adobe_flash_player-47538135-47538135.exe

KPI Media Group

The application adobe_flash_player-47538135-47538135.exe by KPI Media Group has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from intva13.buildwebmaster.info and multiple other hosts.
Publisher:
KPI Media Group  (signed and verified)

Product:
Kpi Media Group

Version:
83.0.1.1579

MD5:
a1c01522b5da26c46078fdb86349ad26

SHA-1:
e683b6a2267d470339a602b2a891c5554cbb9e07

SHA-256:
60499c5c24576ff752f29cde6a73903f51af6234537fde86ad066785ace0a9fb

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/25/2024 2:28:40 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
160216-0

Dr.Web
Trojan.Vittalia.8276
9.0.1.05190

ESET NOD32
Win32/DownloadAdmin.Q potentially unwanted application
8.0.319.0

Reason Heuristics
PUP.DownloadAdmin.KPIMediaGroup.Installer (M)
16.3.3.22

File size:
892 KB (913,416 bytes)

Product version:
83.0.1.1579

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_player-47538135-47538135.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
12/9/2015 12:34:38 AM

Valid to:
12/9/2016 12:34:38 AM

Subject:
CN=KPI Media Group, O=KPI Media Group, L=" Oakland ", S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
5E43099D2166479B

File PE Metadata
Compilation timestamp:
2/10/2015 5:36:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:08fJVTkSmvcm72nwtmymAps8MW/oUKdcY90wy4UmWxyuT9cr:bJp51c0lALMWgUKBkmk3w

Entry address:
0x4DD6

Entry point:
E8, A5, 94, 00, 00, E9, AF, 8D, 00, 00, 53, 56, 8B, 74, 24, 10, 8D, 9E, 0C, 02, 00, 00, 57, 39, 1E, 72, 09, 56, E8, B9, EA, FF, FF, 83, C4, 04, 8B, 06, C6, 00, 3D, FF, 06, 39, 1E, 72, 09, 56, E8, A5, EA, FF, FF, 83, C4, 04, 0F, B6, 7C, 24, 10, 8B, 16, 8B, CF, C1, E9, 04, 8A, 81, E0, 89, 4B, 00, 88, 02, FF, 06, 39, 1E, 72, 09, 56, E8, 82, EA, FF, FF, 83, C4, 04, 8B, 0E, 83, E7, 0F, 8A, 97, E0, 89, 4B, 00, 5F, 88, 11, FF, 06, 5E, 5B, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 24, 86, 4B, 00...
 
[+]

Packer / compiler:
PEQuake V0.06

Code size:
56.5 KB (57,856 bytes)

The file adobe_flash_player-47538135-47538135.exe has been seen being distributed by the following 2 URLs.

Remove adobe_flash_player-47538135-47538135.exe - Powered by Reason Core Security