× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7678de2efb4e303ad20d1585e55ccfcb3655cdd7bcadf2c6278fca56d976ebf
File name: YSucvYHs.exe
Detection ratio: 52 / 56
Analysis date: 2016-05-04 15:05:22 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Win32.Sality.3 20160504
AegisLab Troj.Spy.ZBot.ljd6 20160504
AhnLab-V3 Win32/Kashu.E 20160504
ALYac Win32.Sality.3 20160504
Antiy-AVL Virus/Win32.Sality.gen 20160504
Arcabit Win32.Sality.3 20160504
Avast Win32:SaliCode 20160504
AVG Win32/Sality 20160504
Avira (no cloud) W32/Sality.AT 20160504
AVware Virus.Win32.Sality.atbh (v) 20160504
Baidu Win32.Virus.Sality.gen 20160504
Baidu-International Virus.Win32.Sality.$Emu 20160504
BitDefender Win32.Sality.3 20160504
CAT-QuickHeal W32.Sality.U 20160504
ClamAV Win.Trojan.Agent-1362702 20160503
CMC Backdoor.Win32.IRCNite!O 20160504
Comodo TrojWare.Win32.Kryptik.IIG 20160504
Cyren W32/SuspPack.DC.gen!Eldorado 20160504
DrWeb Win32.Sector.30 20160504
Emsisoft Win32.Sality.3 (B) 20160503
ESET-NOD32 Win32/Sality.NBA 20160504
F-Prot W32/SuspPack.DC.gen!Eldorado 20160504
F-Secure Win32.Sality.3 20160504
Fortinet W32/Generic.AC.8806 20160504
GData Win32.Sality.3 20160504
Ikarus Trojan-Spy.Win32.Zbot 20160504
Jiangmin Win32/HLLP.Kuku.Gen 20160504
K7AntiVirus Virus ( f10001071 ) 20160504
K7GW Virus ( f10001071 ) 20160504
Kaspersky Backdoor.Win32.IRCNite.ccu 20160504
McAfee W32/Sality.gen.z 20160504
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160504
Microsoft Virus:Win32/Sality.AT 20160504
eScan Win32.Sality.3 20160504
NANO-Antivirus Virus.Win32.Sality.yusp 20160504
nProtect Win32.Sality.3 20160504
Panda Trj/Pck_Pretorx.A 20160504
Qihoo-360 Virus.Win32.Sality.I 20160504
Rising Virus.Sality!1.A09C 20160504
Sophos AV Mal/Sality-D 20160504
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160504
Symantec Packed.Protexor!gen1 20160504
Tencent Trojan.Win32.Spy.aab 20160504
TotalDefense Win32/Sality.AA 20160504
TrendMicro PE_SALITY.ER 20160504
TrendMicro-HouseCall PE_SALITY.ER 20160504
VBA32 Virus.Win32.Sality.bakb 20160504
VIPRE Virus.Win32.Sality.atbh (v) 20160504
ViRobot Win32.Sality.Gen.A[h] 20160504
Yandex Win32.Sality.FA.Gen 20160502
Zillya Virus.Sality.Win32.25 20160503
Zoner Win32.Ramnit.F 20160504
Alibaba 20160504
Kingsoft 20160504
Malwarebytes 20160504
TheHacker 20160503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2003 Macromedia, Inc.

Product Shockwave Flash
Original name SAFlashPlayer.exe
Internal name Macromedia Flash Player 7.0
File version 7,0,14,0
Description Macromedia Flash Player 7.0 r14
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-05-01 06:35:48
Entry Point 0x000010FC
Number of sections 4
PE sections
Overlays
MD5 23662e854ee742c8be3e546e59f338a3
File type data
Offset 139264
Size 461
Entropy 7.42
PE imports
GetDeviceCaps
DefineDosDeviceW
lstrlenA
GetFileAttributesA
GetOEMCP
SetConsoleTextAttribute
GlobalUnlock
lstrcpyW
IsDBCSLeadByte
GetSystemDirectoryA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
_llseek
GetLogicalDrives
GlobalLock
_lclose
lstrcmpiA
lstrcmpA
FindFirstFileA
lstrcpyA
_lopen
GetComputerNameExW
FindNextFileA
ExitThread
ExpandEnvironmentStringsA
SetFileAttributesA
LocalFree
GetModuleFileNameA
OutputDebugStringW
SetConsoleMenuClose
GlobalAlloc
SearchPathA
FindClose
GetProcAddress
GetSystemMetrics
LoadStringA
EndDialog
SetDlgItemTextA
GetDesktopWindow
MessageBeep
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 2
CZECH DEFAULT 1
PE resources
ExifTool file metadata
LegalTrademarks
Macromedia Flash Player

SubsystemVersion
4.0

LinkerVersion
8.1

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
70.0.120.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Macromedia Flash Player 7.0 r14

CharacterSet
Unicode

InitializedDataSize
49152

EntryPoint
0x10fc

OriginalFileName
SAFlashPlayer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2003 Macromedia, Inc.

FileVersion
7,0,14,0

TimeStamp
2001:05:01 07:35:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Macromedia Flash Player 7.0

ProductVersion
7,0,14,0

UninitializedDataSize
512

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Macromedia, Inc.

CodeSize
9216

ProductName
Shockwave Flash

ProductVersionNumber
70.0.120.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 b270c9b100f624029b1b4d1812e48532
SHA1 e643745212cfa815722e8dd7aea1779d9692c856
SHA256 d7678de2efb4e303ad20d1585e55ccfcb3655cdd7bcadf2c6278fca56d976ebf
ssdeep
3072:UkAwRzhjdRmSZiAsINOxOd+tnasUUfYt08dC89CTQ4:QwRh/7PsC+OdqassvIDTQ4

authentihash 7eb94b7eac0f3869098db8225ca3cbc3851be3ecf3a2e254a7435175f8a89ec4
imphash 432218bcea1b267878fde92cca0810c6
File size 136.5 KB ( 139725 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe usb-autorun overlay

VirusTotal metadata
First submission 2014-02-07 20:01:29 UTC ( 5 years, 3 months ago )
Last submission 2015-10-15 16:51:58 UTC ( 3 years, 7 months ago )
File names kenshi_x32mgr.exe
7zamgr.exe
ogMDMAPu.exe
Cmgr.exe
SAFlashPlayer.exe
Updatermgr.exe
MusicBeemgr.exe
Macromedia Flash Player 7.0
svchost.exe
djvmmgr.exe
qtejmpal.exe
firefoxmgr.exe
ymidgsjg.exe
AoTTGmgr.exe
YSucvYHs.exe
chromemgr.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Deleted keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications