Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2010-Aug-09 01:44:42 |
Detected languages |
English - United States
|
CompanyName | Adobe Systems, Inc. |
FileDescription | Adobe? Flash? Player Installer/Uninstaller 10.1 r53 |
FileVersion | 10,1,53,64 |
InternalName | Adobe? Flash? Player Installer/Uninstaller 10.1 |
LegalCopyright | Copyright ? 1996-2010 Adobe, Inc. |
LegalTrademarks | Adobe? Flash? Player |
OriginalFilename | FlashUtil.exe |
ProductName | Flash? Player Installer/Uninstaller |
ProductVersion | 10,1,53,64 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. | Section .text is both writable and executable. |
Suspicious | The PE contains functions most legitimate programs don't use. |
Possibly launches other programs:
|
Info | The PE's resources present abnormal characteristics. | Resource 102 is possibly compressed or encrypted. |
Malicious | The program tries to mislead users about its origins. | The PE pretends to be from Adobe but is not signed! |
Malicious | VirusTotal score: 50/66 (Scanned on 2018-06-21 23:37:03) |
Emsisoft:
Gen:Variant.Kazy.247287 (B)
MicroWorld-eScan: Gen:Variant.Kazy.247287 CAT-QuickHeal: Trojan.Mauvaise.SL1 McAfee: Downloader-BIJ Cylance: Unsafe K7AntiVirus: Trojan-Downloader ( 0040f54b1 ) K7GW: Trojan-Downloader ( 0040f54b1 ) Cybereason: malicious.54ffe1 TrendMicro: BKDR_SIMBOT.SMJB Baidu: Win32.Trojan.Inject.bm Cyren: W32/A-1a76837c!Eldorado Symantec: Trojan.Cryect TrendMicro-HouseCall: BKDR_SIMBOT.SMJB Avast: Win32:Evo-gen [Susp] ClamAV: Win.Trojan.Rubinurd-67 Kaspersky: Trojan.Win32.Inject.aaceh Microsoft: Trojan:Win32/Dorv.A NANO-Antivirus: Trojan.Win32.Small.cpbmb ViRobot: Trojan.Win32.Downloader.36864.PZ AegisLab: Troj.Downloader.W32.Small.lk0q Ad-Aware: Gen:Variant.Kazy.247287 Comodo: Backdoor.Win32.Simbot.FTSP F-Secure: Gen:Variant.Kazy.247287 DrWeb: Trojan.DownLoad2.15318 Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.Downloader.nm TheHacker: Trojan/Injector.bfsu Ikarus: Trojan-Downloader.Win32.Small F-Prot: W32/A-1a76837c!Eldorado Jiangmin: TrojanDownloader.Small.ajux Webroot: W32.Trojan.Coremhead Avira: TR/Dropper.Gen MAX: malware (ai score=81) Antiy-AVL: Trojan/Win32.Inject.aaceh Endgame: malicious (high confidence) Arcabit: Trojan.Kazy.D3C5F7 SUPERAntiSpyware: Trojan.Agent/Gen-Kazy ZoneAlarm: Trojan.Win32.Inject.aaceh AhnLab-V3: Backdoor/Win32.CSon.R885 ALYac: Gen:Variant.Kazy.247287 TACHYON: Trojan/W32.Agent.36864.BSC VBA32: SScope.Backdoor.Simbot Malwarebytes: Backdoor.Simbot Panda: Trj/Genetic.gen ESET-NOD32: a variant of Win32/Injector.BFSU SentinelOne: static engine - malicious Fortinet: W32/Generic.AC.DE4!tr AVG: Win32:Evo-gen [Susp] CrowdStrike: malicious_confidence_100% (D) Qihoo-360: HEUR/QVM19.1.008D.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2010-Aug-09 01:44:42 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x2000 |
SizeOfInitializedData | 0x6000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x3000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x9000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
ReadFile
HeapAlloc GetProcessHeap GetFileSize CreateFileA CopyFileA MoveFileExA GetTempFileNameA GetTempPathA GetModuleFileNameA LockResource LoadResource SizeofResource FindResourceA GetLastError lstrcpyA MoveFileA DeleteFileA lstrcatA lstrcmpiA ExitProcess ExpandEnvironmentStringsA GetTickCount LeaveCriticalSection GetProcAddress EnterCriticalSection VirtualProtect InitializeCriticalSection GetModuleHandleA TerminateProcess VirtualAllocEx HeapFree VirtualAlloc lstrlenA Sleep WinExec GetLocalTime SetUnhandledExceptionFilter GetCurrentProcess GetCurrentProcessId GetCurrentThreadId SetFilePointer WriteFile CloseHandle BeginUpdateResourceA UpdateResourceA GetLongPathNameA EndUpdateResourceA |
---|---|
USER32.dll |
wsprintfA
MessageBeep MessageBoxA |
ADVAPI32.dll |
CryptAcquireContextA
CryptReleaseContext CloseServiceHandle EnumServicesStatusA OpenSCManagerA CryptGenRandom |
SHLWAPI.dll |
StrRChrIA
StrChrA PathRemoveFileSpecA |
dbghelp.dll |
MiniDumpWriteDump
|
Ordinal | 1 |
---|---|
Address | 0x42f8 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 10.1.53.64 |
ProductVersion | 10.1.53.64 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | Adobe Systems, Inc. |
FileDescription | Adobe? Flash? Player Installer/Uninstaller 10.1 r53 |
FileVersion (#2) | 10,1,53,64 |
InternalName | Adobe? Flash? Player Installer/Uninstaller 10.1 |
LegalCopyright | Copyright ? 1996-2010 Adobe, Inc. |
LegalTrademarks | Adobe? Flash? Player |
OriginalFilename | FlashUtil.exe |
ProductName | Flash? Player Installer/Uninstaller |
ProductVersion (#2) | 10,1,53,64 |
Resource LangID | English - United States |
---|
XOR Key | 0x722be73f |
---|---|
Unmarked objects | 0 |
14 (7299) | 4 |
Total imports | 61 |
Imports (2179) | 11 |
C objects (VS98 SP6 build 8804) | 4 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |
Linker (VC++ 6.0 SP5 imp/exp build 8447) | 1 |