× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5ef4c6947fd5a594e8f3ce385f7011dfc19220f5db813d437c19adf67f997e4
Detection ratio: 0 / 68
Analysis date: 2018-01-10 06:22:03 UTC ( 1 week, 3 days ago ) View latest
Antivirus Result Update
Ad-Aware 20180110
AegisLab 20180110
AhnLab-V3 20180110
Alibaba 20180110
ALYac 20180110
Antiy-AVL 20180110
Arcabit 20180110
Avast 20180110
Avast-Mobile 20180109
AVG 20180110
Avira (no cloud) 20180109
AVware 20180103
Baidu 20180110
BitDefender 20180110
Bkav 20180106
CAT-QuickHeal 20180109
ClamAV 20180109
CMC 20180109
Comodo 20180110
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180110
Cyren 20180110
DrWeb 20180110
eGambit 20180110
Emsisoft 20180110
Endgame 20171130
ESET-NOD32 20180110
F-Prot 20180110
F-Secure 20180110
Fortinet 20180110
GData 20180110
Ikarus 20180109
Sophos ML 20170914
Jiangmin 20180110
K7AntiVirus 20180110
K7GW 20180110
Kaspersky 20180110
Kingsoft 20180110
Malwarebytes 20180110
MAX 20180110
McAfee 20180110
McAfee-GW-Edition 20180110
Microsoft 20180110
eScan 20180110
NANO-Antivirus 20180110
nProtect 20180110
Palo Alto Networks (Known Signatures) 20180110
Panda 20180109
Qihoo-360 20180110
Rising 20180106
SentinelOne (Static ML) 20171224
Sophos AV 20180110
SUPERAntiSpyware 20180110
Symantec 20180110
Symantec Mobile Insight 20180109
Tencent 20180110
TheHacker 20180108
TotalDefense 20180109
TrendMicro 20180110
TrendMicro-HouseCall 20180110
Trustlook 20180110
VBA32 20180109
VIPRE 20180110
ViRobot 20180110
Webroot 20180110
WhiteArmor 20171226
Yandex 20180109
Zillya 20180108
ZoneAlarm by Check Point 20180110
Zoner 20180110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1996-2017 Adobe Systems Incorporated

Product Adobe® Flash® Player Installer/Uninstaller
Original name FlashUtil.exe
Internal name Adobe® Flash® Player Installer/Uninstaller 28.0
File version 28,0,0,129
Description Adobe® Flash® Player Installer/Uninstaller 28.0 d0
Signature verification Signed file, verified signature
Signing date 4:12 AM 12/5/2017
Signers
[+] Adobe Systems Incorporated
Status Valid
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 1:00 AM 3/15/2017
Valid to 1:00 PM 3/20/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 2E419CCC647F94FE0DFC5460D0740B93D3572E54
Serial number 06 F0 47 88 03 10 55 D3 1D EF FE FC D0 26 D6 C5
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 4/18/2012
Valid to 1:00 PM 4/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 1:00 AM 1/2/2017
Valid to 12:59 AM 4/2/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 1/12/2016
Valid to 12:59 AM 1/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 4/2/2008
Valid to 12:59 AM 12/2/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-05 01:31:36
Entry Point 0x0002A4BE
Number of sections 5
PE sections
Overlays
MD5 d0699507ca138344efb15f4269484917
File type data
Offset 20873216
Size 7680
Entropy 7.26
PE imports
RegCreateKeyExW
OpenServiceW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
FreeSid
CryptGetHashParam
RegQueryValueExA
OpenSCManagerW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
QueryServiceStatusEx
RegSetValueExA
ControlService
AllocateAndInitializeSid
CryptHashData
RegOpenKeyExA
CloseServiceHandle
RegQueryValueExW
DeleteDC
SetBkMode
CreateFontA
CreateCompatibleBitmap
GetTextExtentExPointW
SelectObject
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
CreateSolidBrush
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
HeapAlloc
QueueUserAPC
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
OutputDebugStringW
FindClose
InterlockedDecrement
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetFileAttributesW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
GetSystemDirectoryA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
SetEndOfFile
SetWaitableTimer
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateWaitableTimerW
GetFileSizeEx
RemoveDirectoryW
FindNextFileW
FindFirstFileW
DuplicateHandle
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
Process32NextW
CreateProcessW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SysFreeString
VariantInit
VariantClear
SysAllocString
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
Ord(680)
CommandLineToArgvW
MapWindowPoints
GetForegroundWindow
GetParent
GetPropW
BeginPaint
DefWindowProcW
MoveWindow
GetMessageW
PostQuitMessage
ShowWindow
SetWindowPos
SetWindowLongW
MessageBoxW
GetWindowRect
RegisterClassExW
SetCapture
ReleaseCapture
SetPropW
TranslateMessage
GetWindow
PostMessageW
DispatchMessageW
GetKeyState
ReleaseDC
GetWindowLongW
LoadStringW
GetClientRect
DrawTextW
GetDC
ClientToScreen
SetRect
InvalidateRect
SetTimer
CallWindowProcW
FillRect
SetWindowTextW
LoadCursorW
CreateWindowExW
EndPaint
SetForegroundWindow
DestroyWindow
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
Number of PE resources by type
RT_STRING 112
RT_RCDATA 11
RT_ICON 7
LZMG 1
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 11
ENGLISH CAN 8
TURKISH DEFAULT 7
SWEDISH NEUTRAL 7
GERMAN 7
CHINESE TRADITIONAL 7
CZECH DEFAULT 7
JAPANESE DEFAULT 7
FRENCH 7
CHINESE SIMPLIFIED 7
PORTUGUESE BRAZILIAN 7
SPANISH MODERN 7
POLISH DEFAULT 7
DUTCH 7
RUSSIAN 7
KOREAN 7
ITALIAN 7
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Adobe Flash Player

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
28.0.0.129

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Adobe Flash Player Installer/Uninstaller 28.0 d0

CharacterSet
Unicode

InitializedDataSize
20631040

EntryPoint
0x2a4be

OriginalFileName
FlashUtil.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2017 Adobe Systems Incorporated

FileVersion
28,0,0,129

TimeStamp
2017:12:05 02:31:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Adobe Flash Player Installer/Uninstaller 28.0

ProductVersion
28,0,0,129

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
241152

ProductName
Adobe Flash Player Installer/Uninstaller

ProductVersionNumber
28.0.0.129

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 68e6a9c848b673c025b2556eb91dc087
SHA1 d834288bc40df4102344fe0e541d4cb022bdc8d7
SHA256 d5ef4c6947fd5a594e8f3ce385f7011dfc19220f5db813d437c19adf67f997e4
ssdeep
393216:li1VTSQMJ4yGX9+Z3Lb4bPWthdoisKBiKknbJ9jIiLPIw/bfyRh6Iy8yBLzUtm:gVTXMJs9+Z3LC+jdbZQIi1KRs/8wB

authentihash 3208025970441daac57fb64862bd35ee826c290158ed1a08f754e5bf6677e52a
imphash 9ef2637127763f24c280f481edbcf238
File size 19.9 MB ( 20880896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-12-06 16:04:34 UTC ( 1 month, 2 weeks ago )
Last submission 2017-12-31 07:44:58 UTC ( 2 weeks, 6 days ago )
File names install_flash_player.exe
install_flash_player.exe
install_flash_player.exe
install_flash_player.exe
FlashPlayerInstaller.exe
Uninstaller 28.0
FlashUtil.exe
install_flash_player.exe
flash player for windows.exe
install_flash_player.exe
install_flash_player.exe
install_flash_player.exe
install_flash_player.exe
install_flash_player.exe
install_flash_player.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications