× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d23456ffeaad7183176e71870957a222d20025a35e8e1070bd81bc7491ab625b
File name: install_flashplayer.exe
Detection ratio: 43 / 54
Analysis date: 2014-09-03 21:06:36 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
AVG Generic35.APYO 20140903
AVware Trojan.Win32.ZAccess.a!ag (v) 20140903
Ad-Aware Gen:Variant.Kazy.308143 20140903
Agnitum Trojan.Yakes!X7Ja+2hyKDk 20140903
AhnLab-V3 Trojan/Win32.Yakes 20140903
Avast Win32:Kryptik-NTE [Trj] 20140903
Avira TR/Dldr.Tofsee.D.106 20140903
Baidu-International Trojan.Win32.Yakes.aS 20140903
BitDefender Gen:Variant.Kazy.308143 20140903
CAT-QuickHeal TrojanDownloader.Tofsee.r4 20140903
Comodo TrojWare.Win32.Yakes.~O 20140903
Cyren W32/Trojan.LKLL-2175 20140903
DrWeb Trojan.DownLoad3.21597 20140903
ESET-NOD32 a variant of Win32/Kryptik.BRFH 20140903
Emsisoft Gen:Variant.Kazy.308143 (B) 20140903
F-Secure Gen:Variant.Kazy.308143 20140903
Fortinet W32/Zbot.FG!tr 20140903
GData Gen:Variant.Kazy.308143 20140903
Ikarus Trojan-Downloader.Win32.Tofsee 20140903
Jiangmin Trojan/Yakes.ugn 20140903
K7AntiVirus Trojan ( 0049122d1 ) 20140903
K7GW Trojan ( 0049122d1 ) 20140903
Kaspersky HEUR:Trojan.Win32.Generic 20140903
Kingsoft Win32.Troj.Yakes.dv.(kcloud) 20140903
Malwarebytes Trojan.Downloader 20140903
McAfee Downloader-FTZ!FA26FD320BF4 20140903
McAfee-GW-Edition Downloader-FTZ!FA26FD320BF4 20140903
MicroWorld-eScan Gen:Variant.Kazy.308143 20140903
Microsoft TrojanDownloader:Win32/Tofsee.D 20140903
NANO-Antivirus Trojan.Win32.Yakes.cwltjg 20140903
Norman Heur.I 20140903
Panda Generic Malware 20140903
Qihoo-360 Win32/Trojan.249 20140903
Rising PE:Trojan.Win32.Generic.163266CB!372401867 20140903
Sophos Mal/Generic-S 20140903
Symantec Trojan.Gen 20140903
Tencent Win32.Trojan.Yakes.Ectq 20140903
TrendMicro TROJ_SPNV.01LB13 20140903
TrendMicro-HouseCall TROJ_SPNV.01LB13 20140903
VBA32 Trojan.Yakes 20140903
VIPRE Trojan.Win32.ZAccess.a!ag (v) 20140903
Zillya Trojan.Kryptik.Win32.543756 20140903
nProtect Trojan/W32.Yakes.59392.S 20140903
AegisLab 20140903
Bkav 20140903
ByteHero 20140903
CMC 20140901
ClamAV 20140903
F-Prot 20140903
SUPERAntiSpyware 20140903
TheHacker 20140903
TotalDefense 20140903
ViRobot 20140903
Zoner 20140901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-10 05:55:21
Link date 6:55 AM 12/10/2013
Entry Point 0x00001840
Number of sections 4
PE sections
PE imports
RegOpenKeyA
CreateFontIndirectW
CreatePen
CombineRgn
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
GetObjectW
BitBlt
SetTextColor
GetCurrentObject
FillRgn
MoveToEx
GetStockObject
CreateCompatibleDC
CreateRectRgn
SelectObject
GetCharWidth32W
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SetRectRgn
VirtualAlloc
GetProcAddress
LoadLibraryW
LocalAlloc
ReadFile
SetFocus
SetForegroundWindow
GetMonitorInfoW
GetForegroundWindow
EnableWindow
DrawEdge
MonitorFromPoint
GetPropW
PostQuitMessage
OffsetRect
EndDialog
FindWindowW
CheckRadioButton
KillTimer
BeginPaint
GetMessageW
ShowWindow
CreateDialogIndirectParamW
SetPropW
GetSystemMetrics
SetScrollPos
IsWindow
SendMessageW
MonitorFromRect
GetWindowRect
DestroyIcon
EndPaint
ScrollWindowEx
MoveWindow
DialogBoxParamW
MapWindowPoints
DefWindowProcW
CallWindowProcW
RegisterDeviceNotificationW
SetWindowPos
TranslateMessage
IsWindowEnabled
GetWindow
PostMessageW
GetSysColor
SetWindowsHookW
SetScrollInfo
CreateWindowExW
GetCursorPos
MapDialogRect
GetDlgCtrlID
CheckMenuItem
GetMenu
RegisterClassW
wsprintfW
WinHelpW
LoadStringW
SetWindowTextW
SetWindowLongW
GetDlgItem
RemovePropW
MessageBoxW
IsIconic
InvalidateRect
LoadImageW
LoadIconA
IsDialogMessageW
FillRect
UnhookWindowsHook
IsDlgButtonChecked
SubtractRect
GetWindowTextW
EnableMenuItem
GetDesktopWindow
UnregisterDeviceNotification
LoadCursorW
LoadIconW
GetFocus
DispatchMessageW
LoadAcceleratorsW
GetWindowLongW
GetUpdateRect
GetClientRect
DestroyWindow
DefDlgProcW
TranslateAcceleratorW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ARABIC SAUDI ARABIA 1
ExifTool file metadata
SubsystemVersion
5.0

Comments
Creates, modifies or queries Windows shell links (shortcuts)

InitializedDataSize
4608

ImageVersion
0.0

FileVersionNumber
1.10.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

MIMEType
application/octet-stream

FileVersion
1.1

TimeStamp
2013:12:10 06:55:21+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:12:12 16:16:23+01:00

FileDescription
Creates, modifies or queries Windows shell links (shortcuts)

OSVersion
5.0

FileCreateDate
2013:12:12 16:16:23+01:00

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Optimum X

CodeSize
53760

FileSubtype
0

ProductVersionNumber
1.10.0.0

EntryPoint
0x1840

ObjectFileType
Executable application

File identification
MD5 fa26fd320bf4ca5eaa39edce874bc006
SHA1 942ed66d8b5f7e79a37f7bf3131790d95b55bba0
SHA256 d23456ffeaad7183176e71870957a222d20025a35e8e1070bd81bc7491ab625b
ssdeep
384:Jin1CydHbwKCQ9jvEEh4kz6H3e9ZfUfPfEUNdyR3SC:Ji1CyuKCdE96u9mAlS

imphash a9c652b9ab700ea39b1f4855bccd5e74
File size 58.0 KB ( 59392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-10 14:37:03 UTC ( 1 year, 2 months ago )
Last submission 2013-12-11 07:12:50 UTC ( 1 year, 2 months ago )
File names install_flashplayer.php
install_flashplayer.exe
install_flashplayer11x32_mssd_aaa_aih.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
HTTP requests
TCP connections