adobe_flash_player-49020861-49020861.exe

Armadillo Incorporated

The application adobe_flash_player-49020861-49020861.exe by Armadillo has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from intva17.compilecyberspace.info.
Publisher:
Armadillo Incorporated  (signed and verified)

Product:
Armadillo Incorporated

Version:
68.9.8.8070

MD5:
eaa3badf79c4bb1123a3f968bd65aa7b

SHA-1:
c0f58fa7a617c36d4d04cdd0596915aa8f59c52b

SHA-256:
79406b4908564a9088b779c08419496680361a35ec4ebca4069e47186699cc46

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/26/2024 12:42:34 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Vittalia.8677
9.0.1.05190

ESET NOD32
Win32/DownloadAdmin.Q potentially unwanted application
8.0.319.0

Reason Heuristics
PUP.Armadill.Installer (M)
16.3.27.21

File size:
891.2 KB (912,616 bytes)

Product version:
68.9.8.8070

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_player-49020861-49020861.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2016 11:17:38 PM

Valid to:
3/8/2017 11:17:38 PM

Subject:
CN=Armadillo Incorporated, O=Armadillo Incorporated, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
30F1E885B799F0DA

File PE Metadata
Compilation timestamp:
3/19/2015 1:06:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:zeSLgqCRg/qH/UvGa+xKK/NvF/GK2vwrEBQcwG4Bmlij2mnqnNfDeG6FZ+sIg:ySSgSCy3jGK2vwrEBQc146aY9DeD+s

Entry address:
0x4A66

Entry point:
E8, 75, 98, 00, 00, E9, 77, 91, 00, 00, 81, EC, 1C, 02, 00, 00, 53, 55, 8B, AC, 24, 28, 02, 00, 00, 56, 57, 6A, 01, 55, C7, 44, 24, 1C, 00, 00, 00, 00, E8, BF, F2, FF, FF, E8, F4, 90, 00, 00, 8B, F0, 89, 44, 24, 18, 8D, 44, 24, 1C, 50, 6A, 00, 6A, 02, 55, E8, E5, C8, FF, FF, DD, 05, 58, C6, 42, 00, 8B, 4C, 24, 2C, DD, 5C, 24, 10, 83, C4, 10, 8B, F8, 8D, 14, 0F, 6A, 03, 55, 89, 54, 24, 28, E8, 83, E3, FF, FF, 83, C4, 10, E8, B5, 90, 00, 00, 8B, D8, 89, 5C, 24, 1C, 85, FF, 75, 33, 3B, F3, 7D, 1A, 68, 54, C6...
 
[+]

Code size:
56.5 KB (57,856 bytes)

The file adobe_flash_player-49020861-49020861.exe has been seen being distributed by the following URL.

Remove adobe_flash_player-49020861-49020861.exe - Powered by Reason Core Security