adobe_flash.exe

The executable adobe_flash.exe has been detected as malware by 25 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from gruposesfera.com.
MD5:
8dc6d84c505de26efb7f3815b944b6d8

SHA-1:
7cee4403db4abbb07093f92ba8acaf555b3d95da

SHA-256:
30a94f16f64d20931e0a7cad1a2b6d18ea21aeab4819b69f40bf6f00ae616410

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
12/27/2024 11:23:24 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.OnlineGameHack
2013.10.28

Avira AntiVirus
TR/DirtyRansom.A.15
7.11.109.166

avast!
Win32:Ransom-AQN [Trj]
2014.9-140603

AVG
SHeur4
2015.0.3455

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.1463

Comodo Security
UnclassifiedMalware
17166

Dr.Web
Trojan.Encoder.283
9.0.1.0154

Emsisoft Anti-Malware
Gen:Variant.Zusy.67437
8.14.06.03.11

ESET NOD32
Win32/Injector.AONN (variant)
8.8972

Fortinet FortiGate
W32/Generic!tr
6/3/2014

F-Secure
Gen:Variant.Zusy.67437
11.2014-03-06_3

G Data
Gen:Variant.Zusy.67437
14.6.22

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.2.0.127

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3768

Malwarebytes
Trojan.Agent.ED
v2014.06.03.11

McAfee
RDN/Generic.dx!cs3
5600.7111

Microsoft Security Essentials
VirTool:Win32/CeeInject.gen!JV
1.163.1557.3

Norman
Troj_Generic.QJOOT
11.20140603

Panda Antivirus
Trj/Genetic.gen
14.06.03.11

Sophos
Mal/Generic-S
4.94

Trend Micro House Call
TROJ_GEN.F0C2C00JJ13
7.2.154

Trend Micro
TROJ_GEN.F0C2C00JJ13
10.465.03

Vba32 AntiVirus
SScope.Trojan.Winlock.17107
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
22770

ViRobot
Trojan.Win32.S.PSWIGames.163840.P
2011.4.7.4223

File size:
160 KB (163,840 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\adobe_flash.exe

File PE Metadata
Compilation timestamp:
10/11/2013 8:51:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:VTlLE8hekQrQrQrQrQrQrQrQIqCcjei6jE0fe41oC64tzzcE49:VJLE8hebMMMMMMMlCcjeiIECeqoC/z+9

Entry address:
0x8F96

Entry point:
55, 8B, EC, 6A, FF, 68, 10, B6, 40, 00, 68, AC, 91, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 60, A6, 40, 00, 59, 83, 0D, 78, 77, D9, 00, FF, 83, 0D, 7C, 77, D9, 00, FF, FF, 15, 64, A6, 40, 00, 8B, 0D, 6C, 77, D9, 00, 89, 08, FF, 15, 68, A6, 40, 00, 8B, 0D, 68, 77, D9, 00, 89, 08, A1, 6C, A6, 40, 00, 8B, 00, A3, 74, 77, D9, 00, E8, A4, 01, 00, 00, 39, 1D, 28, D1, 40, 00, 75, 0C, 68, A8, 91, 40, 00, FF, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
36 KB (36,864 bytes)

The file adobe_flash.exe has been seen being distributed by the following URL.

Remove adobe_flash.exe - Powered by Reason Core Security