home

adobe_flash_player-40836176.exe

The executable adobe_flash_player-40836176.exe has been detected as malware by 10 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from intva31.softinfo.info.
MD5:
fc4d4e4dac00e826b2c40e212ae9996e

SHA-1:
8ca2fec77c3f288e9257c211d85f6ee4a804bfe9

SHA-256:
68bf3c804bd8450c8b41ab4ce5440c0de96d03aff86d4aff8c15f59a0a886224

Scanner detections:
10 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/24/2024 10:42:01 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160414-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
9.0.0.4157

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.221.606.0

Norman
Win32.Sality.3
19.05.2016 05:17:13

File size:
543.3 KB (556,296 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_player-40836176.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
12288:mThKd6hIaNYLNcYM4+Q3sMnMbI7cEFUJ6DNF99GIR6KxheGx:mVKd62AYJcYM4+Q3sMMbIIEFUJ6DNF99

Entry address:
0x4C6E0

Entry point:
60, E8, 00, 00, 00, 00, 5B, EB, 06, FE, C6, 10, E6, FE, C2, 72, 0E, 8D, 2D, 9F, C3, CE, 7B, 69, C6, 00, 6C, A1, 4C, 2A, ED, 84, F2, 81, C3, 8C, 11, F9, FF, 85, C1, 2B, D0, 40, 81, C3, 2B, DA, 09, 00, 53, 81, FB, BA, 6A, 00, 00, 70, 02, 86, F5, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.9622

Packer / compiler:
ASPack v1.08.04

Code size:
301.8 KB (309,024 bytes)

The file adobe_flash_player-40836176.exe has been seen being distributed by the following URL.

http://intva31.softinfo.info/dl-pure/1202331/.../?bc=1202331&checksum=40836176&ephemeral=1&filename=adobe_flash_player.exe&cb=274146971&hashstring=uPO7OY75vtJc&usefilename=true&executableroutePath=1202485&stub=true

Remove adobe_flash_player-40836176.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.