× Cookies are disabled! אתר זה דורש שקבצי Cookie יהיו זמינים על מנת שיוכל לפעול כראוי
SHA256: 98203851eb03598850bf958c61f85c3fd68079328ca07e509946dc8e31f3d024
שם קובץ: flashplayerinstaller.exe
יחס זיהוי: 2 / 50
תאריך ניתוח: 2014-01-29 08:06:24 UTC ( 5 שנים, 3 חודשים לפני ) הצג אחרון
אנטי־וירוס תוצאה עדכן
CMC Trojan.Win32.Generic!O 20140122
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20140129
Ad-Aware 20140129
Yandex 20140128
AhnLab-V3 20140128
AntiVir 20140129
Antiy-AVL 20140128
Avast 20140129
AVG 20140128
Baidu-International 20140129
BitDefender 20140129
Bkav 20140125
ByteHero 20140122
CAT-QuickHeal 20140129
ClamAV 20140129
Commtouch 20140129
Comodo 20140129
DrWeb 20140129
Emsisoft 20140129
ESET-NOD32 20140129
F-Prot 20140129
F-Secure 20140129
Fortinet 20140129
GData 20140129
Ikarus 20140129
Jiangmin 20140129
K7AntiVirus 20140128
K7GW 20140128
Kaspersky 20140129
Kingsoft 20130829
Malwarebytes 20140129
McAfee 20140129
Microsoft 20140129
eScan 20140129
NANO-Antivirus 20140129
Norman 20140129
nProtect 20140129
Panda 20140128
Qihoo-360 20140122
Rising 20140128
Sophos AV 20140129
SUPERAntiSpyware 20140129
Symantec 20140129
TheHacker 20140128
TotalDefense 20140128
TrendMicro 20140129
TrendMicro-HouseCall 20140129
VBA32 20140128
VIPRE 20140129
ViRobot 20140129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 3, 3, 8, 1
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x000C2E80
Number of sections 3
PE sections
Overlays
MD5 ddfa72ead45e324816c648db7db4367c
File type data
Offset 344064
Size 167859
Entropy 8.00
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
VariantInit
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_STRING 7
RT_ICON 4
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 18
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
524288

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.3.8.1

LanguageCode
English (British)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
73728

EntryPoint
0xc2e80

MIMEType
application/octet-stream

FileVersion
3, 3, 8, 1

TimeStamp
2012:01:29 22:32:28+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script: 3, 3, 8, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
274432

FileSubtype
0

ProductVersionNumber
3.3.8.1

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 b1380cffca8cfb2ebed687d9f8d48085
SHA1 5606cecdc97ed82abf6543bb4a8a86e2b55bcd0e
SHA256 98203851eb03598850bf958c61f85c3fd68079328ca07e509946dc8e31f3d024
ssdeep
12288:I6Wq4aaE6KwyF5L0Y2D1PqLnFGGep7oLdM+iL:ethEVaPqLnFxM+iL

authentihash 1c6b008fdf1046f1f17dc6495be84fe7e052eec7c4745b09274e641e0e1fbb33
imphash 890e522b31701e079a367b89393329e6
קודל קובץ 499.9 ק"ב ( 511923 bytes )
סוג קובץ Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID AutoIt3 compiled script executable (87.8%)
UPX compressed Win32 Executable (4.6%)
Win32 EXE Yoda's Crypter (4.5%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2014-01-29 08:05:10 UTC ( 5 שנים, 3 חודשים לפני )
Last submission 2018-10-09 15:43:56 UTC ( 7 חודשים, 2 שבועות לפני )
שמות קבצים flashplayerinstaller.exe
vti-rescan
flashplayer-2014-01-29.17-04.txt
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
אין תגובות. אף חבר קהילה של VirusTotal הגיב על הפריט הזה. היה הראשון לעשות זאת!

השאר תגובה...

?
פרסם תגובה

אתה לא מחובר. רק משתמשים רשומים יכולים להשאיר תגובה. והתחבר והראה את קולך!

אין הצבעות. אף אחד לא הצביע על קובץ זה. היה הראשון לעשות זאת!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications