ( 9728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2013-01-15 04:21:14 UTC ( 5 years, 11 months ago )
Last submission 2018-10-22 16:33:05 UTC ( 1 month, 2 weeks ago )
File names 04d71a6e389ed13d6a210d98235be7ba3ed68fc5
Google_Adobe_FlashPlayer.exe
INJERR.Google_Adobe_FlashPlayer.exe
Google_Adobe_FlashPlayer.exe
mau virus so (41).bin
9100147
9b8ec48d4be4405140d7555dad2b66ef.exe
85BE64025453711C9C7396EFE3965B79F0115FD6647C68D186EDF88D6398C21F.exe
output.9100147.txt
Google_Adobe_FlashPlayer.exe
smona_85be64025453711c9c7396efe3965b79f0115fd6647c68d186edf88d6398c21f.bin
85be64025453711c9c7396efe3965b79f0115fd6647c68d186edf88d6398c21f.bin
25.vir
2.exe
09.exe
3.exe
bxZLovvPECTRHTQNarw.exe
9B8EC48D4BE4405140D7555DAD2B66EF - Google_Adobe_FlashPlayer.exe_
9b8ec48d4be4405140d7555dad2b66ef
9b8ec48d4be4405140d7555dad2b66ef.bc755383a8a9920b26bb9e7ef836dd3f3f4b589d
Google_Adobe_FlashPlayer.exe
Google_Adobe_FlashPlayer.exe.vir
FPX_13jan.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R026C0EA215.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!