× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: efc98043b5e2d3f36e4cfce1074e66dfc7859345195ad3cbf51605df6c7b1e53
File name: wintoflash-setup.exe
Detection ratio: 25 / 57
Analysis date: 2015-02-21 13:46:39 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Application.Bundler.Somoto.I 20150221
Yandex PUA.Somoto! 20150220
AhnLab-V3 PUP/Win32.Somoto 20150221
Avast Win32:Somoto-F [PUP] 20150221
Avira (no cloud) APPL/Somoto.Gen2 20150221
AVware BetterInstaller (fs) 20150221
BitDefender Application.Bundler.Somoto.I 20150221
Cyren W32/SomotoBetterInstaller.A!Eldorado 20150221
DrWeb Adware.Downware.1184 20150221
ESET-NOD32 Win32/Somoto.A potentially unwanted 20150221
F-Prot W32/SomotoBetterInstaller.A!Eldorado 20150221
F-Secure Application.Bundler.Somoto 20150221
GData Application.Bundler.Somoto.I 20150221
K7AntiVirus Trojan ( 0044a8481 ) 20150221
K7GW Trojan ( 0044a8481 ) 20150221
Kaspersky not-a-virus:Downloader.NSIS.Agent.fp 20150221
Malwarebytes PUP.Optional.Somoto 20150221
eScan Application.Bundler.Somoto.I 20150221
NANO-Antivirus Trojan.Win32.Agent.cruvhh 20150221
Qihoo-360 Win32/Application.5d6 20150221
Rising PE:Trojan.Win32.Generic.14AD62D1!346907345 20150220
TrendMicro TROJ_SPNR.03I213 20150221
TrendMicro-HouseCall TROJ_SPNR.03I213 20150221
VBA32 Downloader.Agent 20150220
VIPRE BetterInstaller (fs) 20150221
AegisLab 20150221
Alibaba 20150219
ALYac 20150221
Antiy-AVL 20150221
AVG 20150221
Baidu-International 20150221
Bkav 20150213
ByteHero 20150221
CAT-QuickHeal 20150221
ClamAV 20150221
CMC 20150214
Comodo 20150221
Emsisoft 20150221
Fortinet 20150221
Ikarus 20150221
Jiangmin 20150219
Kingsoft 20150221
McAfee 20150221
McAfee-GW-Edition 20150221
Microsoft 20150221
Norman 20150221
nProtect 20150218
Panda 20150221
Sophos AV 20150221
SUPERAntiSpyware 20150221
Symantec 20150221
Tencent 20150221
TheHacker 20150219
TotalDefense 20150221
ViRobot 20150221
Zillya 20150220
Zoner 20150220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 2.1.0.0
Description Powered by BetterInstaller
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:46
Entry Point 0x0000323C
Number of sections 5
PE sections
Overlays
MD5 ad154dfe9297591bb7eb7b55f493a494
File type data
Offset 48128
Size 97533
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 3
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
119808

ImageVersion
6.0

FileVersionNumber
2.1.0.0

UninitializedDataSize
1024

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
2.1.0.0

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Powered by BetterInstaller

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
23552

FileSubtype
0

ProductVersionNumber
2.1.0.0

EntryPoint
0x323c

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 f99bc70d827014c9cc08c6971b504093
SHA1 3796cc6cf4bc865f95ed543de5a9839a1d9f6ba8
SHA256 efc98043b5e2d3f36e4cfce1074e66dfc7859345195ad3cbf51605df6c7b1e53
ssdeep
3072:cQIURTXJGgu2YWUY5qG+kjZBH9ryo9MPbGO9:csju/vU+aZrry1PbZ9

authentihash 47dd3419338a4fc0ff5a07f33a47f0096c366d97f6155872730c775f9ad40344
imphash 099c0646ea7282d232219f8807883be0
File size 142.2 KB ( 145661 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2013-05-16 09:38:00 UTC ( 4 years, 8 months ago )
Last submission 2017-03-12 03:59:31 UTC ( 10 months, 2 weeks ago )
File names wintoflash-setup.exe
wintoflash-setup.exe
wintoflash-setup.exe
Не подтвержден 174189.crdownload
wintoflash-setup-0.8.exe
wintoflash-setup.txt
wintoflash-setup.exe
wintoflash-3906-jetelecharge.exe
%ED%94%8C%EB%9E%98%EC%8B%9C%EB%A9%94%EB%AA%A8%EB%A6%AC_%EB%B6%80%ED%8C%85_-_win_to_flash-setup.exe
output.11164287.txt
F99BC70D827014C9CC08C6971B504093.vir
Copy of wintoflash.exe
wintoflash-setup[1].exe
setup.exe
11164287
00000391.bin
VirusShare_f99bc70d827014c9cc08c6971b504093
irmkvhq1.exe.part
Не подтвержден 548592.crdownload
wintoflash-3906-jetelecharge.exe
win-to-flash.exe
win-to-flash.exe
ce3f815b578a8486e1e80c842a98c7fb5e480fa8
wintoflash-setup (1).exe
wintoflash-setup(2).exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!