× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: e793f5461a28f37324fd66cbcece5f1591d36a623055ee76b30f52af91159deb
Имя файла: install_flashplayer12x32_mssa_aaa_aih.exe
Показатель выявления: 0 / 52
Дата анализа: 2014-05-29 06:29:06 UTC (4 лет, 5 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware 20140529
AegisLab 20140529
Yandex 20140528
AhnLab-V3 20140529
AntiVir 20140529
Antiy-AVL 20140529
Avast 20140529
AVG 20140529
Baidu-International 20140528
BitDefender 20140529
Bkav 20140528
ByteHero 20140529
CAT-QuickHeal 20140528
ClamAV 20140529
CMC 20140528
Commtouch 20140529
Comodo 20140529
DrWeb 20140528
Emsisoft 20140529
ESET-NOD32 20140528
F-Prot 20140529
F-Secure 20140529
Fortinet 20140529
GData 20140529
Ikarus 20140529
Jiangmin 20140529
K7AntiVirus 20140528
K7GW 20140528
Kaspersky 20140529
Kingsoft 20140529
Malwarebytes 20140529
McAfee 20140529
McAfee-GW-Edition 20140528
Microsoft 20140529
eScan 20140529
NANO-Antivirus 20140529
Norman 20140529
nProtect 20140528
Panda 20140528
Qihoo-360 20140529
Rising 20140528
Sophos AV 20140529
SUPERAntiSpyware 20140529
Symantec 20140529
Tencent 20140529
TheHacker 20140529
TotalDefense 20140528
TrendMicro 20140529
TrendMicro-HouseCall 20140529
VBA32 20140528
VIPRE 20140529
ViRobot 20140529
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) Adobe Systems Incorporated

Product Adobe Flash Player Installer
Original name host.exe
Internal name host.exe
File version 3.3.9.0
Description Adobe Flash Player Installer
Signature verification Signed file, verified signature
Signing date 7:36 AM 4/4/2014
Signers
[+] Adobe Systems Incorporated
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 Extended Validation Code Signing CA
Valid from 1:00 AM 7/30/2013
Valid to 12:59 AM 7/26/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 4784AE7CB1CDD7DEEB16E6372105138F514D9E08
Serial number 42 72 E5 D7 3E 43 62 8B 1C F3 F7 F2 D5 F5 4B AD
[+] Symantec Class 3 Extended Validation Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 6/7/2012
Valid to 12:59 AM 6/7/2022
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint F8D2C10380EDA2774655E5619DB7D02F7D9E850A
Serial number 6C 59 EF A9 E1 00 E1 0E E3 06 BA 8F E0 29 25 59
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-24 07:22:53
Entry Point 0x00073050
Number of sections 3
PE sections
Overlays
MD5 81d2f356b8ffba1a69516aa8cf73e931
File type application/zip
Offset 212480
Size 857520
Entropy 8.00
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.3.9.0

UninitializedDataSize
282624

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
28672

EntryPoint
0x73050

OriginalFileName
host.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Adobe Systems Incorporated

FileVersion
3.3.9.0

TimeStamp
2013:06:24 08:22:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
host.exe

ProductVersion
3.3.9.0

FileDescription
Adobe Flash Player Installer

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Solid State Networks

CodeSize
188416

ProductName
Adobe Flash Player Installer

ProductVersionNumber
3.3.9.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PCAP parents
File identification
MD5 a17f71684883c039de826b2e42644dc0
SHA1 6eb481ddc73571836a6160f63b0974de3aafe1ef
SHA256 e793f5461a28f37324fd66cbcece5f1591d36a623055ee76b30f52af91159deb
ssdeep
24576:7dSA+DTHZ+qh5I7k+pv8Ouh56UjxHGDj6G/ei/lFy6DIpv:7dSP5+qh5sGOuh5zVGn6G/tK

authentihash a2fc1ad87ff523000b0cb15831f1c501ad4957be2bcf2833a5445385dc8502a3
imphash e58ab46f2a279ded0846d81bf0fa21f7
Размер файла 1.0 MБ ( 1070000 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2014-04-08 09:07:21 UTC (4 лет, 7 месяцев назад)
Last submission 2018-04-30 00:25:13 UTC (6 месяцев, 2 недель назад)
Имена файлов install_flashplayer12x32_mssa_aaa_aih.exe
1b191785884f6f2db8a29bf755c43dc058e57a15
install_flashplayer12x32_mssd_aaa_aih.exe
install_flashplayer12x32_mssd_aaa_aih.exe
flash-player-windows-8-server-2012_13-0-0-214_fr_21292.exe
75565_stp.EXE
install_flashplayer12x64_mssd_aaa_aih.exe
flash-player-windows-8-server-2012_13-0-0-206_fr_21292.exe
qrkoneti.exe.part
install_flashplayer12x32_mssa_aaa_aih (1).exe
Copy of install_flashplayer12x32_mssa_aaa_aih.exe
install_flashplayer12x32_mssa_aaa_aih(1).exe
install_flashplayer12x32_ltr5x32d_awc_aih.exe
474209
host.exe
install_flashplayer12x32_mssd_aaa_aih.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections