× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f351a7328f9a41e5c81ce7cc1395778fdb80229d1d17ad503ea670fc4868c325
File name: adobe_flash_player-50349040.exe
Detection ratio: 11 / 56
Analysis date: 2016-06-04 18:35:39 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan/Win32.TSGeneric 20160604
Avast Win32:Malware-gen 20160604
AVG Generic.510 20160604
DrWeb Trojan.Vittalia.10462 20160604
ESET-NOD32 Win32/DownloadAdmin.S potentially unwanted 20160604
K7GW Hacktool ( 655367771 ) 20160604
McAfee Artemis!C3CD90C3E406 20160604
McAfee-GW-Edition Artemis 20160604
Panda PUP/DownloadAssistant 20160604
Rising PUA.DownloadAdmin!8.123-vct54N5ROBF (Cloud) 20160604
Symantec Trojan.Gen.2 20160604
Ad-Aware 20160604
AegisLab 20160604
AhnLab-V3 20160604
Alibaba 20160603
ALYac 20160604
Arcabit 20160604
Avira (no cloud) 20160604
AVware 20160604
Baidu 20160603
Baidu-International 20160604
BitDefender 20160604
Bkav 20160604
CAT-QuickHeal 20160604
ClamAV 20160604
CMC 20160602
Comodo 20160604
Cyren 20160604
Emsisoft 20160604
F-Prot 20160604
F-Secure 20160604
Fortinet 20160604
GData 20160604
Ikarus 20160604
Jiangmin 20160604
K7AntiVirus 20160604
Kaspersky 20160604
Kingsoft 20160604
Malwarebytes 20160604
Microsoft 20160604
eScan 20160604
NANO-Antivirus 20160604
nProtect 20160603
Qihoo-360 20160604
Sophos AV 20160604
SUPERAntiSpyware 20160604
Tencent 20160604
TheHacker 20160604
TrendMicro 20160604
TrendMicro-HouseCall 20160604
VBA32 20160603
VIPRE 20160604
ViRobot 20160604
Yandex 20160604
Zillya 20160603
Zoner 20160604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 3:15 PM 6/4/2016
Signers
[+] Zen Bros Media
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Go Daddy Secure Certificate Authority - G2
Valid from 10:12 PM 03/08/2016
Valid to 10:12 PM 03/08/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 55E7BA48E3C864372D3F3BD180BBA07EC12B47FE
Serial number 00 DA 69 A0 BD 85 4B B5 54
[+] Go Daddy Secure Certificate Authority - G2
Status Valid
Issuer Go Daddy Root Certificate Authority - G2
Valid from 06:00 AM 05/03/2011
Valid to 06:00 AM 05/03/2031
Valid usage All
Algorithm sha256RSA
Thumbprint 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Serial number 07
[+] Go Daddy Root Certificate Authority - G2
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 07:00 AM 01/01/2014
Valid to 06:00 AM 05/30/2031
Valid usage All
Algorithm sha256RSA
Thumbprint 340B2880F446FCC04E59ED33F52B3D08D6242964
Serial number 1B E7 15
[+] Go Daddy Class 2 Certification Authority
Status Valid
Issuer Go Daddy Class 2 Certification Authority
Valid from 04:06 PM 06/29/2004
Valid to 04:06 PM 06/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 05:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 05:31 PM 07/09/1999
Valid to 05:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0004C6E0
Number of sections 7
PE sections
Overlays
MD5 84d66d555f843b69829f281f6a78c7bc
File type data
Offset 476160
Size 6408
Entropy 7.35
PE imports
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptQueryObject
CryptDecodeObject
CheckSumMappedFile
UnMapAndLoad
MapAndLoad
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
WaitForSingleObject
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
WriteFile
EnumResourceLanguagesA
ResumeThread
SetEvent
LocalFree
GetThreadPriority
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
SetLastError
SuspendThread
RemoveDirectoryW
TryEnterCriticalSection
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
SetThreadPriority
MultiByteToWideChar
MoveFileW
SetFilePointer
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
SetCurrentDirectoryW
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
HeapFree
EnterCriticalSection
TerminateThread
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
ExitThread
GetStartupInfoA
GetDateFormatA
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
GetModuleFileNameW
lstrcmpA
FindFirstFileA
EnumResourceNamesA
GetConsoleCP
ResetEvent
FindFirstFileW
GetUserDefaultLCID
CreateFileW
CreateEventA
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GetSystemInfo
GetEnvironmentStringsA
FindNextFileW
GetThreadLocale
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCommandLineA
EnumResourceTypesA
QueryPerformanceFrequency
GetModuleHandleA
ReadFile
CloseHandle
GetACP
FreeResource
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
GetOEMCP
CompareStringA
CoCreateInstance
VariantCopy
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayUnaccessData
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
SafeArrayRedim
SysFreeString
SafeArrayPutElement
VariantInit
VariantChangeTypeEx
ShellExecuteExA
CharLowerBuffW
CharLowerA
OemToCharA
GetSystemMetrics
CharUpperBuffA
MessageBoxA
WaitForInputIdle
CharLowerBuffA
CharUpperBuffW
MessageBeep
CharUpperA
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
309024

LinkerVersion
3.0

FileTypeExtension
exe

InitializedDataSize
9988

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x4c6e0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
12225

File identification
MD5 c3cd90c3e406981bece559a43fe64414
SHA1 5dd260f6915079345d4898f7df1133b471538e75
SHA256 f351a7328f9a41e5c81ce7cc1395778fdb80229d1d17ad503ea670fc4868c325
ssdeep
12288:vThKd6hIaNYLNcYM4+Q3sMnMbI7cRFUJ/DNF99GIRYb/:vVKd62AYJcYM4+Q3sMMbIIRFUJ/DNF9C

authentihash c9cb06d282da0f5a8220fd69f9752a6c6a6edf1e302426598dae4e1890a74044
imphash 30b4b3bb24525a22679324b69a171ed9
File size 471.3 KB ( 482568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Executable MS Visual C++ (generic) (26.5%)
Win64 Executable (generic) (23.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-06-04 14:42:33 UTC ( 2 years, 8 months ago )
Last submission 2019-02-07 17:03:30 UTC ( 2 weeks ago )
File names adobe_flash_player-50281123.exe
adobe_flash_player-50331902.exe
adobe_flash_player-50401392 (1).exe
adobe_flash_player-50349040.exe

f351a7328f9a41e5c81ce7cc1395778fdb80229d1d17ad503ea670fc4868c325.bin
adobe_flash_player-50349040.ex
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications