× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dee15dc3a5c75b3afa83a1601e6a561da364e70ab6fbe80223d8a865290ded92
File name: f1dc37fd0a5def96ecb918403d31195fcec74d87
Detection ratio: 52 / 56
Analysis date: 2017-01-20 04:38:47 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BPNF 20170120
AegisLab Packer.W32.Krap.ar!c 20170120
AhnLab-V3 Spyware/Win32.Zbot.R23598 20170119
ALYac Trojan.Agent.BPNF 20170120
Antiy-AVL Trojan[Packed]/Win32.Krap 20170120
Arcabit Trojan.Agent.BPNF 20170120
Avast Win32:MalOb-FE [Cryp] 20170120
AVG Win32/Heri 20170119
Avira (no cloud) TR/Taranis.1478 20170120
AVware Trojan.Win32.Generic!BT 20170120
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170119
BitDefender Trojan.Agent.BPNF 20170120
CAT-QuickHeal Trojan.Quolko.A 20170119
ClamAV Win.Trojan.Ramnit-1875 20170120
Comodo TrojWare.Win32.Kryptik.IQC 20170119
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/SuspPack.DC.gen!Eldorado 20170120
DrWeb Trojan.Rmnet.1 20170120
Emsisoft Trojan.Agent.BPNF (B) 20170120
ESET-NOD32 Win32/Ramnit.A 20170120
F-Prot W32/SuspPack.DC.gen!Eldorado 20170120
F-Secure Trojan.Agent.BPNF 20170120
Fortinet W32/KRYPTIK.FH!tr 20170120
GData Trojan.Agent.BPNF 20170120
Ikarus Virus.Win32.Ramnit 20170119
Sophos ML trojan.win32.ramnit.a 20170111
Jiangmin Packed.Krap.dtia 20170120
K7AntiVirus Backdoor ( 001869961 ) 20170119
K7GW Trojan ( 001869961 ) 20170120
Kaspersky Packed.Win32.Krap.ar 20170120
Malwarebytes Spyware.PasswordStealer.XGen 20170120
McAfee PWS-Zbot.gen.di 20170120
McAfee-GW-Edition BehavesLike.Win32.Dropper.kc 20170120
Microsoft Trojan:Win32/Ramnit!rfn 20170119
eScan Trojan.Agent.BPNF 20170120
NANO-Antivirus Trojan.Win32.Rmnet.vwhjl 20170120
Panda Trj/Pck_Pretorx.A 20170119
Qihoo-360 Win32/Trojan.590 20170120
Rising Trojan.Generic-wIdZOmCwjVK (cloud) 20170120
Sophos AV Mal/Ramnit-ZZ 20170120
SUPERAntiSpyware Trojan.Agent/Gen-Kazy 20170120
Symantec ML.Relationship.HighConfidence [Hacktool.Rootkit] 20170119
Tencent Win32.Virus.Agent.cfby 20170120
TheHacker Trojan/Krap.ar 20170117
TotalDefense Win32/Ramnit.A!Dropper 20170119
TrendMicro TROJ_DROPPR.SMAL 20170120
TrendMicro-HouseCall TROJ_DROPPR.SMAL 20170120
VBA32 Malware-Cryptor.Win32.General.4 20170119
VIPRE Trojan.Win32.Generic!BT 20170120
ViRobot Worm.Win32.A.Net-Koobface.97792.E[h] 20170120
Yandex Trojan.Ramnit!S5/QCgUTXJg 20170119
Zillya Trojan.Katusha.Win32.29598 20170117
Alibaba 20170120
CMC 20170119
Kingsoft 20170120
nProtect 20170120
Trustlook 20170120
WhiteArmor 20170119
Zoner 20170120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2009 Macromedia, Inc.

Product Shockwave Flash
Original name SAFlashPlayer.exe
Internal name Macromedia Flash Player 7.0
File version 7,0,0,0
Description Macromedia Flash Player 7.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-04-24 10:18:11
Entry Point 0x00001242
Number of sections 4
PE sections
Overlays
MD5 e6494d2b81b2f8862521bd15681329ad
File type data
Offset 66048
Size 367
Entropy 7.28
PE imports
SetTextColor
CreateRectRgn
GetClipRgn
CreatePen
GetStockObject
OffsetClipRgn
IntersectClipRect
SelectObject
SetBkColor
GetNearestColor
GetUserDefaultUILanguage
GetSystemTime
GetEnvironmentVariableA
HeapFree
GetStdHandle
LCMapStringW
ReleaseMutex
SetHandleCount
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
GetFileTime
FindVolumeClose
GetDriveTypeA
LCMapStringA
HeapDestroy
ExitProcess
SetThreadPriorityBoost
FlushFileBuffers
LoadLibraryA
GetVersionExA
GetModuleFileNameA
GetLocalTime
GetCurrentProcess
GetVolumeInformationA
FileTimeToLocalFileTime
GetConsoleMode
GetLocaleInfoA
IsValidCodePage
GetShortPathNameA
GetUserDefaultLCID
GetConsoleScreenBufferInfo
GetProcessHeap
SetStdHandle
CreateMutexA
CompareStringW
CompareStringA
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
GetModuleHandleA
FindFirstFileA
GetConsoleInputWaitHandle
InterlockedExchange
GetStartupInfoA
WaitForSingleObject
lstrcpynA
FindNextFileA
IsValidLocale
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
EnumSystemLocalesA
GetTimeZoneInformation
GetModuleHandleExW
InitializeCriticalSection
SetConsoleMode
VirtualFree
FindClose
Sleep
GetFileType
SetVolumeLabelA
SetConsoleCtrlHandler
CreateFileA
HeapAlloc
LocalUnlock
GetLocaleInfoW
VirtualAlloc
HeapCreate
LeaveCriticalSection
OleUninitialize
CoCreateInstance
OleInitialize
ShellExecuteExA
SHGetSpecialFolderPathW
ExtractIconExA
wnsprintfW
AssocQueryStringW
wvnsprintfA
UrlGetPartA
wnsprintfA
CreateURLMoniker
CharPrevA
RegisterClassA
GetParent
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
SetClassLongA
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
GetWindowRect
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
DrawTextA
IsWindowVisible
GetClientRect
GetDlgItem
CreateDialogParamA
ScreenToClient
SetRect
LoadCursorA
LoadIconA
FillRect
CharNextA
GetDesktopWindow
EndPaint
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
RHAETO ROMANCE DEFAULT 1
PE resources
ExifTool file metadata
CodeSize
8192

FileDescription
Macromedia Flash Player 7.0

InitializedDataSize
114688

ImageVersion
5.1

ProductName
Shockwave Flash

FileVersionNumber
7.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.4

FileTypeExtension
exe

OriginalFileName
SAFlashPlayer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7,0,0,0

TimeStamp
1999:04:24 11:18:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Macromedia Flash Player 7.0

SubsystemVersion
4.0

ProductVersion
7,0,0,0

UninitializedDataSize
1024

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 1996-2009 Macromedia, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Macromedia, Inc.

LegalTrademarks
Macromedia Flash Player

FileSubtype
0

ProductVersionNumber
7.0.0.0

EntryPoint
0x1242

ObjectFileType
Dynamic link library

File identification
MD5 96b6331235ef637241dfb1176d0a1f93
SHA1 f1dc37fd0a5def96ecb918403d31195fcec74d87
SHA256 dee15dc3a5c75b3afa83a1601e6a561da364e70ab6fbe80223d8a865290ded92
ssdeep
1536:FxGxA43zk0FXotMlexqMEIgoKToh8EEtv/+n+kzUza618Wop:T43R9oiljIgoKT0REp2+kQu61H6

authentihash d3549b71d1d581c299fffcb77b21d02c66f1c8110a1c9023b3ae6bd2f01b43c5
imphash 6f84c97d71ba32ae483b6836ee43acc2
File size 64.9 KB ( 66415 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe usb-autorun overlay

VirusTotal metadata
First submission 2010-12-02 19:23:57 UTC ( 8 years, 4 months ago )
Last submission 2016-06-30 13:04:36 UTC ( 2 years, 9 months ago )
File names 96b6331235ef637241dfb1176d0a1f93
Macromedia Flash Player 7.0
aa
SAFlashPlayer.exe
0wvtVsNJ.vbs
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications