× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d
File name: flash (1) (1) (1) (1) (1) (1) (3) (2) (1) (1) (1).exe
Detection ratio: 44 / 57
Analysis date: 2016-10-25 11:29:11 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3598332 20161025
AegisLab Troj.Dropper.W32.Injector!c 20161025
AhnLab-V3 Trojan/Win32.Cerber.N2129119414 20161025
ALYac Trojan.GenericKD.3598332 20161025
Arcabit Trojan.Generic.D36E7FC 20161025
Avast Win32:Trojan-gen 20161025
AVG Agent5.AUJG 20161024
Avira (no cloud) TR/AD.Inject.tnwpu 20161025
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20161025
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20161025
BitDefender Trojan.GenericKD.3598332 20161025
Bkav W32.CirematASE.Trojan 20161025
CAT-QuickHeal Trojan.Dynamer.S7 20161025
Comodo TrojWare.Win32.TrickBot.A 20161025
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Trojan.QTZK-1911 20161025
DrWeb Trojan.DownLoader22.63008 20161025
Emsisoft Trojan.GenericKD.3598332 (B) 20161025
ESET-NOD32 Win32/Agent.YEP 20161025
F-Secure Trojan.GenericKD.3598332 20161025
Fortinet W32/Injector.PRCM!tr 20161025
GData Trojan.GenericKD.3598332 20161025
Ikarus Trojan.Win32.Agent 20161025
Sophos ML trojan.win32.c2lop.a 20161018
Jiangmin TrojanDropper.Injector.bkgm 20161025
K7AntiVirus Riskware ( 0040eff71 ) 20161025
K7GW Riskware ( 0040eff71 ) 20161025
Kaspersky Trojan-Dropper.Win32.Injector.prcm 20161025
Malwarebytes Spyware.TrickBot 20161025
McAfee Generic.anf 20161025
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gh 20161025
Microsoft Trojan:Win32/Skeeyah.A!rfn 20161025
eScan Trojan.GenericKD.3598332 20161025
NANO-Antivirus Trojan.Win32.DownLoader22.ehfxnq 20161025
Panda Trj/GdSda.A 20161024
Qihoo-360 HEUR/QVM07.1.7049.Malware.Gen 20161025
Sophos AV Mal/Generic-S 20161025
Symantec Trojan.Trickybot 20161025
Tencent Win32.Trojan.Inject.Auto 20161025
TrendMicro TSPY_TRICKLOAD.F 20161025
TrendMicro-HouseCall TSPY_TRICKLOAD.F 20161025
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20161025
ViRobot Trojan.Win32.Z.Upatre.412160[h] 20161025
Zillya Dropper.Injector.Win32.78924 20161024
Alibaba 20161025
Antiy-AVL 20161025
ClamAV 20161025
CMC 20161025
F-Prot 20161025
Kingsoft 20161025
nProtect 20161025
Rising 20161025
SUPERAntiSpyware 20161025
TheHacker 20161025
TotalDefense 20161025
VBA32 20161024
Yandex 20161024
Zoner 20161025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-09 00:49:04
Entry Point 0x000034E0
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
lstrlenA
GetOEMCP
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
WideCharToMultiByte
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
GetModuleHandleA
GetCPInfo
ExitProcess
SetFilePointer
lstrcmpA
WriteFile
GetStartupInfoA
CloseHandle
GetACP
GetModuleHandleW
TerminateProcess
GetVersion
InitializeCriticalSection
HeapCreate
CreateFileW
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
VirtualAlloc
SleepEx
SetLastError
LeaveCriticalSection
ExtractIconW
RedrawWindow
UpdateWindow
GetScrollRange
EndDialog
LoadBitmapW
DefWindowProcW
SetMenuItemInfoA
GetDlgCtrlID
GetMessageW
PostQuitMessage
ShowWindow
SetScrollRange
GetWindowRect
EndPaint
SetMenu
PostMessageA
MoveWindow
DialogBoxParamW
GetDlgItemTextA
GetClassNameA
TranslateMessage
GetDlgItemInt
DispatchMessageW
BeginPaint
SendMessageW
LoadStringA
PtInRect
LoadStringW
GetScrollPos
FrameRect
GetActiveWindow
LoadMenuA
GetDesktopWindow
LoadCursorW
LoadIconW
GetFocus
CreateWindowExW
RegisterClassExW
TranslateAcceleratorW
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MENU 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:09 01:49:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221696

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
195584

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x34e0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f26649fc31ede7594b18f8cd7cdbbc15
SHA1 684e440a55f77d5f2559b10d21e9cff251d7fa83
SHA256 a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d
ssdeep
3072:U4mtj9F/MBJ0h291ei3Y5qFKsl5kBgCOyBcTeh25ryfEQj7ZbGi0GjbrlfFv6gmb:qn/3s9kvEwsl5pMBESRh9vxZGD

authentihash ccf14fe544fc3f8e99b27c789d7cd68db9c0c67a957e61dd899dbce6ff925ffd
imphash 556bdfd35548767b29ab00f0f25f6b32
File size 402.5 KB ( 412160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe installshield

VirusTotal metadata
First submission 2016-10-13 13:33:40 UTC ( 2 years, 6 months ago )
Last submission 2019-03-14 14:17:32 UTC ( 1 month, 1 week ago )
File names flash (1) (1) (1) (1) (1) (1) (3) (2) (1) (1) (1).exe
f26649fc31ede7594b18f8cd7cdbbc15
YEP.exe
a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d
1.exe
flash (1).exe
1.exe
690914
a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d.bin
flash(1).exe
387986
flash2.exe
1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications