× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e05906c9bb0e97be28eabeb096bd189c5e38fc30e1cdd9d3857db0f0c5ecb379
File name: flash.exe
Detection ratio: 26 / 54
Analysis date: 2014-10-11 12:21:58 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.109655 20141011
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141011
Avast Win32:Kryptik-OKA [Trj] 20141011
AVG Zbot.OTA 20141011
Avira (no cloud) TR/Crypt.Xpack.97853 20141011
Baidu-International Trojan.Win32.Zbot.AtE 20141011
BitDefender Gen:Variant.Zusy.109655 20141011
Bkav HW32.Paked.C645 20141011
Emsisoft Gen:Variant.Zusy.109655 (B) 20141011
ESET-NOD32 a variant of Win32/Injector.BNCA 20141011
F-Secure Gen:Variant.Zusy.109655 20141011
Fortinet W32/Zbot.NNJTTPF!tr 20141011
GData Gen:Variant.Zusy.109655 20141011
Ikarus Trojan.Win32.Inject 20141011
Kaspersky Trojan-Spy.Win32.Zbot.uidh 20141011
Malwarebytes Trojan.Agent.ED 20141011
McAfee RDN/Generic PWS.y!bbj 20141011
McAfee-GW-Edition BehavesLike.Win32.PWSQQPass.dh 20141011
eScan Gen:Variant.Zusy.109655 20141011
NANO-Antivirus Trojan.Win32.Zbot.dghoha 20141011
Norman Injector.HIRO 20141011
Panda Trj/CI.A 20141010
Sophos AV Mal/Generic-S 20141011
SUPERAntiSpyware Trojan.Agent/Gen-Zusy 20141011
Tencent Win32.Trojan-spy.Zbot.Pcsm 20141011
TrendMicro-HouseCall TROJ_GEN.R092H07J614 20141011
Yandex 20141010
AhnLab-V3 20141011
AVware 20141011
ByteHero 20141011
CAT-QuickHeal 20141011
ClamAV 20141011
CMC 20141009
Comodo 20141011
Cyren 20141011
DrWeb 20141011
F-Prot 20141009
Jiangmin 20141010
K7AntiVirus 20141010
K7GW 20141011
Kingsoft 20141011
Microsoft 20141011
nProtect 20141010
Qihoo-360 20141011
Rising 20141011
Symantec 20141011
TheHacker 20141010
TotalDefense 20141011
TrendMicro 20141011
VBA32 20141010
VIPRE 20141011
ViRobot 20141011
Zillya 20141011
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1989-09-21 05:40:44
Entry Point 0x001CDC23
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetProcAddress
HeapSize
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
OutputDebugStringA
LeaveCriticalSection
SetLastError
InterlockedIncrement
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1989:09:21 06:40:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16807424

LinkerVersion
10.0

FileAccessDate
2014:10:11 17:03:10+01:00

EntryPoint
0x1cdc23

InitializedDataSize
239104

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
0.257

FileCreateDate
2014:10:11 17:03:10+01:00

UninitializedDataSize
0

File identification
MD5 49404f560fac0165eb793a3101d75f83
SHA1 4021e7075afb25f22d3f3abe36553faeb6e686ea
SHA256 e05906c9bb0e97be28eabeb096bd189c5e38fc30e1cdd9d3857db0f0c5ecb379
ssdeep
6144:xh9P2tlCyveo0sWT0Q4cWPoKOELZPXf3Iv+4mtNQ45uJI/6Diy:xfetl3tbdIU3m+4mtNQ4q9

authentihash c20e069689f38e4f75b72ff93c8a2de3b56e7d4e3a456eda467bd2088d8a1512
imphash 759b3c70e49933144be33f6ac33937c7
File size 264.5 KB ( 270848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-04 12:20:37 UTC ( 4 years, 5 months ago )
Last submission 2014-10-04 12:21:49 UTC ( 4 years, 5 months ago )
File names 2430663
flash.exe
e05906c9bb0e97be28eabeb096bd189c5e38fc30e1cdd9d3857db0f0c5ecb379.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.