» adobe_flash.exe
Overview
Analysis
File Details
Downloads (1)

adobe_flash.exe

The executable adobe_flash.exe has been detected as malware by 25 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from gruposesfera.com.

File name:

adobe_flash.exe

MD5:

8dc6d84c505de26efb7f3815b944b6d8

SHA-1:

7cee4403db4abbb07093f92ba8acaf555b3d95da

SHA-256:

30a94f16f64d20931e0a7cad1a2b6d18ea21aeab4819b69f40bf6f00ae616410

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

11/5/2024 10:13:12 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.OnlineGameHack

2013.10.28

Avira AntiVirus

TR/DirtyRansom.A.15

7.11.109.166

avast!

Win32:Ransom-AQN [Trj]

2014.9-140603

AVG

SHeur4

2015.0.3455

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.1463

Comodo Security

UnclassifiedMalware

17166

Dr.Web

Trojan.Encoder.283

9.0.1.0154

Emsisoft Anti-Malware

Gen:Variant.Zusy.67437

8.14.06.03.11

ESET NOD32

Win32/Injector.AONN (variant)

8.8972

Fortinet FortiGate

W32/Generic!tr

6/3/2014

F-Secure

Gen:Variant.Zusy.67437

11.2014-03-06_3

G Data

Gen:Variant.Zusy.67437

14.6.22

IKARUS anti.virus

Virus.Win32.CeeInject

t3scan.2.0.127

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3768

Malwarebytes

Trojan.Agent.ED

v2014.06.03.11

McAfee

RDN/Generic.dx!cs3

5600.7111

Microsoft Security Essentials

VirTool:Win32/CeeInject.gen!JV

1.163.1557.3

Norman

Troj_Generic.QJOOT

11.20140603

Panda Antivirus

Trj/Genetic.gen

14.06.03.11

Sophos

Mal/Generic-S

4.94

Trend Micro House Call

TROJ_GEN.F0C2C00JJ13

7.2.154

Trend Micro

TROJ_GEN.F0C2C00JJ13

10.465.03

Vba32 AntiVirus

SScope.Trojan.Winlock.17107

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

22770

ViRobot

Trojan.Win32.S.PSWIGames.163840.P

2011.4.7.4223

File size:

160 KB (163,840 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\adobe_flash.exe

File PE Metadata

Compilation timestamp:

10/11/2013 8:51:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:VTlLE8hekQrQrQrQrQrQrQrQIqCcjei6jE0fe41oC64tzzcE49:VJLE8hebMMMMMMMlCcjeiIECeqoC/z+9

Entry address:

0x8F96

Entry point:

55, 8B, EC, 6A, FF, 68, 10, B6, 40, 00, 68, AC, 91, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 60, A6, 40, 00, 59, 83, 0D, 78, 77, D9, 00, FF, 83, 0D, 7C, 77, D9, 00, FF, FF, 15, 64, A6, 40, 00, 8B, 0D, 6C, 77, D9, 00, 89, 08, FF, 15, 68, A6, 40, 00, 8B, 0D, 68, 77, D9, 00, 89, 08, A1, 6C, A6, 40, 00, 8B, 00, A3, 74, 77, D9, 00, E8, A4, 01, 00, 00, 39, 1D, 28, D1, 40, 00, 75, 0C, 68, A8, 91, 40, 00, FF, 15... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

36 KB (36,864 bytes)

The file adobe_flash.exe has been seen being distributed by the following URL.

http://gruposesfera.com/images/.../adobe_flash.exe

Remove adobe_flash.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.