» adobe_flash_player-47538135-47538135.exe
Overview
Analysis
File Details
Downloads (2)

adobe_flash_player-47538135-47538135.exe

KPI Media Group

The application adobe_flash_player-47538135-47538135.exe by KPI Media Group has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from intva13.buildwebmaster.info and multiple other hosts.

File name:

Publisher:

KPI Media Group (signed and verified)

Product:

Kpi Media Group

Version:

83.0.1.1579

MD5:

a1c01522b5da26c46078fdb86349ad26

SHA-1:

e683b6a2267d470339a602b2a891c5554cbb9e07

SHA-256:

60499c5c24576ff752f29cde6a73903f51af6234537fde86ad066785ace0a9fb

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

11/24/2024 8:03:17 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

160216-0

Dr.Web

Trojan.Vittalia.8276

9.0.1.05190

ESET NOD32

Win32/DownloadAdmin.Q potentially unwanted application

8.0.319.0

Reason Heuristics

PUP.DownloadAdmin.KPIMediaGroup.Installer (M)

16.3.3.22

File size:

892 KB (913,416 bytes)

Product version:

83.0.1.1579

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_player-47538135-47538135.exe

Digital Signature

Signed by:

KPI Media Group

Authority:

GoDaddy.com, Inc.

Valid from:

12/9/2015 12:34:38 AM

Valid to:

12/9/2016 12:34:38 AM

Subject:

CN=KPI Media Group, O=KPI Media Group, L=" Oakland ", S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

5E43099D2166479B

File PE Metadata

Compilation timestamp:

2/10/2015 5:36:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:08fJVTkSmvcm72nwtmymAps8MW/oUKdcY90wy4UmWxyuT9cr:bJp51c0lALMWgUKBkmk3w

Entry address:

0x4DD6

Entry point:

E8, A5, 94, 00, 00, E9, AF, 8D, 00, 00, 53, 56, 8B, 74, 24, 10, 8D, 9E, 0C, 02, 00, 00, 57, 39, 1E, 72, 09, 56, E8, B9, EA, FF, FF, 83, C4, 04, 8B, 06, C6, 00, 3D, FF, 06, 39, 1E, 72, 09, 56, E8, A5, EA, FF, FF, 83, C4, 04, 0F, B6, 7C, 24, 10, 8B, 16, 8B, CF, C1, E9, 04, 8A, 81, E0, 89, 4B, 00, 88, 02, FF, 06, 39, 1E, 72, 09, 56, E8, 82, EA, FF, FF, 83, C4, 04, 8B, 0E, 83, E7, 0F, 8A, 97, E0, 89, 4B, 00, 5F, 88, 11, FF, 06, 5E, 5B, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 24, 86, 4B, 00... 
[+]

Packer / compiler:

PEQuake V0.06

Code size:

56.5 KB (57,856 bytes)

The file adobe_flash_player-47538135-47538135.exe has been seen being distributed by the following 2 URLs.

http://intva13.buildwebmaster.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-51399677.exe&checksum=145624

http://intva13.buildwebmaster.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-47696765.exe&checksum=145624

Remove adobe_flash_player-47538135-47538135.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.