× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d23456ffeaad7183176e71870957a222d20025a35e8e1070bd81bc7491ab625b
File name: install_flashplayer.exe
Detection ratio: 44 / 56
Analysis date: 2015-10-27 02:37:03 UTC ( 11 months, 1 week ago )
Antivirus Result Update
ALYac Gen:Variant.Kazy.308143 20151027
AVG Generic35.APYO 20151026
AVware Trojan.Win32.ZAccess.a!ag (v) 20151027
Ad-Aware Gen:Variant.Kazy.308143 20151027
Yandex Trojan.Yakes!X7Ja+2hyKDk 20151026
AhnLab-V3 Trojan/Win32.Yakes 20151027
Antiy-AVL Trojan/Win32.Yakes 20151027
Arcabit Trojan.Kazy.D4B3AF 20151027
Avast Win32:Kryptik-NTE [Trj] 20151027
Avira (no cloud) TR/Dldr.Tofsee.D.106 20151027
Baidu-International Adware.Win32.Agent.Elnx 20151026
BitDefender Gen:Variant.Kazy.308143 20151027
CAT-QuickHeal TrojanDownloader.Tofsee.r4 20151027
Comodo TrojWare.Win32.Yakes.~O 20151027
Cyren W32/Trojan.LKLL-2175 20151027
DrWeb Trojan.DownLoad3.21597 20151027
ESET-NOD32 a variant of Win32/Kryptik.BRAH 20151027
Emsisoft Gen:Variant.Kazy.308143 (B) 20151027
F-Secure Gen:Variant.Kazy.308143 20151027
Fortinet W32/Zbot.FG!tr 20151026
GData Gen:Variant.Kazy.308143 20151027
Ikarus Trojan.Win32.Crypt 20151027
Jiangmin Trojan/Yakes.ugn 20151026
K7AntiVirus Trojan ( 0049122d1 ) 20151026
K7GW Trojan ( 0049122d1 ) 20151027
Kaspersky HEUR:Trojan.Win32.Generic 20151027
Malwarebytes Trojan.Downloader 20151026
McAfee Downloader-FTZ!FA26FD320BF4 20151027
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.qz 20151027
eScan Gen:Variant.Kazy.308143 20151027
Microsoft TrojanDownloader:Win32/Tofsee.D 20151027
NANO-Antivirus Trojan.Win32.Yakes.cwltjg 20151027
Panda Generic Malware 20151026
Qihoo-360 Win32/Trojan.249 20151027
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos Mal/Generic-S 20151027
Symantec Trojan.Gen 20151026
Tencent Win32.Trojan.Generic.Ectq 20151027
TrendMicro TROJ_SPNV.01LB13 20151027
TrendMicro-HouseCall TROJ_SPNV.01LB13 20151027
VBA32 Trojan.Yakes 20151026
VIPRE Trojan.Win32.ZAccess.a!ag (v) 20151027
Zillya Trojan.Kryptik.Win32.543756 20151026
nProtect Trojan/W32.Yakes.59392.S 20151026
AegisLab 20151026
Alibaba 20151027
Bkav 20151026
ByteHero 20151027
CMC 20151026
ClamAV 20151027
F-Prot 20151027
SUPERAntiSpyware 20151027
TheHacker 20151026
TotalDefense 20151026
ViRobot 20151026
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-10 05:55:21
Entry Point 0x00001840
Number of sections 4
PE sections
PE imports
RegOpenKeyA
CreateFontIndirectW
CreatePen
CombineRgn
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
GetObjectW
BitBlt
SetTextColor
GetCurrentObject
FillRgn
MoveToEx
GetStockObject
CreateCompatibleDC
CreateRectRgn
SelectObject
GetCharWidth32W
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SetRectRgn
VirtualAlloc
GetProcAddress
LoadLibraryW
LocalAlloc
ReadFile
SetFocus
SetForegroundWindow
GetMonitorInfoW
GetForegroundWindow
EnableWindow
DrawEdge
MonitorFromPoint
GetPropW
PostQuitMessage
OffsetRect
EndDialog
FindWindowW
CheckRadioButton
KillTimer
BeginPaint
GetMessageW
ShowWindow
CreateDialogIndirectParamW
SetPropW
GetSystemMetrics
SetScrollPos
IsWindow
SendMessageW
MonitorFromRect
GetWindowRect
DestroyIcon
EndPaint
ScrollWindowEx
MoveWindow
DialogBoxParamW
MapWindowPoints
DefWindowProcW
CallWindowProcW
RegisterDeviceNotificationW
SetWindowPos
TranslateMessage
IsWindowEnabled
GetWindow
PostMessageW
GetSysColor
SetWindowsHookW
SetScrollInfo
CreateWindowExW
GetCursorPos
MapDialogRect
GetDlgCtrlID
CheckMenuItem
GetMenu
RegisterClassW
wsprintfW
WinHelpW
LoadStringW
SetWindowTextW
SetWindowLongW
GetDlgItem
RemovePropW
MessageBoxW
IsIconic
InvalidateRect
LoadImageW
LoadIconA
IsDialogMessageW
FillRect
UnhookWindowsHook
IsDlgButtonChecked
SubtractRect
GetWindowTextW
EnableMenuItem
GetDesktopWindow
UnregisterDeviceNotification
LoadCursorW
LoadIconW
GetFocus
DispatchMessageW
LoadAcceleratorsW
GetWindowLongW
GetUpdateRect
GetClientRect
DestroyWindow
DefDlgProcW
TranslateAcceleratorW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ARABIC SAUDI ARABIA 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Creates, modifies or queries Windows shell links (shortcuts)

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.10.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0x1840

MIMEType
application/octet-stream

FileVersion
1.1

TimeStamp
2013:12:10 06:55:21+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Creates, modifies or queries Windows shell links (shortcuts)

OSVersion
5.0

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Optimum X

CodeSize
53760

FileSubtype
0

ProductVersionNumber
1.10.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fa26fd320bf4ca5eaa39edce874bc006
SHA1 942ed66d8b5f7e79a37f7bf3131790d95b55bba0
SHA256 d23456ffeaad7183176e71870957a222d20025a35e8e1070bd81bc7491ab625b
ssdeep
384:Jin1CydHbwKCQ9jvEEh4kz6H3e9ZfUfPfEUNdyR3SC:Ji1CyuKCdE96u9mAlS

authentihash e11ba214a5d5598d5c35673a605c838fe3d2047a547feb92828d6a6e80e1b84b
imphash a9c652b9ab700ea39b1f4855bccd5e74
File size 58.0 KB ( 59392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-10 14:37:03 UTC ( 2 years, 9 months ago )
Last submission 2013-12-11 07:12:50 UTC ( 2 years, 9 months ago )
File names install_flashplayer.php
install_flashplayer.exe
install_flashplayer11x32_mssd_aaa_aih.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
HTTP requests
TCP connections