adobe_flash_player-43207014.exe

Zen Bros Media

The application adobe_flash_player-43207014.exe by Zen Bros Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from intva31.mousemessage.info and multiple other hosts.
Publisher:
Zen Bros Media  (signed and verified)

MD5:
8770d4f696706116106351e324676e8b

SHA-1:
092eb1be6481237f68cff23cd7c384a535448c23

SHA-256:
864f1273e928cdfc2d831e02789edd334b0ca1a824fdd07887517e05d83d5edc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:39:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin.ZenBrosM
16.5.24.13

File size:
471.3 KB (482,568 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
3/9/2016 1:12:43 AM

Valid to:
3/9/2017 1:12:43 AM

Subject:
CN=Zen Bros Media, O=Zen Bros Media, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00DA69A0BD854BB554

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
12288:/ThKd6hIaNYLNcYM4+Q3sMnMbI7cRFUJ6DNF99GIR6c:/VKd62AYJcYM4+Q3sMMbIIRFUJ6DNF9B

Entry address:
0x4C6E0

Entry point:
C6, 05, 70, D2, 44, 00, 00, B9, 00, 00, 46, 00, BA, 04, 00, 46, 00, B8, B0, F6, 44, 00, E8, 65, FF, FF, FF, E8, 70, FF, FF, FF, B8, 90, F6, 44, 00, E8, 16, 4B, FC, FF, C3, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7061

Code size:
301.8 KB (309,024 bytes)

The file adobe_flash_player-43207014.exe has been seen being distributed by the following 12 URLs.

http://intva31.mousemessage.info/dl-pure/1202331/.../?bc=1202331&checksum=43243570&ephemeral=1&filename=adobe_flash_player.exe&cb=-1663102158&hashstring=HIWWLuXlkdAr&usefilename=true&executableroutePath=1202485&stub=true

http://intva31.mousemessage.info/dl-pure/1202331/.../?bc=1202331&checksum=43381753&ephemeral=1&filename=adobe_flash_player.exe&cb=-440032609&hashstring=HIWWLuXlkdAr&usefilename=true&executableroutePath=1202485&stub=true

Remove adobe_flash_player-43207014.exe - Powered by Reason Core Security