× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d1f9345cd38611fc175c0eb1807157f008e4503e24274f2a70df588a9c0a682b
File name: adobe_flash_player-31254524.exe
Detection ratio: 27 / 56
Analysis date: 2016-05-04 12:12:31 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Application.Bundler.DownloadAdmin.10 20160504
AhnLab-V3 PUP/Win32.DownloadAdmin 20160503
Antiy-AVL RiskWare[Downloader:not-a-virus]/Win32.DownloAdmin 20160504
AVG Downloader.Generic14.ASAB 20160504
Avira (no cloud) TR/Taranis.3872 20160504
AVware Trojan.Win32.Generic!BT 20160504
BitDefender Gen:Variant.Application.Bundler.DownloadAdmin.10 20160504
Cyren W32/Application.OUNC-5110 20160504
DrWeb Trojan.Vittalia.9336 20160504
ESET-NOD32 a variant of Win32/TrojanDownloader.Adload.NRA 20160504
F-Secure Gen:Variant.Application.Bundler 20160504
GData Gen:Variant.Application.Bundler.DownloadAdmin.10 20160504
Ikarus PUA.DownloadAdmin 20160504
Jiangmin Downloader.DownloAdmin.ac 20160504
K7AntiVirus Riskware ( 0040eff71 ) 20160503
K7GW Riskware ( 0040eff71 ) 20160504
McAfee Artemis!9854F14CA653 20160504
McAfee-GW-Edition Artemis 20160504
eScan Gen:Variant.Application.Bundler.DownloadAdmin.10 20160504
NANO-Antivirus Trojan.Win32.Vittalia.ebsocd 20160504
Panda Trj/Genetic.gen 20160503
Qihoo-360 Win32/Trojan.5b1 20160504
Rising Malware.Undefined!8.C-9SV4KbqoXSB (Cloud) 20160504
SUPERAntiSpyware PUP.DownloadAdmin/Variant 20160504
Tencent Win32.Trojan.Taranis.Htls 20160504
VIPRE Trojan.Win32.Generic!BT 20160504
Yandex Trojan.DL.Adload!n+476QuZkXs 20160502
AegisLab 20160504
Alibaba 20160504
ALYac 20160504
Arcabit 20160504
Avast 20160504
Baidu 20160504
Baidu-International 20160504
Bkav 20160504
CAT-QuickHeal 20160504
ClamAV 20160503
CMC 20160504
Comodo 20160504
Emsisoft 20160503
F-Prot 20160504
Fortinet 20160504
Kaspersky 20160504
Kingsoft 20160504
Malwarebytes 20160504
Microsoft 20160504
nProtect 20160504
Sophos AV 20160504
Symantec 20160504
TheHacker 20160503
TrendMicro 20160504
TrendMicro-HouseCall 20160504
VBA32 20160504
ViRobot 20160504
Zillya 20160503
Zoner 20160504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 4:25 AM 5/4/2016
Signers
[+] Quesadilla Interactive
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Go Daddy Secure Certificate Authority - G2
Valid from 11:17 PM 3/8/2016
Valid to 11:17 PM 3/8/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 287155E3465C07AA441A5791CBDAC1F0A2282C66
Serial number 01 76 89 D7 55 75 51 E3
[+] Go Daddy Secure Certificate Authority - G2
Status Valid
Issuer Go Daddy Root Certificate Authority - G2
Valid from 8:00 AM 5/3/2011
Valid to 8:00 AM 5/3/2031
Valid usage All
Algorithm sha256RSA
Thumbprint 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Serial number 07
[+] Go Daddy Root Certificate Authority - G2
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 8:00 AM 1/1/2014
Valid to 8:00 AM 5/30/2031
Valid usage All
Algorithm sha256RSA
Thumbprint 340B2880F446FCC04E59ED33F52B3D08D6242964
Serial number 1B E7 15
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 6:06 PM 6/29/2004
Valid to 6:06 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000014C0
Number of sections 16
PE sections
Overlays
MD5 1bbf968d6cfbb47f6cdc12aec8d3d0d3
File type data
Offset 80896
Size 48744
Entropy 4.78
PE imports
GetLastError
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetCurrentThreadId
VirtualAlloc
LeaveCriticalSection
MessageBoxA
strncmp
__lconv_init
malloc
rand
__getmainargs
fclose
__dllonexit
_cexit
abort
_setmode
_setjmp3
printf
fflush
_fmode
_amsg_exit
fwrite
_lock
_onexit
__initenv
fputs
exit
_fileno
__setusermatherr
srand
_acmdln
memset
longjmp
_unlock
memcmp
free
vfprintf
_wfopen
calloc
strlen
memcpy
signal
fprintf
_initterm
__set_app_type
setvbuf
_iob
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
47104

LinkerVersion
2.24

EntryPoint
0x14c0

InitializedDataSize
68096

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
6656

File identification
MD5 9854f14ca653ee7c6bf6506d823f7371
SHA1 1f355f43bb235067baaec6dfe48ecded9245a133
SHA256 d1f9345cd38611fc175c0eb1807157f008e4503e24274f2a70df588a9c0a682b
ssdeep
1536:PVqazqN2qAhFmwDaaoXazFb3xotd5j2kMGh4sk/z+uRq53zv5:dvqiFmwyXahbB051MmMb+uRqJ1

authentihash 1e206576097e620af5ea0098c445faea4c61ef738faed8cade36d1b419048e12
imphash e54e0ba8e4de8996b881b47ecf6695a7
File size 126.6 KB ( 129640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-05-04 03:31:02 UTC ( 2 years, 3 months ago )
Last submission 2018-05-20 11:28:14 UTC ( 2 months, 3 weeks ago )
File names adobe_flash_player-31219104.exe
adobe_flash_player-31214007.exe
adobe_flash_player-31219430.exe
adobe_flash_player-31211731.exe
adobe_flash_player-31209181.exe
adobe_flash_player-31211598.exe
adobe_flash_player-31221290.exe
adobe_flash_player-31213454.exe
adobe_flash_player-31220131.exe
adobe_flash_player-31219948.exe
adobe_flash_player-31063086.exe
9854f14ca653ee7c6bf6506d823f7371.vir
adobe_flash_player-31254524.exe
adobe_flash_player-31220968.exe
adobe_flash_player-31207648.exe
adobe_flash_player-31207536.exe
adobe_flash_player-31219994.exe
adobe_flash_player-31064915.exe
adobe_flash_player-31220287.exe
output.92658940.txt
adobe_flash_player-31291011.exe
adobe_flash_player-31219413.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications