× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 98bbe7548b6c51247bd2ef0bcf4f4ac45df9851a3dd9c5ceb5e04b9320c55645
File name: updateflashplayer.exe
Detection ratio: 6 / 42
Analysis date: 2012-09-01 01:00:31 UTC ( 1 year, 7 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Plosa 20120831
DrWeb Trojan.PWS.Panda.2363 20120901
Kaspersky Trojan-Spy.Win32.Zbot.etbe 20120901
McAfee PWS-Zbot.gen.aln 20120901
Microsoft PWS:Win32/Zbot.gen!AF 20120901
Panda Suspicious file 20120831
AVG 20120901
AntiVir 20120831
Antiy-AVL 20120831
Avast 20120901
BitDefender 20120901
ByteHero 20120817
CAT-QuickHeal 20120831
ClamAV 20120828
Commtouch 20120831
Comodo 20120901
ESET-NOD32 20120831
Emsisoft 20120901
F-Prot 20120831
F-Secure 20120901
Fortinet 20120830
GData 20120901
Ikarus 20120831
Jiangmin 20120831
K7AntiVirus 20120831
McAfee-GW-Edition 20120831
Norman 20120831
PCTools 20120901
Rising 20120831
SUPERAntiSpyware 20120831
Sophos 20120901
Symantec 20120901
TheHacker 20120830
TotalDefense 20120831
TrendMicro 20120901
TrendMicro-HouseCall 20120901
VBA32 20120831
VIPRE 20120901
ViRobot 20120831
VirusBuster 20120831
eSafe 20120830
nProtect 20120831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) Microsoft Corp. 1991-1996

Publisher Microsoft Corporation
Product Microsoft(R) Windows (R) 2000 Operating System
Original name WINHLP32.EXE
Internal name WINHSTB
File version 5.00.2134.1
Description Windows Winhlp32 Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-31 21:40:33
Entry Point 0x00001350
Number of sections 4
PE sections
PE imports
[+] ADVAPI32.dll
RegCloseKey
[+] COMDLG32.dll
PrintDlgA
PrintDlgExW
ReplaceTextA
FindTextA
GetFileTitleW
GetOpenFileNameW
ChooseColorW
ChooseFontW
GetSaveFileNameW
PageSetupDlgA
GetFileTitleA
ChooseColorA
FindTextW
GetOpenFileNameA
ReplaceTextW
CommDlgExtendedError
PrintDlgExA
PageSetupDlgW
GetSaveFileNameA
ChooseFontA
[+] KERNEL32.dll
SetThreadLocale
CreateJobObjectA
GetOverlappedResult
DeleteFiber
GetDriveTypeA
EnumUILanguagesW
SetConsoleCursorPosition
GetTapeParameters
DeleteCriticalSection
SetSystemTime
OpenFileMappingA
lstrcatW
HeapWalk
IsDBCSLeadByteEx
GetTempPathA
WriteFile
SwitchToFiber
SetProcessAffinityMask
GlobalMemoryStatusEx
SetFileAttributesA
QueryDosDeviceA
GetProfileIntW
InitializeCriticalSection
GlobalHandle
QueryDosDeviceW
GetStringTypeExA
GetUserDefaultUILanguage
LoadLibraryA
UpdateResourceA
SetConsoleCtrlHandler
GetProfileSectionW
OpenWaitableTimerW
MultiByteToWideChar
DeleteTimerQueueTimer
FreeEnvironmentStringsA
EnumSystemLanguageGroupsA
SetUnhandledExceptionFilter
GetConsoleDisplayMode
MulDiv
FindAtomW
WriteConsoleA
SleepEx
ReadConsoleOutputA
LocalCompact
HeapFree
SetHandleCount
MoveFileWithProgressW
lstrcmp
TlsAlloc
WriteConsoleOutputAttribute
GlobalSize
GetWindowsDirectoryW
AddAtomA
SetProcessPriorityBoost
ReadProcessMemory
CreateDirectoryW
GetProcAddress
AddAtomW
GetProfileStringW
lstrcpyW
WaitNamedPipeW
EnumDateFormatsExA
FindFirstFileExA
FindNextFileW
GlobalFix
FreeConsole
GetProcessWorkingSetSize
GetTimeZoneInformation
ReadDirectoryChangesW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ReadConsoleOutputAttribute
GlobalGetAtomNameW
GetConsoleAliasesLengthA
VirtualAllocEx
FindResourceW
UnregisterWaitEx
GetShortPathNameA
SwitchToThread
GetCurrentDirectoryW
GetCurrentProcessId
ContinueDebugEvent
GetCommandLineW
ClearCommBreak
EnumResourceTypesA
QueryPerformanceFrequency
SetFilePointer
DeleteVolumeMountPointW
SetConsoleTitleA
CloseHandle
GetCommConfig
GetModuleHandleW
CreateProcessA
SetComputerNameExA
GetDefaultCommConfigW
FindFirstChangeNotificationA
GetConsoleAliasExesLengthW
DnsHostnameToComputerNameA
[+] SHELL32.dll
SHBindToParent
SHPathPrepareForWriteA
SHChangeNotify
ExtractIconW
SHQueryRecycleBinW
Shell_NotifyIcon
DragQueryFileA
SHGetDiskFreeSpaceExW
DuplicateIcon
ShellExecuteEx
ExtractIconEx
SHGetDesktopFolder
DragQueryFile
SHBrowseForFolder
SHFreeNameMappings
SHGetSpecialFolderPathW
DragFinish
SHGetFileInfo
SHGetSettings
ShellHookProc
SHGetInstanceExplorer
SHGetDataFromIDListA
SHGetPathFromIDList
CommandLineToArgvW
[+] SHLWAPI.dll
StrChrW
StrRChrW
StrCmpNW
StrChrIW
StrRStrIA
StrChrA
StrStrW
StrChrIA
StrRStrIW
StrCmpNIW
[+] USER32.dll
GetForegroundWindow
SetMenuItemBitmaps
DrawAnimatedRects
PostQuitMessage
BroadcastSystemMessageW
OpenWindowStationW
GetInputState
GetDC
DrawTextA
DefFrameProcW
SendMessageA
GetClientRect
GetNextDlgTabItem
InSendMessage
CopyAcceleratorTableA
RegisterHotKey
DdeConnectList
GetWindowTextLengthW
GetMenuItemCount
DeregisterShellHookWindow
GetMessageA
SendIMEMessageExA
UpdateWindow
SetPropA
CallMsgFilterA
SendIMEMessageExW
ShowWindow
EnumPropsExW
CharToOemBuffA
PeekMessageW
EnableWindow
CharUpperW
GetClipboardFormatNameW
TranslateMessage
SetThreadDesktop
GetDlgItemTextW
CharUpperA
ActivateKeyboardLayout
GetTabbedTextExtentW
EnumDisplayDevicesA
IsCharLowerA
CloseWindow
DrawMenuBar
OpenDesktopA
GetPriorityClipboardFormat
SetTimer
SwitchToThisWindow
CopyRect
GetDialogBaseUnits
RealChildWindowFromPoint
CreateAcceleratorTableA
RegisterWindowMessageW
MapVirtualKeyA
GetOpenClipboardWindow
GetKeyboardLayoutNameA
OffsetRect
VkKeyScanExA
CheckMenuRadioItem
ReleaseCapture
WaitMessage
CreateMenu
CreateWindowStationW
SetWindowsHookExA
PostThreadMessageW
GetMenuStringA
CreateDesktopW
NotifyWinEvent
GetScrollBarInfo
LoadMenuA
RemovePropA
RemoveMenu
MessageBoxExA
DdeUninitialize
LookupIconIdFromDirectory
SendMessageCallbackA
SetRectEmpty
CascadeChildWindows
DestroyCursor
wvsprintfA
MessageBoxIndirectW
CopyImage
EndDeferWindowPos
GetWindowRgn
SetSysColors
SetDoubleClickTime
SubtractRect
SetCursorPos
WinHelpA
SetMessageQueue
ModifyMenuW
GetClassNameA
SetCursor
Number of PE resources by type
RT_ICON 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.2134.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
52224

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Microsoft Corp. 1991-1996

FileVersion
5.00.2134.1

TimeStamp
2012:08:31 23:40:33+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
WINHSTB

ProductVersion
5.00.2134.1

FileDescription
Windows Winhlp32 Stub

OSVersion
4.0

OriginalFilename
WINHLP32.EXE

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
312832

ProductName
Microsoft(R) Windows (R) 2000 Operating System

ProductVersionNumber
5.0.2134.1

EntryPoint
0x1350

ObjectFileType
Executable application

File identification
MD5 04f9d2e4bfb3188257c5a31b65bb14c1
SHA1 0ff36c17025ec85cff3ae080da56cb10c7729a9f
SHA256 98bbe7548b6c51247bd2ef0bcf4f4ac45df9851a3dd9c5ceb5e04b9320c55645
ssdeep
6144:NbCdhPuyzFFiIX0zE9NKFEWNFfK4CS0NwIt2+fFBFFrkiL:NmdQWiIXxcXNkjNtZf1Frn

File size 364.4 KB ( 373112 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (79.2%)
Windows Screen Saver (7.7%)
Win32 Executable Generic (5.0%)
Win32 Dynamic Link Library (generic) (4.4%)
Win16/32 Executable Delphi generic (1.2%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-31 21:54:50 UTC ( 1 year, 7 months ago )
Last submission 2012-09-01 01:00:31 UTC ( 1 year, 7 months ago )
File names WINHSTB
WINHLP32.EXE
updateflashplayer.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | | Google groups | ToS | Privacy policy