× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: d93b9d3bb342b98a5b33764d123dcf230087dab401728fdd86b091b359cee9bb
Имя файла: npswf32.dll
Показатель выявления: 0 / 54
Дата анализа: 2014-11-10 19:16:16 UTC (3 месяцев, 3 недель назад)
Скорее всего, безвреден! С высокой долей вероятности можно предположить, что данный файл безопасен для использования.
Антивирус Результат Дата обновления
AVG 20141110
AVware 20141110
Ad-Aware 20141110
AegisLab 20141110
Agnitum 20141110
AhnLab-V3 20141110
Antiy-AVL 20141110
Avast 20141110
Avira 20141110
Baidu-International 20141107
BitDefender 20141110
Bkav 20141110
ByteHero 20141110
CAT-QuickHeal 20141110
CMC 20141110
ClamAV 20141110
Comodo 20141110
Cyren 20141110
DrWeb 20141110
ESET-NOD32 20141110
Emsisoft 20141110
F-Prot 20141110
F-Secure 20141110
Fortinet 20141110
GData 20141110
Ikarus 20141110
Jiangmin 20141110
K7AntiVirus 20141110
K7GW 20141110
Kaspersky 20141110
Kingsoft 20141110
Malwarebytes 20141110
McAfee 20141110
McAfee-GW-Edition 20141110
MicroWorld-eScan 20141110
Microsoft 20141110
NANO-Antivirus 20141110
Norman 20141110
Panda 20141110
Qihoo-360 20141110
Rising 20141110
SUPERAntiSpyware 20141110
Sophos 20141110
Symantec 20141110
Tencent 20141110
TheHacker 20141110
TotalDefense 20141110
TrendMicro 20141110
TrendMicro-HouseCall 20141110
VBA32 20141110
ViRobot 20141110
Zillya 20141110
Zoner 20141110
nProtect 20141110
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Adobe® Flash® Player. Copyright © 1996-2011 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.

Publisher Adobe Systems Incorporated
Product Shockwave Flash
Original name npswf32.dll
Internal name Adobe Flash Player 11.1
File version 11,1,102,55
Description Shockwave Flash 11.1 r102
Signature verification Signed file, verified signature
Signing date 6:42 AM 11/1/2011
Signers
[+] Adobe Systems Incorporated
Status A certificate was explicitly revoked by its issuer.
Valid from 1:00 AM 12/15/2010
Valid to 12:59 AM 12/15/2012
Valid usage Code Signing
Algorithm SHA1
Thumbrint FDF01DD3F37C66AC4C779D92623C77814A07FE4C
Serial number 15 E5 AC 0A 48 70 63 71 8E 39 DA 52 30 1A 04 88
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-01 05:42:38
Entry Point 0x005B9DE1
Number of sections 7
PE sections
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueExA
CryptGenRandom
RegOpenKeyExW
CryptAcquireContextW
RegSetValueExA
CryptReleaseContext
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExW
PrintDlgW
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
CertEnumCertificatesInStore
CertVerifySubjectCertificateContext
CertOpenStore
CertAddStoreToCollection
CertCreateCertificateContext
CertCompareCertificate
CertCloseStore
CertFreeCertificateContext
CertNameToStrW
CertRDNValueToStrW
CertAddCertificateContextToStore
CertFindCertificateInStore
CryptDecodeObjectEx
CryptVerifyMessageSignature
CertVerifyTimeValidity
CryptFindOIDInfo
CertVerifyRevocation
CertFindRDNAttr
CryptGetMessageCertificates
CertCompareCertificateName
SetGraphicsMode
GetTextMetricsW
GetSystemPaletteEntries
SetStretchBltMode
CreatePen
GetBkMode
SaveDC
CreateFontIndirectA
PolyBezierTo
LPtoDP
GetClipBox
Rectangle
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
EndDoc
RestoreDC
SetBkMode
EnumFontFamiliesW
GetICMProfileA
GetWorldTransform
StretchBlt
SetPixel
SetWorldTransform
CreateSolidBrush
StartPage
IntersectClipRect
BitBlt
GdiFlush
CreateDIBSection
GetObjectW
EnumFontFamiliesA
RealizePalette
SetTextColor
CreateFontIndirectW
GetCurrentObject
MoveToEx
ExtTextOutW
FillPath
CreateBitmap
RectVisible
CreatePalette
GetStockObject
EnumFontFamiliesExW
SelectPalette
GetFontData
ExtTextOutA
StrokePath
GetTextExtentPoint32W
SetTextAlign
SelectClipRgn
CreateCompatibleDC
GetTextAlign
StartDocW
StretchDIBits
GetBkColor
EndPage
CreateRectRgn
GetClipRgn
GetTextExtentPoint32A
SetPolyFillMode
GetTextColor
GetStretchBltMode
DPtoLP
ExtCreatePen
SelectObject
SetBkColor
SetTextCharacterExtra
BeginPath
DeleteObject
GetTextCharacterExtra
SelectClipPath
EndPath
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
CreateWaitableTimerA
GetFileAttributesA
WaitForSingleObject
HeapDestroy
QueueUserAPC
VerifyVersionInfoW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
FindResourceExA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
SetThreadAffinityMask
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
SetWaitableTimer
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
InitializeCriticalSection
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetFileAttributesW
RaiseException
SetThreadPriority
GetUserDefaultLCID
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
CreateMutexA
CreateEventW
_lclose
InterlockedExchangeAdd
CreateSemaphoreA
CreateThread
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
GetStartupInfoA
IsProcessorFeaturePresent
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
GetVersion
SetCurrentDirectoryW
VirtualQuery
SetEndOfFile
GetLocaleInfoA
GetCurrentThreadId
GetProcAddress
SleepEx
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
DeviceIoControl
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GlobalSize
LeaveCriticalSection
GetFileSize
CreateDirectoryA
DeleteFileA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
GetTimeFormatW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
GetModuleHandleA
lstrcpyA
ResetEvent
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrencyFormatW
InterlockedIncrement
GetLastError
IsValidCodePage
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
CompareStringW
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GlobalAlloc
lstrlenW
GetCPInfo
OpenFile
CancelWaitableTimer
SwitchToThread
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
VerSetConditionMask
InterlockedCompareExchange
GetCurrentThread
GetTempPathA
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
_lwrite
GetFileAttributesExW
FindResourceExW
GetEnvironmentStrings
CreateProcessA
GetCurrentDirectoryW
UnmapViewOfFile
GetTempPathW
GetNumberFormatW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
CompareStringA
LoadRegTypeLib
SysStringLen
UnRegisterTypeLib
RegisterTypeLib
SysAllocString
LoadTypeLib
SysFreeString
UuidToStringA
RpcStringFreeA
SHGetFolderPathW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetFolderPathA
SHGetDiskFreeSpaceExW
RedrawWindow
GetForegroundWindow
MoveWindow
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
WindowFromPoint
SetMenuItemInfoW
GetDC
GetCursorPos
ReleaseDC
SendMessageW
UnregisterClassA
GetClientRect
SetCaretPos
IsClipboardFormatAvailable
LoadImageW
ClientToScreen
GetTopWindow
ShowCaret
DestroyWindow
GetParent
GetPropW
RegisterWindowMessageA
CreateCaret
ShowWindow
SetMenuInfo
SetPropW
GetClipboardFormatNameA
PeekMessageW
EnumDisplayDevicesA
InsertMenuItemW
MapWindowPoints
EnumDisplaySettingsW
DestroyCaret
RegisterClassW
GetQueueStatus
SetClipboardData
LoadStringW
DrawMenuBar
EnableMenuItem
EnumDisplayDevicesW
GetSubMenu
SetTimer
GetKeyboardLayout
FillRect
CopyRect
WaitForInputIdle
CreateWindowExW
CreateMenu
GetWindowInfo
GetMenuItemInfoW
SetFocus
GetMonitorInfoW
PostMessageA
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
MapVirtualKeyW
SendNotifyMessageW
GetClipboardData
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
GetWindowRect
RegisterClassA
SetCapture
ReleaseCapture
PostMessageW
SetWindowTextA
CheckMenuItem
SetWindowTextW
CreateWindowExA
GetDlgItem
SendInput
ScreenToClient
TrackPopupMenu
DialogBoxIndirectParamW
GetDesktopWindow
LoadCursorW
LoadIconW
OpenClipboard
EmptyClipboard
EndDialog
CreateIconIndirect
GetCapture
CreatePopupMenu
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
RegisterClassExW
RegisterClipboardFormatA
SetRectEmpty
DialogBoxParamW
MessageBoxA
SendMessageTimeoutW
RegisterClipboardFormatW
GetKeyState
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
GetWindowLongW
IsWindowVisible
SystemParametersInfoW
MonitorFromWindow
SetRect
InvalidateRect
CallWindowProcW
GetCursor
GetFocus
CloseClipboard
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetSetOptionW
HttpSendRequestW
timeKillEvent
waveOutReset
waveInOpen
waveOutUnprepareHeader
waveOutGetDevCapsA
timeSetEvent
waveInStop
mixerGetLineControlsA
waveOutGetDevCapsW
waveOutGetPosition
timeBeginPeriod
mixerGetLineInfoA
mixerOpen
waveInPrepareHeader
waveInGetDevCapsA
waveOutPause
waveInMessage
timeEndPeriod
waveInGetDevCapsW
waveOutClose
waveOutMessage
waveInAddBuffer
timeGetTime
waveOutGetNumDevs
waveInClose
timeGetDevCaps
waveOutRestart
waveInGetNumDevs
mixerGetID
mixerGetDevCapsA
waveOutOpen
mixerSetControlDetails
waveInUnprepareHeader
mixerClose
waveOutPrepareHeader
waveInGetPosition
mixerGetControlDetailsA
waveInStart
waveOutWrite
waveInReset
htonl
ioctlsocket
WSAStartup
WSASocketW
getsockname
WSAAddressToStringA
htons
WSASetLastError
select
gethostname
closesocket
WSACloseEvent
ntohl
inet_addr
send
getservbyport
ntohs
WSAGetLastError
gethostbyaddr
connect
WSACleanup
gethostbyname
inet_ntoa
WSAAsyncSelect
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
WSAEnumNetworkEvents
WSAEventSelect
sendto
WSACreateEvent
getservbyname
TranslateBitmapBits
DeleteColorTransform
CloseColorProfile
OpenColorProfileW
CreateColorTransformW
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleFlushClipboard
ReleaseStgMedium
CoCreateInstance
CreateBindCtx
OleSetClipboard
OleGetClipboard
OleIsCurrentClipboard
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CopyStgMedium
PE exports
Number of PE resources by type
RT_STRING 64
RT_MENU 48
RT_DIALOG 17
RT_ICON 5
RT_CURSOR 5
RT_GROUP_CURSOR 3
RT_VERSION 2
RT_MANIFEST 1
TYPELIB 1
JAVACLASS 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 28
TURKISH DEFAULT 9
SWEDISH NEUTRAL 8
GERMAN 8
CHINESE TRADITIONAL 8
DUTCH 8
FRENCH 8
CHINESE SIMPLIFIED 8
PORTUGUESE BRAZILIAN 8
JAPANESE DEFAULT 8
SPANISH MODERN 8
POLISH DEFAULT 8
CZECH DEFAULT 8
RUSSIAN 8
KOREAN 8
ITALIAN 8
ExifTool file metadata
CodeSize
6614528

SubsystemVersion
5.0

InitializedDataSize
1905664

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.1.102.55

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Shockwave Flash 11.1 r102

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileOS
Win32

MIMEType
application/x-shockwave-flash|application/futuresplash

LegalCopyright
Adobe Flash Player. Copyright 1996-2011 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.

FileExtents
swf|spl|mfp

FileOpenName
Adobe Flash movie (*.swf)|FutureSplash movie (*.spl)|Adobe Flash Paper (*.mfp)

FileVersion
11,1,102,55

TimeStamp
2011:11:01 06:42:38+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Adobe Flash Player 11.1

FileAccessDate
2014:11:10 20:16:23+01:00

ProductVersion
11,1,102,55

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2014:11:10 20:16:23+01:00

OriginalFilename
npswf32.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

Debugger
0

CompanyName
Adobe Systems, Inc.

LegalTrademarks
Adobe Flash Player

ProductName
Shockwave Flash

ProductVersionNumber
11.1.102.55

EntryPoint
0x5b9de1

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
PE resource-wise parents
Compressed bundles
File identification
MD5 de3745a51b7ac7fedc356a83f76c8023
SHA1 7043c94cde62cec4fc5840121b7944463b227411
SHA256 d93b9d3bb342b98a5b33764d123dcf230087dab401728fdd86b091b359cee9bb
ssdeep
196608:hiNCwoC243SsEPRASaRqrOiF5bnm6SzEBgQpqxLmntSXuFhbsBOp8m:gcjC2FOSMiF5y6Sz8tpqxLmntSXunp8m

authentihash b43776bd25ee765b2bd2c51d6064f172505e4afce263f2c63937dc92f1f769b3
imphash 6599203ecf57ac34a728919100121e0d
Размер файла 8.1 MБ ( 8527008 bytes )
Тип файла Win32 DLL
Описание
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (82.9%)
Win32 Executable (generic) (9.0%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll signed

VirusTotal metadata
First submission 2011-11-10 22:18:34 UTC (3 лет, 3 месяцев назад)
Last submission 2014-11-10 19:16:16 UTC (3 месяцев, 3 недель назад)
Имена файлов smona132748821848024706738
smona132125416757700218764
NPSWF32.exe_
de3745a51b7ac7fedc356a83f76c8023
smona132099974917184221038
smona132208692556151677597
NPSWF32.dll_1.exe
d93b9d3bb342b98a5b33764d123dcf230087dab401728fdd86b091b359cee9bb.log
NPSWF32.dll
smona132432939412480916985
101.exe
NPSWF32.dll
file-3131102_dll
npswf32.dll
7043c94cde62cec4fc5840121b7944463b227411
smona_d93b9d3bb342b98a5b33764d123dcf230087dab401728fdd86b091b359cee9bb.bin
Adobe Flash Player 11.1
NPSWF32.exe_ - 保留(普通にFLASHっぽい)
smona132551719519550469718
smona132102860587497104689
Нет комментариев. Из участников сообщества VirusTotal пока ещё никто не оставил комментарий по поводу данного анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Пока ещё никто не проголосовал за данный анализ. Станьте первым!