× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a94abafca54960503e28f9fe046b706a3ae0eda5bab3dc6d8370b45e37e5f3cb
File name: a94abafca54960503e28f9fe046b706a3ae0eda5bab3dc6d8370b45e37e5f3cb
Detection ratio: 0 / 68
Analysis date: 2018-06-15 08:42:02 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20180615
AegisLab 20180615
AhnLab-V3 20180615
Alibaba 20180615
ALYac 20180615
Antiy-AVL 20180615
Arcabit 20180615
Avast 20180615
Avast-Mobile 20180614
AVG 20180615
Avira (no cloud) 20180615
AVware 20180615
Babable 20180406
Baidu 20180615
BitDefender 20180615
Bkav 20180614
CAT-QuickHeal 20180615
ClamAV 20180615
CMC 20180614
Comodo 20180615
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180615
Cyren 20180615
DrWeb 20180615
eGambit 20180615
Emsisoft 20180615
Endgame 20180612
ESET-NOD32 20180615
F-Prot 20180615
F-Secure 20180615
Fortinet 20180615
GData 20180615
Ikarus 20180615
Sophos ML 20180601
Jiangmin 20180615
K7AntiVirus 20180615
K7GW 20180615
Kaspersky 20180615
Kingsoft 20180615
Malwarebytes 20180615
MAX 20180615
McAfee 20180615
McAfee-GW-Edition 20180615
Microsoft 20180615
eScan 20180615
NANO-Antivirus 20180615
Palo Alto Networks (Known Signatures) 20180615
Panda 20180614
Qihoo-360 20180615
Rising 20180615
SentinelOne (Static ML) 20180225
Sophos AV 20180615
SUPERAntiSpyware 20180614
Symantec 20180615
Symantec Mobile Insight 20180614
TACHYON 20180614
Tencent 20180615
TheHacker 20180613
TotalDefense 20180615
TrendMicro 20180615
TrendMicro-HouseCall 20180615
Trustlook 20180615
VBA32 20180614
VIPRE 20180615
ViRobot 20180615
Webroot 20180615
Yandex 20180614
Zillya 20180614
ZoneAlarm by Check Point 20180615
Zoner 20180614
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1996-2017 Adobe Systems Incorporated

Product Adobe® Flash® Player Installer/Uninstaller
Original name FlashUtil.exe
Internal name Adobe® Flash® Player Installer/Uninstaller 28.0
File version 28,0,0,105
Description Adobe® Flash® Player Installer/Uninstaller 28.0 d0
Signature verification Signed file, verified signature
Signing date 4:13 AM 11/6/2017
Signers
[+] Adobe Systems Incorporated
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 3/15/2017
Valid to 1:00 PM 3/20/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 2E419CCC647F94FE0DFC5460D0740B93D3572E54
Serial number 06 F0 47 88 03 10 55 D3 1D EF FE FC D0 26 D6 C5
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 1:00 AM 1/2/2017
Valid to 12:59 AM 4/2/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 1/12/2016
Valid to 12:59 AM 1/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 4/2/2008
Valid to 12:59 AM 12/2/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-06 01:28:46
Entry Point 0x0002A4CC
Number of sections 5
PE sections
Overlays
MD5 1259beb906f9c9e64ad377ab892c577f
File type data
Offset 20338688
Size 7680
Entropy 7.26
PE imports
RegCreateKeyExW
OpenServiceW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
FreeSid
CryptGetHashParam
RegQueryValueExA
OpenSCManagerW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
QueryServiceStatusEx
RegSetValueExA
ControlService
AllocateAndInitializeSid
CryptHashData
RegOpenKeyExA
CloseServiceHandle
RegQueryValueExW
DeleteDC
SetBkMode
CreateFontA
CreateCompatibleBitmap
GetTextExtentExPointW
SelectObject
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
CreateSolidBrush
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
HeapAlloc
QueueUserAPC
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
OutputDebugStringW
FindClose
InterlockedDecrement
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetFileAttributesW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
GetSystemDirectoryA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
SetEndOfFile
SetWaitableTimer
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateWaitableTimerW
GetFileSizeEx
RemoveDirectoryW
FindNextFileW
FindFirstFileW
DuplicateHandle
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
Process32NextW
CreateProcessW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SysFreeString
VariantInit
VariantClear
SysAllocString
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
Ord(680)
CommandLineToArgvW
MapWindowPoints
GetForegroundWindow
GetParent
GetPropW
BeginPaint
DefWindowProcW
MoveWindow
GetMessageW
PostQuitMessage
ShowWindow
SetWindowPos
SetWindowLongW
MessageBoxW
GetWindowRect
RegisterClassExW
SetCapture
ReleaseCapture
SetPropW
TranslateMessage
GetWindow
PostMessageW
DispatchMessageW
GetKeyState
ReleaseDC
GetWindowLongW
LoadStringW
GetClientRect
DrawTextW
GetDC
ClientToScreen
SetRect
InvalidateRect
SetTimer
CallWindowProcW
FillRect
SetWindowTextW
LoadCursorW
CreateWindowExW
EndPaint
SetForegroundWindow
DestroyWindow
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
Number of PE resources by type
RT_STRING 112
RT_RCDATA 9
RT_ICON 7
LZMG 1
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 9
ENGLISH CAN 8
TURKISH DEFAULT 7
SWEDISH NEUTRAL 7
GERMAN 7
CHINESE TRADITIONAL 7
CZECH DEFAULT 7
JAPANESE DEFAULT 7
FRENCH 7
CHINESE SIMPLIFIED 7
PORTUGUESE BRAZILIAN 7
SPANISH MODERN 7
POLISH DEFAULT 7
DUTCH 7
RUSSIAN 7
KOREAN 7
ITALIAN 7
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Adobe Flash Player

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
28.0.0.105

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Adobe Flash Player Installer/Uninstaller 28.0 d0

CharacterSet
Unicode

InitializedDataSize
20096512

EntryPoint
0x2a4cc

OriginalFileName
FlashUtil.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2017 Adobe Systems Incorporated

FileVersion
28,0,0,105

TimeStamp
2017:11:06 02:28:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Adobe Flash Player Installer/Uninstaller 28.0

ProductVersion
28,0,0,105

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
241152

ProductName
Adobe Flash Player Installer/Uninstaller

ProductVersionNumber
28.0.0.105

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 2568dfcfe37c2b68a599eb4513208cc8
SHA1 16ccef2ed3bd5a3a84313c87d8bf07957f0edd8f
SHA256 a94abafca54960503e28f9fe046b706a3ae0eda5bab3dc6d8370b45e37e5f3cb
ssdeep
393216:ijMVFAdaIxLVg4oWRgPWT4UDhJKrtKok5aUofycxpCdid:SUAdaaVgQ2QDD5beXvaid

authentihash c949aad068483822df15c394bce8002ba6dfe100c09a2c6e586265756e130d0f
imphash 9ef2637127763f24c280f481edbcf238
File size 19.4 MB ( 20346368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-11-10 03:08:48 UTC ( 1 year, 3 months ago )
Last submission 2018-05-26 07:05:02 UTC ( 8 months, 4 weeks ago )
File names install_flash_player_ax.exe
install_flash_player_ax.exe
Uninstaller 28.0
FlashUtil.exe
install_flash_player_ax.exe
install_flash_player_ax.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.