× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: a9002d7f86acbd670711d2d4ec6a39c0756666e79b995dd0bf92b73b2c98c2a9
ファイル名: uninstall_flash_player.exe
検出率: 0 / 69
分析日時: 2019-01-14 19:41:15 UTC (4 ヶ月, 1 週間前) 最新を表示
ウイルス対策ソフト 結果 更新日
Acronis 20190111
Ad-Aware 20190114
AegisLab 20190114
AhnLab-V3 20190114
Alibaba 20180921
ALYac 20190114
Antiy-AVL 20190114
Arcabit 20190114
Avast 20190114
Avast-Mobile 20190114
AVG 20190114
Avira (no cloud) 20190114
Babable 20180918
Baidu 20190114
BitDefender 20190114
Bkav 20190108
CAT-QuickHeal 20190114
ClamAV 20190114
CMC 20190114
Comodo 20190114
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190114
Cyren 20190114
DrWeb 20190114
eGambit 20190114
Emsisoft 20190114
Endgame 20181108
ESET-NOD32 20190114
F-Prot 20190114
F-Secure 20190114
Fortinet 20190114
GData 20190114
Ikarus 20190114
Sophos ML 20181128
Jiangmin 20190114
K7AntiVirus 20190114
K7GW 20190114
Kaspersky 20190114
Kingsoft 20190114
Malwarebytes 20190114
MAX 20190114
McAfee 20190114
McAfee-GW-Edition 20190114
Microsoft 20190114
eScan 20190114
NANO-Antivirus 20190114
Palo Alto Networks (Known Signatures) 20190114
Panda 20190113
Qihoo-360 20190114
Rising 20190114
SentinelOne (Static ML) 20181223
Sophos AV 20190114
SUPERAntiSpyware 20190109
Symantec 20190114
TACHYON 20190114
Tencent 20190114
TheHacker 20190113
Trapmine 20190103
TrendMicro 20190114
TrendMicro-HouseCall 20190114
Trustlook 20190114
VBA32 20190114
ViRobot 20190114
Webroot 20190114
Yandex 20190111
Zillya 20190111
ZoneAlarm by Check Point 20190114
Zoner 20190114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1996-2019 Adobe Systems Incorporated

Product Adobe® Flash® Player Installer/Uninstaller
Original name FlashUtil.exe
Internal name Adobe® Flash® Player Installer/Uninstaller 32.0
File version 32,0,0,114
Description Adobe® Flash® Player Installer/Uninstaller 32.0 r0
Signature verification Signed file, verified signature
Signing date 12:05 AM 12/18/2018
Signers
[+] Adobe Systems Incorporated
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert EV Code Signing CA (SHA2)
Valid from 12:00 AM 03/15/2017
Valid to 12:00 PM 03/20/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 2E419CCC647F94FE0DFC5460D0740B93D3572E54
Serial number 06 F0 47 88 03 10 55 D3 1D EF FE FC D0 26 D6 C5
[+] DigiCert EV Code Signing CA (SHA2)
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 PM 04/18/2012
Valid to 12:00 PM 04/18/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Serial number 03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 12:00 AM 01/02/2017
Valid to 11:59 PM 04/01/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 01/12/2016
Valid to 11:59 PM 01/11/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 04/02/2008
Valid to 11:59 PM 12/01/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-17 22:18:28
Entry Point 0x00028008
Number of sections 6
PE sections
Overlays
MD5 e7e25d077fbf6dc36b89dfe32156181c
File type data
Offset 1448960
Size 7680
Entropy 7.26
PE imports
RegCreateKeyExW
CloseServiceHandle
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
FreeSid
CryptGetHashParam
RegQueryValueExA
OpenSCManagerW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
OpenServiceW
RegSetValueExA
ControlService
AllocateAndInitializeSid
RegOpenKeyExA
CryptHashData
RegQueryValueExW
DeleteDC
SetBkMode
CreateFontA
BitBlt
CreateCompatibleBitmap
GetTextExtentExPointW
CreateSolidBrush
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
SetThreadLocale
GetStdHandle
ReleaseMutex
WaitForSingleObject
FindNextFileA
EncodePointer
QueueUserAPC
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
OutputDebugStringW
FindClose
InterlockedDecrement
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
TlsGetValue
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetFileAttributesW
RaiseException
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GlobalAddAtomW
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
ReadConsoleW
SetWaitableTimer
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
FreeLibrary
GetFileSize
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateWaitableTimerW
GetFileSizeEx
RemoveDirectoryW
FindFirstFileExA
FindNextFileW
GetCurrentThreadId
FindFirstFileW
DuplicateHandle
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
Process32NextW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
SetEndOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
FreeResource
IsValidCodePage
FindResourceW
CreateProcessW
Sleep
FindResourceA
SysFreeString
VariantInit
VariantClear
SysAllocString
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
Ord(680)
CommandLineToArgvW
MapWindowPoints
RegisterClassExW
GetForegroundWindow
GetParent
GetPropW
BeginPaint
GetMessageW
DefWindowProcW
MoveWindow
PostQuitMessage
ShowWindow
SetPropW
SetWindowLongW
MessageBoxW
GetWindowRect
EndPaint
SetCapture
ReleaseCapture
SetWindowPos
TranslateMessage
GetWindow
PostMessageW
GetDC
GetKeyState
ReleaseDC
LoadStringW
SetWindowTextW
DrawTextW
DispatchMessageW
ClientToScreen
SetRect
InvalidateRect
SetTimer
CallWindowProcW
FillRect
GetClientRect
LoadCursorW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
SetCursor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
Number of PE resources by type
RT_STRING 112
RT_ICON 7
RT_RCDATA 3
LZMG 1
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
ENGLISH CAN 8
TURKISH DEFAULT 7
SWEDISH NEUTRAL 7
GERMAN 7
CHINESE TRADITIONAL 7
CZECH DEFAULT 7
JAPANESE DEFAULT 7
FRENCH 7
CHINESE SIMPLIFIED 7
PORTUGUESE BRAZILIAN 7
SPANISH MODERN 7
POLISH DEFAULT 7
DUTCH 7
RUSSIAN 7
KOREAN 7
ITALIAN 7
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
CodeSize
274432

SubsystemVersion
5.1

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
32.0.0.114

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Adobe Flash Player Installer/Uninstaller 32.0 r0

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1173504

EntryPoint
0x28008

OriginalFileName
FlashUtil.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2019 Adobe Systems Incorporated

FileVersion
32,0,0,114

TimeStamp
2018:12:17 23:18:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Adobe Flash Player Installer/Uninstaller 32.0

ProductVersion
32,0,0,114

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

LegalTrademarks
Adobe Flash Player

ProductName
Adobe Flash Player Installer/Uninstaller

ProductVersionNumber
32.0.0.114

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 6446ae6ab71611b539d76a7ece1b716b
SHA1 97e98c357b615228ee36de65db2f1e973f7086e3
SHA256 a9002d7f86acbd670711d2d4ec6a39c0756666e79b995dd0bf92b73b2c98c2a9
ssdeep
24576:wd1np5hri7OTrK6yoFMBjNO0pa30cyTYP96f53n7EPDIre/GA:wPdrgOTioKhNb+AYl6x3n7wIS/Z

authentihash 5225367fadeb2c30fe20293d3826e034185df049394a286e1182d6cbaa670a68
imphash 2ec68c558a5f724af82fd6229781023b
File size 1.4 MB ( 1456640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-08 05:04:31 UTC (4 ヶ月, 2 週間前)
Last submission 2019-04-28 10:29:34 UTC (3 週間, 5 日前)
ファイル名 uninstall_flash_player.exe
uninstall_flash_player.exe
uninstall_flash_player.exe
a421fc2c9f14c7d5ddc632833345c8992cd7860db322fa0dfb7713e446cde9fe_uninstall_flash_player.exe
uninstall_flash_player.exe
FlashUtil.exe
Uninstall.exe
Adobe Flash Player Uninstaller 32.0.0.114.exe
84d87ad05f404192354a6740e4af9efbaf7627a1c49f116c8cc8db16d3c78c67_uninstall_flash_player.exe
uninstall_flash_player.exe
uninstall_flash_player.exe
Uninstall.exe
uninstall.exe
uninstall_flash_player.exe
Uninstaller 32.0
uninstall.exe
uninstall_flash_player.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.