× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d570a653afb1ae63a9b8ced8bc055ea71f1b231502e93606098b84458c15205f
File name: Adobe Flash Player 11.6
Detection ratio: 0 / 56
Analysis date: 2014-11-30 10:47:00 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware 20141130
AegisLab 20141130
Yandex 20141129
AhnLab-V3 20141130
ALYac 20141129
Antiy-AVL 20141130
Avast 20141130
AVG 20141130
Avira (no cloud) 20141130
AVware 20141121
Baidu-International 20141130
BitDefender 20141130
Bkav 20141127
ByteHero 20141130
CAT-QuickHeal 20141129
ClamAV 20141130
CMC 20141127
Comodo 20141130
Cyren 20141130
DrWeb 20141130
Emsisoft 20141130
ESET-NOD32 20141130
F-Prot 20141130
F-Secure 20141130
Fortinet 20141129
GData 20141130
Ikarus 20141130
Jiangmin 20141129
K7AntiVirus 20141128
K7GW 20141129
Kaspersky 20141130
Kingsoft 20141130
Malwarebytes 20141130
McAfee 20141130
McAfee-GW-Edition 20141130
Microsoft 20141130
eScan 20141130
NANO-Antivirus 20141130
Norman 20141130
nProtect 20141128
Panda 20141130
Qihoo-360 20141130
Rising 20141129
Sophos AV 20141130
SUPERAntiSpyware 20141129
Symantec 20141130
Tencent 20141130
TheHacker 20141130
TotalDefense 20141129
TrendMicro 20141130
TrendMicro-HouseCall 20141130
VBA32 20141128
VIPRE 20141130
ViRobot 20141128
Zillya 20141127
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Adobe® Flash® Player. Copyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.

Publisher Adobe Systems Incorporated
Product Shockwave Flash
Original name SAFlashPlayer.exe
Internal name Adobe Flash Player 11.6
File version 11,6,602,168
Description Adobe Flash Player 11.6 r602
Signature verification Signed file, verified signature
Signing date 9:49 PM 2/5/2013
Signers
[+] Adobe Systems Incorporated
Status Valid
Issuer None
Valid from 1:00 AM 9/24/2012
Valid to 12:59 AM 10/2/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint 0DA4BF5A428C444A209EC3720EB7A9EE28C3CF9B
Serial number 4D 4A A1 FD F2 6F 9F 33 53 D6 26 14 ED A6 62 37
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-05 20:49:41
Entry Point 0x00096E02
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
CopySid
RegQueryValueExA
LookupPrivilegeValueW
RegCreateKeyExA
GetSecurityInfo
RegDisablePredefinedCache
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
DuplicateToken
RegOpenKeyExW
CreateProcessAsUserW
SetTokenInformation
RegOpenKeyExA
ConvertSidToStringSidW
GetTokenInformation
DuplicateTokenEx
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorSacl
CreateRestrictedToken
GetLengthSid
ConvertStringSidToSidW
SetSecurityInfo
SetEntriesInAclW
RevertToSelf
RegSetValueExW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegSetValueExA
EqualSid
SetThreadToken
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
CertEnumCertificatesInStore
CertCreateCertificateContext
CertAddStoreToCollection
CertFreeCertificateContext
CertCompareCertificate
CertCloseStore
CertOpenStore
CryptGetMessageCertificates
CertAddCertificateContextToStore
CertFindCertificateInStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptVerifyMessageSignature
CertVerifyRevocation
CertGetCertificateChain
CertVerifySubjectCertificateContext
SetDIBits
PlayEnhMetaFileRecord
DeleteEnhMetaFile
CreateFontIndirectW
GetBkMode
CreateICW
AddFontResourceW
CombineRgn
GetClipBox
GetRgnBox
ModifyWorldTransform
GetObjectType
GetDeviceCaps
CreateDCA
DeleteDC
EndDoc
GetWorldTransform
SetWorldTransform
StartPage
GetObjectW
CreateDCW
GetCurrentObject
CreateEnhMetaFileW
SetEnhMetaFileBits
GetMiterLimit
GetEnhMetaFileHeader
PlayEnhMetaFile
EndPage
GetDIBits
GetEnhMetaFileBits
GetPolyFillMode
GetTextAlign
StartDocW
ExtEscape
CloseEnhMetaFile
CreateScalableFontResourceW
CreateRectRgn
SelectObject
SetPolyFillMode
AbortDoc
EnumEnhMetaFile
RemoveFontResourceW
GetTextColor
GetStretchBltMode
Escape
GetFontData
ResetDCW
DeleteObject
CreateCompatibleBitmap
ImmCreateContext
ImmGetOpenStatus
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
GetDriveTypeA
FindFirstFileW
CreateJobObjectW
DebugBreak
GetFileAttributesW
SetInformationJobObject
VerifyVersionInfoW
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
SetErrorMode
IsProcessInJob
FreeEnvironmentStringsW
GetThreadContext
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetThreadTimes
Thread32First
HeapReAlloc
GetStringTypeW
ResumeThread
GetExitCodeProcess
LocalFree
ConnectNamedPipe
InitializeCriticalSection
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
SignalObjectAndWait
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetSystemTime
OpenThread
GetEnvironmentVariableA
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
lstrcmpiW
VerSetConditionMask
HeapSetInformation
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
TerminateJobObject
GetVolumePathNamesForVolumeNameW
SetFilePointer
InterlockedExchangeAdd
CreateDirectoryExW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
CreateSemaphoreW
CreateMutexW
GetVolumeNameForVolumeMountPointW
ExitThread
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
GetProcAddress
HeapCreate
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
DeviceIoControl
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
AssignProcessToJobObject
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
InterlockedIncrement
ResetEvent
QueryInformationJobObject
Thread32Next
IsValidLocale
DuplicateHandle
GlobalLock
CreateEventW
SearchPathW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
CreateNamedPipeW
GlobalFree
GetConsoleCP
LCMapStringA
UnregisterWaitEx
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SwitchToThread
GetEnvironmentStrings
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
CreateIoCompletionPort
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
RegisterWaitForSingleObject
GetCommandLineA
InterlockedCompareExchange
CancelIo
SuspendThread
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
GetTempPathW
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
CompareStringA
WNetGetResourceInformationW
WNetGetUniversalNameW
WNetAddConnection2W
SysFreeString
GetProcessImageFileNameW
GetMappedFileNameW
SHGetFolderPathW
Ord(43)
SHCreateDirectoryExW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderPathA
CommandLineToArgvW
UrlIsW
PathIsURLW
PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathCreateFromUrlW
PathAppendW
PathFindExtensionW
UrlCanonicalizeW
PathCanonicalizeW
AssocQueryStringW
PathIsRelativeW
PathIsDirectoryW
PathFileExistsA
InitializeSecurityContextA
AcquireCredentialsHandleA
DeleteSecurityContext
ApplyControlToken
FreeContextBuffer
DecryptMessage
QueryContextAttributesA
QueryCredentialsAttributesA
EncryptMessage
FreeCredentialsHandle
SetFocus
GetForegroundWindow
RedrawWindow
PostQuitMessage
OpenInputDesktop
SetWindowPos
GetClipboardViewer
IsWindow
ClientToScreen
WindowFromPoint
GetClipboardSequenceNumber
CreateDesktopW
GetDC
GetAsyncKeyState
ReleaseDC
SendMessageW
UnregisterClassW
GetClientRect
GetCursorPos
AllowSetForegroundWindow
SetThreadDesktop
GetThreadDesktop
CallNextHookEx
IsClipboardFormatAvailable
GetTopWindow
EnumClipboardFormats
UserHandleGrantAccess
MsgWaitForMultipleObjects
GetActiveWindow
DestroyWindow
GetUserObjectInformationW
GetParent
UpdateWindow
GetPropW
EnumWindows
ShowWindow
CallMsgFilterW
SetPropW
ValidateRect
GetClipboardFormatNameA
PeekMessageW
EnableWindow
GetClipboardFormatNameW
SetClipboardViewer
TranslateMessage
IsWindowEnabled
GetWindow
GetQueueStatus
SetClipboardData
CloseWindow
GetPriorityClipboardFormat
SetTimer
EnumThreadWindows
WaitForInputIdle
CreateWindowExW
GetWindowLongW
GetUpdateRect
MapWindowPoints
RegisterWindowMessageW
GetOpenClipboardWindow
DefWindowProcW
KillTimer
GetClipboardOwner
GetClipboardData
SetWindowLongW
GetWindowRect
SetProcessWindowStation
GetProcessWindowStation
WaitMessage
RemovePropW
CreateWindowStationW
ScreenToClient
PostMessageW
CloseWindowStation
CountClipboardFormats
AttachThreadInput
SetActiveWindow
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
FindWindowExW
DispatchMessageW
SetForegroundWindow
OpenClipboard
EmptyClipboard
GetWindowThreadProcessId
MessageBoxW
RegisterClassExW
UnhookWindowsHookEx
RegisterClipboardFormatA
ChangeClipboardChain
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatW
GetKeyState
DestroyIcon
IsWindowVisible
SetCursorPos
MonitorFromWindow
InvalidateRect
CallWindowProcW
GetClassNameW
CloseDesktop
GetClassNameA
GetFocus
CloseClipboard
GetAncestor
SetCursor
HttpSendRequestA
InternetQueryDataAvailable
InternetSetOptionA
InternetWriteFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
InternetErrorDlg
InternetReadFile
HttpEndRequestA
HttpSendRequestExA
timeEndPeriod
timeGetTime
timeBeginPeriod
DeviceCapabilitiesW
EnumPrintersA
GetPrinterW
SetPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
CoUnmarshalInterface
CoInitializeEx
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
GetHGlobalFromStream
ReleaseStgMedium
StringFromCLSID
CoCreateInstance
CreateBindCtx
MkParseDisplayName
CoTaskMemFree
CoMarshalInterface
CoInternetParseUrl
Number of PE resources by type
RT_MENU 64
RT_STRING 48
RT_ICON 40
RT_DIALOG 33
RT_GROUP_ICON 6
RT_CURSOR 5
RT_GROUP_CURSOR 3
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 67
TURKISH DEFAULT 9
SWEDISH NEUTRAL 9
GERMAN 9
CHINESE TRADITIONAL 9
DUTCH 9
FRENCH 9
CHINESE SIMPLIFIED 9
PORTUGUESE BRAZILIAN 9
JAPANESE DEFAULT 9
SPANISH MODERN 9
POLISH DEFAULT 9
CZECH DEFAULT 9
RUSSIAN 9
KOREAN 9
ITALIAN 9
PE resources
ExifTool file metadata
CodeSize
815104

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.6.602.168

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Adobe Flash Player 11.6 r602

CharacterSet
Unicode

InitializedDataSize
1011712

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Adobe Flash Player. Copyright 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.

FileVersion
11,6,602,168

TimeStamp
2013:02:05 21:49:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Adobe Flash Player 11.6

FileAccessDate
2014:11:30 11:49:45+01:00

ProductVersion
11,6,602,168

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2014:11:30 11:49:45+01:00

OriginalFilename
SAFlashPlayer.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

Debugger
0

CompanyName
Adobe Systems, Inc.

LegalTrademarks
Adobe Flash Player

ProductName
Shockwave Flash

ProductVersionNumber
11.6.602.168

EntryPoint
0x96e02

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 eb0eb16e7dc48c3d645b1e136346999b
SHA1 bb8c19a2db4321ba669a5929ad68f0c950ec7baa
SHA256 d570a653afb1ae63a9b8ced8bc055ea71f1b231502e93606098b84458c15205f
ssdeep
49152:0RYYkJRFIVkhwvY6nN8kcdaACTAOThiOI9YE:0CYkkkgY0NIOIT

authentihash 587a6a1201aa13b1b642a1533e4099ea6f3cf758f5edc69391d89eb6a36d9c0b
imphash b5710a84cedb98265de5bcb9f9a635c3
File size 1.7 MB ( 1820016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-02-12 23:52:16 UTC ( 6 years, 2 months ago )
Last submission 2013-04-06 00:12:57 UTC ( 6 years ago )
File names FlashPlayerPlugin_11_6_602_168.exe
file-5171398_exe
SAFlashPlayer.exe
FlashPlayerPlugin_11_6_602_168.exe
FlashPlayerPlugin_11_6_602_168.exe
FlashPlayerPlugin_11_6_602_168.exe
FlashPlayerPlugin_11_6_602_168.exe
Adobe Flash Player 11.6
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications