adobe_flash_player-18411617.exe

Quesadilla Interactive

The executable adobe_flash_player-18411617.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from intva31.beginvac.info.
Publisher:
Quesadilla Interactive  (signed and verified)

MD5:
e0d4127b0485ed0932b7610bf919b71e

SHA-1:
f391fcdf6f5fda37d2440d1ad1cfebbb55e8d102

SHA-256:
c085a2253b8b843e53e199bf3079413f03a8434ca37d23c2476a5bdfe896d272

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 12:05:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.17.18

File size:
126.6 KB (129,640 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_player-18411617.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
3/9/2016 5:17:38 AM

Valid to:
3/9/2017 5:17:38 AM

Subject:
CN=Quesadilla Interactive, O=Quesadilla Interactive, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
017689D7557551E3

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
1536:PVqazqN2qAhFmwDaaoXazFb3xotd5j2kMGh4sk/z+uRq53H:dvqiFmwyXahbB051MmMb+uRqJH

Entry address:
0x14C0

Entry point:
83, EC, 0C, C7, 05, E4, 31, 41, 00, 01, 00, 00, 00, E8, 9E, A6, 00, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, E4, 31, 41, 00, 00, 00, 00, 00, E8, 7E, A6, 00, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 56, 53, 83, EC, 10, 8B, 1D, 84, 51, 41, 00, C7, 04, 24, 00, E0, 40, 00, FF, D3, 89, C6, 83, EC, 04, B8, 00, 00, 00, 00, 85, F6, 74, 29, C7, 04, 24, 00, E0, 40, 00, FF, 15, A0, 51, 41, 00, 83, EC, 04, A3, 90, 35, 41, 00, C7, 44, 24, 04, 13, E0...
 
[+]

Entropy:
5.7951

Code size:
46 KB (47,104 bytes)

The file adobe_flash_player-18411617.exe has been seen being distributed by the following URL.

http://intva31.beginvac.info/dl-pure/1200543/.../?bc=1200543&checksum=18411617&ephemeral=1&filename=adobe_flash_player.exe&cb=1630319662&hashstring=45onGcASZZay&usefilename=true&executableroutePath=1202167&stub=true

Remove adobe_flash_player-18411617.exe - Powered by Reason Core Security