× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eff2f7d2a2287d438c4209adf1e81d57e1d1bfb745feb05ba4a9d81a4cf0d4a6
File name: any-flv-player-2215.exe
Detection ratio: 1 / 67
Analysis date: 2018-10-17 19:55:02 UTC ( 7 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan/Win32.SGeneric 20181017
Ad-Aware 20181017
AegisLab 20181017
AhnLab-V3 20181017
Alibaba 20180921
ALYac 20181017
Arcabit 20181017
Avast 20181017
Avast-Mobile 20181017
AVG 20181017
Avira (no cloud) 20181017
Babable 20180918
Baidu 20181017
BitDefender 20181017
Bkav 20181017
CAT-QuickHeal 20181013
ClamAV 20181017
CMC 20181017
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181017
Cyren 20181017
DrWeb 20181017
eGambit 20181017
Emsisoft 20181017
Endgame 20180730
ESET-NOD32 20181017
F-Prot 20181017
F-Secure 20181017
Fortinet 20181017
GData 20181017
Ikarus 20181017
Sophos ML 20180717
Jiangmin 20181017
K7AntiVirus 20181017
K7GW 20181017
Kaspersky 20181017
Kingsoft 20181017
Malwarebytes 20181017
MAX 20181017
McAfee 20181017
McAfee-GW-Edition 20181017
Microsoft 20181017
eScan 20181017
NANO-Antivirus 20181017
Palo Alto Networks (Known Signatures) 20181017
Panda 20181017
Qihoo-360 20181017
Rising 20181017
SentinelOne (Static ML) 20181011
Sophos AV 20181017
SUPERAntiSpyware 20181015
Symantec 20181017
Symantec Mobile Insight 20181001
TACHYON 20181017
Tencent 20181017
TheHacker 20181015
TotalDefense 20181017
TrendMicro 20181017
TrendMicro-HouseCall 20181017
Trustlook 20181017
VBA32 20181017
ViRobot 20181017
Webroot 20181017
Yandex 20181017
Zillya 20181017
ZoneAlarm by Check Point 20181017
Zoner 20181017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright SocuSoft Co.,Ltd 2012

Product HTML5 Video Player
File version 1.2.5
Description HTML5 Video Player Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 5:07 AM 11/15/2012
Signers
[+] Socusoft Co., Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 12:00 AM 04/27/2011
Valid to 11:59 PM 04/26/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 67B431188D60496ED1DF71E146A83C2A5678F1AA
Serial number 2E DF 7F C4 29 61 8B 44 6B F4 20 3A 13 F3 3B 10
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 01:00 AM 02/08/2010
Valid to 12:59 AM 02/08/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 01:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 05/01/2012
Valid to 12:59 AM 01/01/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/04/2003
Valid to 12:59 AM 12/04/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-09 08:48:22
Entry Point 0x0000F3BC
Number of sections 8
PE sections
Overlays
MD5 fad790ce05468a84666b74b8581ab3c3
File type data
Offset 114176
Size 26150032
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetVersion
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 4
DUTCH 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
52736

ImageVersion
6.0

ProductName
HTML5 Video Player

FileVersionNumber
1.2.5.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2.5

TimeStamp
2012:10:09 10:48:22+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.2.5

FileDescription
HTML5 Video Player Setup

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright SocuSoft Co.,Ltd 2012

MachineType
Intel 386 or later, and compatibles

CompanyName
SocuSoft Co.,Ltd

CodeSize
60416

FileSubtype
0

ProductVersionNumber
1.2.5.0

EntryPoint
0xf3bc

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 2b5000f3fb0a8aea475d43a0ae491ee5
SHA1 69b188219abdf6c8f62be917c350a65191303c3d
SHA256 eff2f7d2a2287d438c4209adf1e81d57e1d1bfb745feb05ba4a9d81a4cf0d4a6
ssdeep
786432:q26q6yz9DfwTh33iMk4MR7GNimA9Mh7vhys:SWkRiMk9eimrZh3

authentihash 4c709248233f2f3910c537d2f50a08f1cb19eca91fbde1351395b06140d4b10e
imphash 48aa5c8931746a9655524f67b25a47ef
File size 25.0 MB ( 26264208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-11-30 15:14:53 UTC ( 6 years, 5 months ago )
Last submission 2019-01-22 01:02:49 UTC ( 3 months, 4 weeks ago )
File names anyflvplayer_setup.exe
web-video-player-setup.exe
test.exe
any-flv-player-2215-jetelecharge.exe
any-flv-player-2215-jetelecharge.exe
html5videoplayer-setup.exe
any-flv-player-2215-jetelecharge.exe
unconfirmed 963027.crdownload
anyflvplayer_setup.exe
html5videoplayer-setup.exe
web-video-player-setup.exe
EFF2F7D2A2287D438C4209ADF1E81D57E1D1BFB745FEB05BA4A9D81A4CF0D4A6
any-flv-player-2215.exe
html5videoplayer-setup (1).exe
Socusoft Any FLV Player 2.5.1 setup (HTML5 Video Player 1.2.5 setup).exe
any-flv-player-2215-jetelecharge.exe
2b5000f3fb0a8aea475d43a0ae491ee5-html5videoplayer-setup.exe
any-flv-player-2215-jetelecharge.exe
html5videoplayer-setup.exe
332511
myfile
any-flv-player-2215-jetelecharge.exe
Socusoft=AnvSoft Any FLV Player 2.5.1 setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!