× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ddf576fbf1e0b54e1e643cac27746835bb90c4b5e50440d7cfc97e49847104c3
File name: Flashbulb.exe
Detection ratio: 1 / 55
Analysis date: 2014-12-07 23:29:07 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Qihoo-360 Malware.QVM01.Gen 20141208
Ad-Aware 20141207
AegisLab 20141207
Yandex 20141205
AhnLab-V3 20141207
ALYac 20141207
Antiy-AVL 20141207
Avast 20141207
AVG 20141207
Avira (no cloud) 20141207
AVware 20141207
Baidu-International 20141207
BitDefender 20141207
Bkav 20141206
ByteHero 20141208
CAT-QuickHeal 20141206
ClamAV 20141207
CMC 20141206
Comodo 20141207
Cyren 20141207
DrWeb 20141207
ESET-NOD32 20141207
F-Prot 20141207
F-Secure 20141209
Fortinet 20141207
GData 20141207
Ikarus 20141207
Jiangmin 20141207
K7AntiVirus 20141205
K7GW 20141205
Kaspersky 20141207
Kingsoft 20141208
Malwarebytes 20141207
McAfee 20141207
McAfee-GW-Edition 20141208
Microsoft 20141207
eScan 20141207
NANO-Antivirus 20141207
Norman 20141207
nProtect 20141205
Panda 20141207
Rising 20141207
Sophos AV 20141207
SUPERAntiSpyware 20141207
Symantec 20141208
Tencent 20141209
TheHacker 20141205
TotalDefense 20141207
TrendMicro 20141207
TrendMicro-HouseCall 20141207
VBA32 20141205
VIPRE 20141207
ViRobot 20141207
Zillya 20141206
Zoner 20141204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Xeloh Software. All Rights Reserved.

Publisher Xeloh Software
Product Flashbulb
Original name Flashbulb.exe
Internal name Flashbulb
File version 0.40
Description SWF File Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-07 22:09:09
Entry Point 0x000012A0
Number of sections 9
PE sections
PE imports
InitCommonControlsEx
GetOpenFileNameA
GetSaveFileNameA
SetDIBitsToDevice
CreateFontA
DeleteObject
CreateSolidBrush
GetLastError
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
ExitProcess
TlsAlloc
VirtualProtect
DeleteCriticalSection
GetAtomNameA
AddAtomA
LockResource
TlsGetValue
MultiByteToWideChar
GetCommandLineA
GetProcAddress
LeaveCriticalSection
CreateMutexA
IsDBCSLeadByteEx
CreateSemaphoreA
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
ReleaseSemaphore
InitializeCriticalSection
LoadResource
VirtualQuery
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetTickCount
GetCurrentThreadId
FindResourceA
SetLastError
InterlockedIncrement
ShellExecuteA
PathFindFileNameA
MapWindowPoints
GetMessageA
GetParent
UpdateWindow
SetFocus
KillTimer
PostQuitMessage
DefWindowProcA
SetWindowTextA
GetSystemMetrics
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
MessageBoxA
GetWindowDC
TranslateMessage
SetTimer
RegisterClassExA
CreatePopupMenu
ShowWindow
SendMessageA
GetClientRect
CreateWindowExA
EnableMenuItem
InvalidateRect
GetWindowTextLengthA
CreateMenu
LoadCursorA
LoadIconA
GetDesktopWindow
CreateWindowExW
GetWindowTextA
DirectSoundCreate8
__p__fmode
wcsftime
getc
__p__environ
_ui64toa
fclose
strtoul
fflush
strtol
fputc
strtod
fwrite
fputs
pow
localtime
iswctype
wcscoll
_write
strcoll
memcpy
memmove
signal
remove
strcmp
memchr
fgetc
_stricmp
atexit
putwc
strchr
fgetpos
fsetpos
ftell
exit
sprintf
free
_fstati64
__getmainargs
ungetwc
_stat
_lseeki64
cos
_read
wcsxfrm
__mb_cur_max
strftime
_iob
rand
setlocale
realloc
strxfrm
fopen
strncpy
_cexit
_itoa
log
_onexit
wcslen
putc
memcmp
srand
_fdopen
_pctype
getenv
atoi
vfprintf
atof
localeconv
strerror
ungetc
_setmode
malloc
sscanf
fread
abort
fprintf
_i64toa
getwc
towupper
strlen
_isctype
_errno
fseek
_strdup
towlower
sin
tolower
calloc
floor
_filelengthi64
setvbuf
__set_app_type
Number of PE resources by type
RT_ICON 12
RT_GROUP_ICON 12
RT_RCDATA 5
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 31
PE resources
ExifTool file metadata
UninitializedDataSize
53760

InitializedDataSize
2066432

ImageVersion
1.0

ProductName
Flashbulb

FileVersionNumber
0.40.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
SWF File Editor

CharacterSet
Windows, Latin1

LinkerVersion
2.22

OriginalFilename
Flashbulb.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.4

TimeStamp
2014:12:07 23:09:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Flashbulb

FileAccessDate
2014:12:15 00:29:50+01:00

ProductVersion
0.4

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:12:15 00:29:50+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Xeloh Software. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Xeloh Software

CodeSize
1149952

FileSubtype
0

ProductVersionNumber
0.40.0.0

EntryPoint
0x12a0

ObjectFileType
Executable application

File identification
MD5 fe7d3af1fad1f7551a12c608bd38ecbc
SHA1 b10bfa1c2ea61421d0289a933c0c108a37860e4d
SHA256 ddf576fbf1e0b54e1e643cac27746835bb90c4b5e50440d7cfc97e49847104c3
ssdeep
49152:4jCR4lHOZ09Y0wH6D/CVT4313ERj0u+ETXQe:4s4lHOGS6H31oj0

authentihash 3d27a0163d1073dccd40390b60db6f9420445e0f9d661d156aa06a5c6f63c05c
imphash 27c26b7b28360aa1dcfd0c4bb023a6c5
File size 2.0 MB ( 2067456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-07 23:29:07 UTC ( 4 years, 3 months ago )
Last submission 2014-12-07 23:33:53 UTC ( 4 years, 3 months ago )
File names Flashbulb.exe
file-7775716_exe
Flashbulb
ddf576fbf1e0b54e1e643cac27746835bb90c4b5e50440d7cfc97e49847104c3.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs