1.exe

Shockwave Flash

Macromedia, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from s10557.chomikuj.pl.
Publisher:
Macromedia, Inc.

Product:
Shockwave Flash

Description:
Macromedia Flash Player 6.0 r21

Version:
6,0,21,0

MD5:
867bfad19eb044ed765f322acf88d2d6

SHA-1:
65bcd2f5c2657f2ef418c7e5868a1899218601e7

SHA-256:
bc434bad24ea031483655124b7307863d0d57dd413e8c90bb09052a0ca5a9310

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/5/2024 3:39:56 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Trojan.Inject-984
0.98/21511

Comodo Security
UnclassifiedMalware
23358

Rising Antivirus
PE:Backdoor.Agent.iak!1117925[F1]
23.00.65.151006

ViRobot
Trojan.Win32.A.Inject.540182[ASPack][h]
2014.3.20.0

File size:
577 KB (590,813 bytes)

Product version:
6,0,21,0

Copyright:
Copyright © 1996-2002 Macromedia, Inc.

Trademarks:
Macromedia Flash Player

Original file name:
SAFlashPlayer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
3/6/2002 7:35:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Ue5M3LcGo7UnRdgLjanu4v8Ic+lzQ+53hquuuuuuuuuuuuuuuuuuuuuuuuuuuuu8:Ub3LcbUnoynd9Bf5ouuuuuuuuuuuuuuN

Entry address:
0x18B001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, B0, 18, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72...
 
[+]

Entropy:
7.8821

Packer / compiler:
ASPack v2.12

Code size:
604 KB (618,496 bytes)

The file 1.exe has been seen being distributed by the following URL.

Scan 1.exe - Powered by Reason Core Security