× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5a5c520a933a64a939bbee0ad45ac4e61b4e3a5c64fb6cef54c2da8569f803a
File name: install_flashplayer12x03_mssd_aaa_aih.exe
Detection ratio: 43 / 57
Analysis date: 2015-02-12 06:27:40 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2010446 20150212
Yandex Backdoor.Androm!hpIEYjtqxxY 20150211
AhnLab-V3 Trojan/Win32.Gen 20150211
ALYac Trojan.GenericKD.2010446 20150212
Antiy-AVL Trojan/Win32.Yakes 20150212
Avast Win32:Injector-CIO [Trj] 20150212
AVG Inject2.BGRY 20150212
Avira (no cloud) TR/Crypt.Xpack.103338 20150212
AVware Trojan.Win32.Generic!BT 20150212
Baidu-International Backdoor.Win32.Androm.fola 20150211
BitDefender Trojan.GenericKD.2010446 20150212
CAT-QuickHeal TrojanRansom.Crowti.A4 20150211
ClamAV Win.Trojan.Agent-822336 20150212
Cyren W32/Trojan.LJXD-0588 20150212
DrWeb Trojan.Siggen.65341 20150212
Emsisoft Trojan.GenericKD.2010446 (B) 20150212
ESET-NOD32 a variant of Win32/Injector.BQPI 20150212
F-Prot W32/Trojan3.MOR 20150212
F-Secure Trojan.GenericKD.2010446 20150212
Fortinet W32/BQPI!tr 20150212
GData Trojan.GenericKD.2010446 20150212
Ikarus Trojan.Win32.Injector 20150212
Jiangmin Trojan/Yakes.awit 20150210
K7AntiVirus Trojan ( 004b1c801 ) 20150211
K7GW DoS-Trojan ( 201194e51 ) 20150212
Kaspersky Backdoor.Win32.Androm.fola 20150212
Malwarebytes Backdoor.Bot 20150212
McAfee RDN/Generic.dx!dh3 20150212
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20150211
Microsoft Worm:Win32/Gamarue.AN 20150212
eScan Trojan.GenericKD.2010446 20150212
NANO-Antivirus Trojan.Win32.Yakes.djrwpj 20150212
Norman Troj_Generic.XKSHF 20150211
nProtect Trojan.GenericKD.2010446 20150211
Panda Generic Suspicious 20150211
Qihoo-360 HEUR/QVM41.1.Malware.Gen 20150212
Sophos AV Troj/Agent-AKLV 20150212
Symantec Trojan.Gen.2 20150212
Tencent Win32.Trojan.Inject.5f58 20150212
TrendMicro TROJ_GE.7A0C7BE7 20150212
TrendMicro-HouseCall Suspicious_GEN.F47V1203 20150212
VBA32 Trojan.Yakes 20150211
VIPRE Trojan.Win32.Generic!BT 20150212
AegisLab 20150212
Alibaba 20150212
Bkav 20150212
ByteHero 20150212
CMC 20150211
Comodo 20150212
Kingsoft 20150212
Rising 20150211
SUPERAntiSpyware 20150212
TheHacker 20150212
TotalDefense 20150212
ViRobot 20150212
Zillya 20150211
Zoner 20150211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-13 16:07:55
Entry Point 0x0001D6AC
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
EnableWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 24
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:13 17:07:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
165888

LinkerVersion
9.0

FileAccessDate
2015:02:12 07:29:10+01:00

EntryPoint
0x1d6ac

InitializedDataSize
193024

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2015:02:12 07:29:10+01:00

UninitializedDataSize
0

File identification
MD5 b5e91896e93f59917640dbb82ff8ef9d
SHA1 4d394c8eddaa545a7c17a1466db4d24d26065e0a
SHA256 f5a5c520a933a64a939bbee0ad45ac4e61b4e3a5c64fb6cef54c2da8569f803a
ssdeep
6144:ia9tGE4Kby8j2xdHlFbqxnyme5ULt1L+V0NRSlsU:ia9tGEY8ixdHexnyKhp4TlsU

authentihash 54d8482d12e98d0b0ce41635acdb808b83af92f974f8001e63ad6ae7cd93f628
imphash 986447145f752ee174944cbcb0f6260b
File size 287.9 KB ( 294847 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-03 17:18:20 UTC ( 3 years, 10 months ago )
Last submission 2014-12-03 17:18:20 UTC ( 3 years, 10 months ago )
File names install_flashplayer12x03_mssd_aaa_aih.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.