× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fdfe0b19721962bf76bb24e8da13da304d4d48fa3a2e685587de95e41e1c6f09
File name: copy_Update.exe
Detection ratio: 13 / 46
Analysis date: 2013-03-30 18:09:20 UTC ( 6 years ago )
Antivirus Result Update
AntiVir Adware/Airinstall.J 20130330
AVG Agent4.AKRC 20130330
Comodo ApplicUnwnt 20130330
DrWeb Adware.Downware.1011 20130330
Emsisoft Trojan.Win32.AirAdInstaller.AMN (A) 20130330
ESET-NOD32 a variant of Win32/AirAdInstaller.A 20130330
F-Prot W32/AirInstall.A2.gen!Eldorado 20130330
Ikarus Trojan-Dropper.Agent 20130330
McAfee Artemis!E475E4252594 20130330
McAfee-GW-Edition Artemis!E475E4252594 20130330
Panda Suspicious file 20130330
TrendMicro-HouseCall TROJ_GEN.F47V0330 20130330
VIPRE AirInstaller (fs) 20130330
Yandex 20130330
AhnLab-V3 20130330
Antiy-AVL 20130330
Avast 20130330
BitDefender 20130330
ByteHero 20130322
CAT-QuickHeal 20130330
ClamAV 20130330
Commtouch 20130330
eSafe 20130328
F-Secure 20130330
Fortinet 20130330
GData 20130330
Jiangmin 20130330
K7AntiVirus 20130330
Kaspersky 20130330
Kingsoft 20130325
Malwarebytes 20130330
Microsoft 20130330
eScan 20130330
NANO-Antivirus 20130330
Norman 20130330
nProtect 20130329
PCTools 20130330
Rising 20130328
Sophos AV 20130330
SUPERAntiSpyware 20130330
Symantec 20130330
TheHacker 20130330
TotalDefense 20130329
TrendMicro 20130330
VBA32 20130330
ViRobot 20130330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) AirInstaller. All rights reserved.

Publisher AirInstaller Inc.
Product Flash Player Pro
Original name AirInstaller.exe
Internal name AirInstaller.exe
File version 2.0.3.53
Description Flash Player Pro
Signing date 1:29 AM 3/9/2013
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-04 23:35:04
Entry Point 0x002423E0
Number of sections 3
PE sections
PE imports
InitCommonControlsEx
GetFileTitleW
LPtoDP
ImmGetContext
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
LresultFromObject
Ord(190)
PathIsUNCW
InternetOpenW
PlaySoundW
OpenPrinterW
GdipFree
DoDragDrop
OleUIBusyW
IsValidURL
Number of PE resources by type
RT_STRING 17
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_DIALOG 12
RT_ICON 4
RT_BITMAP 3
RT_HTML 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 65
ENGLISH CAN 6
ExifTool file metadata
UninitializedDataSize
1290240

InitializedDataSize
12288

ImageVersion
0.0

ProductName
Flash Player Pro

FileVersionNumber
2.0.3.53

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Flash Player Pro

CharacterSet
Unicode

LinkerVersion
10.0

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.3.53

TimeStamp
2013:03:05 00:35:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AirInstaller.exe

ProductVersion
2.0.3.53

SubsystemVersion
5.1

OSVersion
5.1

OriginalFilename
AirInstaller.exe

LegalCopyright
(c) AirInstaller. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
AirInstaller Inc.

CodeSize
1077248

FileSubtype
0

ProductVersionNumber
2.0.3.53

EntryPoint
0x2423e0

ObjectFileType
Executable application

File identification
MD5 e475e4252594bce3c72dfd9d2dc111c2
SHA1 b2d9949064bd0af0258d22b24adc6f02748ef40a
SHA256 fdfe0b19721962bf76bb24e8da13da304d4d48fa3a2e685587de95e41e1c6f09
ssdeep
24576:LfLHuzBsBX4BF3LEV8dz/WqBEJBFeYns+HAeyfLGfgyMJTvs1:Lfj0wk9L80z/LEJBFeJ+HZEGTgTE

File size 1.0 MB ( 1095248 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
Tags
peexe signed upx

VirusTotal metadata
First submission 2013-03-30 09:18:53 UTC ( 6 years ago )
Last submission 2013-03-30 18:09:20 UTC ( 6 years ago )
File names copy_Update.exe
e475e4252594bce3c72dfd9d2dc111c2.b2d9949064bd0af0258d22b24adc6f02748ef40a
AirInstaller.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.