Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.InstallFlash.A

Trojan.InstallFlash.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 19,774
Threat Level: 80 % (High)
Infected Computers: 264
First Seen: July 24, 2009
Last Seen: March 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.InstallFlash.A
Signature status: Self Signed

Known Samples

MD5: 9e00dcdd5f72f1ab619a21afa021972c
SHA1: 2c6ccbaf7804019a7b5de21d5fdde44d66178192
SHA256: 89CD95E5CD95D99F3361CB78462A0B14CAD718DEF8FD2BF30F8CABFECD0335FD
File Size: 312.82 KB, 312816 bytes
MD5: 3cac3a69d517a99a67f64dd17fb7a686
SHA1: cce0c13c1990d9d8b5a9d63045d8bafefa954893
SHA256: AFF11556A7F89781F24AF468BF5C1F16D13680B24AAFD3D82B2F19B2907DEB71
File Size: 313.06 KB, 313056 bytes
MD5: 2e4c062ebca9ba65a39c9240e84c0966
SHA1: d387133b749c41598d8bd70bdce0d561f18bf917
SHA256: 5A2F9BF5A398C20051CC27C28BC43206B8C2C0F79A0815D104F318BA3A0AB21C
File Size: 349.68 KB, 349680 bytes
MD5: 7ff22c56c2f9936f072a9a95e6e52dc0
SHA1: fd4388a453c7ac54c890120696b05b2e9ffff9d3
SHA256: 377DF8AE99127A0D8477EAA3FB9E7CF11B4CC10103DA4345906B700C4705F2C9
File Size: 325.10 KB, 325104 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Description Installer MFC Application
File Version
  • 1, 0, 0, 2
  • 1, 0, 0, 1
Internal Name Installer
Legal Copyright Copyright (C) 2006
Original Filename Installer.EXE
Product Name Installer Application
Product Version
  • 1, 0, 0, 2
  • 1, 0, 0, 1

Digital Signatures

Signer Root Status
Skill On Net Thawte Code Signing CA - G2 Self Signed
Skill On Net thawte SHA256 Code Signing CA Self Signed

File Traits

  • HighEntropy
  • Installer Version
  • x86

Block Information

Total Blocks: 1,544
Potentially Malicious Blocks: 77
Whitelisted Blocks: 1,467
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 x x x x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x x x 0 x x x 0 x x 0 0 x x 0 x 0 0 x 0 x 0 0 0 0 0 x 0 0 x x x 0 x x x 0 0 x 0 x x x x x 0 0 0 x 0 0 0 0 x x x 0 x 0 x x x x 0 x x x x x x x x x x x 0 0 x x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 1 0 1 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • BHO.X
  • BHO.XA

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\setupflashnew.exe Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes
c:\windows\appcompat\programs\amcache.hve.log1 Read Data,Write Data
c:\windows\appcompat\programs\amcache.hve.log2 Read Data,Write Data

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 庼Ǭ䠱O噀ñ቎ĤÁŁ鱹9뽹ɞ傄ë횎ǜ릣ʝ閾ʴ淃⟋ʪ柏ũߙĤᰂŁ鍂€ꩠŖÉ窵ň忶Ǥ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Process Shell Execute
  • CreateProcess

Shell Command Execution

"C:\Users\Kmxjkrld\AppData\Local\Temp\SetupFlashNew.exe"
"C:\Users\Wpiavaqi\AppData\Local\Temp\SetupFlashNew.exe"
"C:\Users\Lezsrrds\AppData\Local\Temp\SetupFlashNew.exe"
"C:\Users\Qdygxadb\AppData\Local\Temp\SetupFlashNew.exe"

Trending

Most Viewed

Loading...