× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af8765df49e13e6a8df1a53d029e4fefe6014dd1cc9b57b39bc9edbf48aef7c1
File name: 91EF620510625E816EF38E8E6CA07946
Detection ratio: 52 / 57
Analysis date: 2016-11-16 02:28:36 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Win32.Virtob.Gen.12 20161116
AegisLab Packer.W32.Krap.lntJ 20161115
AhnLab-V3 Trojan/Win32.Krap.N464836420 20161115
Antiy-AVL Virus/Win32.Virut.ce 20161116
Arcabit Win32.Virtob.Gen.12 20161115
Avast Win32:Vitro 20161116
AVG Win32/DH.FF8202CD{Mw} 20161116
Avira (no cloud) W32/Virut.Gen 20161116
AVware Virus.Win32.Virut.ce (v) 20161116
Baidu Win32.Virus.Virut.gen 20161115
BitDefender Win32.Virtob.Gen.12 20161116
Bkav W32.Vetor.PE 20161112
CAT-QuickHeal W32.Virut.G 20161115
CMC Virus.Win32.Virut.1!O 20161115
Comodo Virus.Win32.Virut.CE 20161115
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Ramnit.F.gen!Eldorado 20161116
DrWeb Win32.Virut.56 20161116
Emsisoft Win32.Virtob.Gen.12 (B) 20161116
ESET-NOD32 Win32/Virut.NBP 20161116
F-Prot W32/Ramnit.F.gen!Eldorado 20161116
F-Secure Win32.Virtob.Gen.12 20161115
Fortinet W32/Virut.CE 20161116
GData Win32.Virtob.Gen.12 20161116
Ikarus Virus.Win32.Ramnit 20161115
Sophos ML trojan.win32.ramnit.a 20161018
Jiangmin Win32/Virut.bt 20161115
K7AntiVirus Virus ( f10002001 ) 20161115
K7GW Virus ( f10002001 ) 20161116
Kaspersky Packed.Win32.Krap.ar 20161116
Malwarebytes Trojan.Downloader 20161116
McAfee PWS-Zbot.gen.di 20161116
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20161116
Microsoft Virus:Win32/Virut.EPO 20161115
eScan Win32.Virtob.Gen.12 20161115
NANO-Antivirus Trojan.Win32.Ramnit.bbgdmp 20161115
nProtect Virus/W32.Virut.Gen 20161116
Panda Trj/Pck_Pretorx.A 20161115
Qihoo-360 VirusOrg.Win32.Ramnit.E 20161116
Rising Virus.Virut!1.A08B (classic) 20161116
Sophos AV W32/Scribble-B 20161116
SUPERAntiSpyware Trojan.Agent/Gen-Ramnit 20161116
Symantec Packed.Protexor!gen1 20161116
Tencent Win32.Virus.Virut.Hufv 20161116
TheHacker W32/Virtob.Gen(F) 20161115
TotalDefense Win32/Virut.17408 20161115
TrendMicro TROJ_DYER.BMC 20161116
TrendMicro-HouseCall WORM_PALEVO.SMGD 20161116
VBA32 Malware-Cryptor.Win32.General.4 20161115
VIPRE Virus.Win32.Virut.ce (v) 20161116
ViRobot Win32.Virut.Gen.C[h] 20161116
Yandex Win32.Virut.AB.Gen 20161115
Alibaba 20161115
ALYac 20161116
ClamAV 20161115
Kingsoft 20161116
Zillya 20161115
Zoner 20161116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2003 Macromedia, Inc.

Product Shockwave Flash
Original name SAFlashPlayer.exe
Internal name Macromedia Flash Player 7.0
File version 7,0,19,0
Description Macromedia Flash Player 7.0 r19
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-03-09 16:59:05
Entry Point 0x000011FC
Number of sections 5
PE sections
PE imports
PropertySheetA
GetLastError
SetCurrentDirectoryW
HeapFree
CopyFileW
GetDriveTypeW
lstrlenW
lstrlenA
LoadLibraryW
DeviceIoControl
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
GetTimeFormatW
HeapAlloc
GetVersionExA
lstrcmpiW
LoadLibraryA
FreeLibrary
LocalReAlloc
GetStartupInfoA
GetWindowsDirectoryW
GetDiskFreeSpaceExW
LocalAlloc
GetDateFormatW
GetCommandLineW
ReleaseMutex
GetVolumeInformationW
MultiByteToWideChar
RegisterWowExec
OpenMutexW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetPrivateProfileStringW
ExitThread
GetModuleHandleA
SetFilePointer
WriteFile
RaiseException
UnhandledExceptionFilter
WideCharToMultiByte
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemDefaultUILanguage
FindNextFileW
GlobalFree
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentProcess
CreateMutexW
ReadFile
GetSystemTimeAsFileTime
FindFirstFileW
IsValidLocale
lstrcmpW
GetPrivateProfileSectionW
LocalFree
FormatMessageW
TerminateProcess
GetFileAttributesW
GetSystemDirectoryW
Sleep
GetCurrentDirectoryW
OpenEventW
CreateFileW
GlobalAlloc
CreateProcessW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
CloseHandle
GetTickCount
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
SetLastError
InterlockedIncrement
_ismbcprint
difftime
_mbsnbset
SysAllocStringLen
VariantCopyInd
VariantClear
SysStringLen
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
StrCmpLogicalW
PathIsRelativeW
PathIsNetworkPathA
SetForegroundWindow
SetFocus
IsRectEmpty
GetWindowDC
GetWindowInfo
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CATALAN DEFAULT 2
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
LegalTrademarks
Macromedia Flash Player

SubsystemVersion
4.0

LinkerVersion
6.4

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
7.0.19.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Macromedia Flash Player 7.0 r19

CharacterSet
Unicode

InitializedDataSize
122880

EntryPoint
0x11fc

OriginalFileName
SAFlashPlayer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2003 Macromedia, Inc.

FileVersion
7,0,19,0

TimeStamp
1998:03:09 17:59:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Macromedia Flash Player 7.0

ProductVersion
7,0,19,0

UninitializedDataSize
2048

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Macromedia, Inc.

CodeSize
8704

ProductName
Shockwave Flash

ProductVersionNumber
7.0.19.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 91ef620510625e816ef38e8e6ca07946
SHA1 01be62afec81d372ca051d0a0bda8fe5a4bb7faa
SHA256 af8765df49e13e6a8df1a53d029e4fefe6014dd1cc9b57b39bc9edbf48aef7c1
ssdeep
3072:hR2xn3k0CdM1vabyzJYWqG095mAbhRg5Pn:hR2J0LS6VThQ/

authentihash 011824a71805515ce4718b507557d8bdeb1edfaf745692305024a06aae022ae7
imphash a98bd09a1094488d54c82496de9429da
File size 123.0 KB ( 125952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2011-12-25 00:16:40 UTC ( 7 years, 2 months ago )
Last submission 2011-12-25 00:16:40 UTC ( 7 years, 2 months ago )
File names Macromedia Flash Player 7.0
91EF620510625E816EF38E8E6CA07946
Cmgr.exe
SAFlashPlayer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications