» adobe-flash_setup.exe
Overview
Analysis
File Details
Downloads (3)

adobe-flash_setup.exe

Adobe Flash Installer

Fast Downloads

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application adobe-flash_setup.exe, “Deploy Adobe Flash along with various offers” by Fast Downloads has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.

File name:

Publisher:

Fast Downloads (signed and verified)

Product:

Adobe Flash Installer

Description:

Deploy Adobe Flash along with various offers

Version:

11.6

MD5:

911688d8bdbc110f346d49930987ccdb

SHA-1:

b680a476b9ddb111020d55bbf7a261bc7710aca3

SHA-256:

3b893602c4b5ceb26d28ec1d7327226355b967278a8b57cc3e233623dc1bcab6

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

12/26/2024 2:58:54 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.bhytf

7.11.146.224

AVG

MalSign.InstallC

2015.0.3484

ESET NOD32

Win32/Toolbar.MyWebSearch (variant)

8.9752

Malwarebytes

PUP.Optional.Downloadster

v2014.05.04.03

Reason Heuristics

PUP.Installer.FastDownloads.R

14.5.10.14

Trend Micro House Call

TROJ_GEN.F47V0313

7.2.124

VIPRE Antivirus

InstallCore

28798

XVirus List

Win32.Detected

2.5.10

File size:

1.3 MB (1,396,112 bytes)

Product version:

11.6

©windownload

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adlogica Downloader

Language:

English (United States)

Digital Signature

Signed by:

Fast Downloads

Authority:

COMODO CA Limited

Valid from:

8/13/2013 5:00:00 PM

Valid to:

8/14/2014 4:59:59 PM

Subject:

CN=Fast Downloads, O=Fast Downloads, STREET=96 Jessie st 4th floor, L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D9726FD3E4B9094351093A3495F1FE97

File PE Metadata

Compilation timestamp:

3/9/2014 2:59:26 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:MnjeAfd6W9RWCqPRhzW5QADdbOjORDIImOETndzNsNAatvLoo7N3DsccvGN4JbTF:YJnDxOOGImOW3+AaQT/d

Entry address:

0x11B408

Entry point:

55, 8B, EC, 83, C4, F0, B8, 04, 97, 51, 00, E8, B8, C5, EE, FF, 8B, 0D, 28, 56, 52, 00, 8B, 09, B2, 01, A1, 88, 4E, 4C, 00, E8, BC, 46, F4, FF, 8B, 15, 20, 57, 52, 00, 89, 02, A1, 28, 56, 52, 00, 8B, 00, E8, C0, DE, F4, FF, A1, 28, 56, 52, 00, 8B, 00, B2, 01, E8, 5A, FD, F4, FF, 8B, 0D, FC, 53, 52, 00, A1, 28, 56, 52, 00, 8B, 00, 8B, 15, 28, BD, 50, 00, E8, B2, DE, F4, FF, A1, 28, 56, 52, 00, 8B, 00, E8, DE, DF, F4, FF, E8, 29, 9C, EE, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6452

Developed / compiled with:

Microsoft Visual C++

Code size:

1.1 MB (1,156,096 bytes)

The file adobe-flash_setup.exe has been seen being distributed by the following 3 URLs.

http://download.windownload.net/download.php?id=18692e317a9a62e966c33f4b7fb0262b131a0994&z=2&p=eyJweSI6IndkIiwicnMiOiJzIiwicnQiOiJvIiwiYyI6InVzIiwibyI6IndpbjciLCJiIjoiY2gzMyIsInVfaWQiOiJ3ZF81MzJmMWJhYjc2N2QxMi4wMzM4NDU1NS5jOTExNTVjODljOTliZjM0YWNiMDBkMGNiZDc4NTVhYyIsInBhX2lkIjoiMiIsInN0X2lkIjoiMCIsInNwX2lkIjoiMDAwMC0wOTE0NCIsInRzIjoxMzk1NTk2MjAzLCJrdyI6IiIsImN1IjoiIiwiY2EiOiIifQ

http://download.windownload.net/download.php?id=18692e317a9a62e966c33f4b7fb0262b131a0994&z=2&p=eyJweSI6IndkIiwicnMiOiJzIiwicnQiOiJvIiwiYyI6InVzIiwibyI6IndpbjciLCJiIjoiY2gzMiIsInVfaWQiOiJ3ZF81MzI4NzE4OTY2MDI0NC42NzgxMTkxNy5lODI5YTJmN2RlMWRmNzg3YzFmM2YxNTJmZTQzZDRmMyIsInBhX2lkIjoiMiIsInN0X2lkIjoiMCIsInNwX2lkIjoiMDAwMC0wOTE0NCIsInRzIjoxMzk1MTU5NDM1LCJrdyI6InVwZGF0ZSBzaG9ja3dhdmUgcGxheWVyIiwiY3UiOiIiLCJjYSI6bnVsbH0

http://download.windownload.net/download.php?id=18692e317a9a62e966c33f4b7fb0262b131a0994&z=2&p=eyJweSI6IndkIiwicnMiOiJzIiwicnQiOiJvIiwiYyI6InVzIiwibyI6IndpbjciLCJiIjoiY2gzMyIsInVfaWQiOiJ3ZF81MzJmYTFhYTFiOGI3MC4zMTEwMzkyMC5kZTdhYzA5NGFiMGY5MzBkYTBhMWViNWM3M2FkOWRiYiIsInBhX2lkIjoiMiIsInN0X2lkIjoiMCIsInNwX2lkIjoiMDAwMC0wOTE0NCIsInRzIjoxMzk1NjMwNTA3LCJrdyI6ImZsYXNoIHBsYXllciBkb3dubG9hZCIsImN1IjoiIiwiY2EiOm51bGx9

Remove adobe-flash_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.