home

adobe_flash_player-75559328.exe

All Team Incorporated

The application adobe_flash_player-75559328.exe by All Team has been detected as a potentially unwanted program by 11 anti-malware scanners. The file has been seen being downloaded from intva31.computeweblog.info and multiple other hosts.
Publisher:
All Team Incorporated  (signed and verified)

MD5:
44de748226636aa83355de06ca05ed89

SHA-1:
67e85c308bf812a921a8ae42256b5023b029abdf

SHA-256:
7b1b3460fa55b6b97ca25ab514dd28161203e4ab6bea8912d4b2d963c079db03

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 6:46:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Razy.73471
216

AhnLab V3 Security
Malware/Gen.Generic.C1472348
3.7.4.14

Arcabit
Trojan.Application.Razy.D11EFF
1.0.0.741

avast!
Win32:Malware-gen
2014.9-160703

Bitdefender
Gen:Variant.Application.Razy.73471
1.0.20.925

ESET NOD32
Win32/DownloadAdmin.T potentially unwanted
10.13743

F-Secure
Gen:Variant.Application.Razy
11.2016-03-07_1

G Data
Gen:Variant.Application.Razy.73471
16.7.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.2.1.6.0

MicroWorld eScan
Gen:Variant.Application.Razy.73471
17.0.0.555

VIPRE Antivirus
Trojan.Win32.Generic
50564

File size:
492.8 KB (504,616 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_player-75559328.exe

Digital Signature
Signed by:
All Team Incorporated

Authority:
GoDaddy.com, Inc.

Valid from:
5/20/2016 4:51:38 AM

Valid to:
5/20/2017 4:51:38 AM

Subject:
CN=All Team Incorporated, O=All Team Incorporated, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00A3C7D36051C78896

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
12288:FBiNSW8yrxC+9QypSGbGQ3juMBcGUxBsKF465X3/Wn7ywA8S:FUNSWBVC+9tpSGbGQ3juMeGUxBn55/1h

Entry address:
0x3D340

Entry point:
C6, 05, 50, E2, 43, 00, 00, B9, 00, E0, 44, 00, BA, 04, E0, 44, 00, B8, 40, 12, 44, 00, E8, 65, FF, FF, FF, E8, 70, FF, FF, FF, B8, 20, 12, 44, 00, E8, 36, 3B, FD, FF, C3, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1803

Code size:
240.9 KB (246,656 bytes)

The file adobe_flash_player-75559328.exe has been seen being distributed by the following 9 URLs.

http://intva31.computeweblog.info/dl-pure/1203367/.../?bc=1203367&checksum=75664997&ephemeral=1&filename=adobe_flash_player.exe&cb=1355915547&hashstring=co4jgOMqRLhh&usefilename=true&executableroutePath=1203867&stub=true

http://intva31.computeweblog.info/dl-pure/1203367/.../?bc=1203367&checksum=75615904&ephemeral=1&filename=adobe_flash_player.exe&cb=116465272&hashstring=co4jgOMqRLhh&usefilename=true&executableroutePath=1203867&stub=true

http://intva31.computeweblog.info/dl-pure/1203367/.../?bc=1203367&checksum=75599943&ephemeral=1&filename=adobe_flash_player.exe&cb=-1438951601&hashstring=co4jgOMqRLhh&usefilename=true&executableroutePath=1203867&stub=true

http://intva31.computeweblog.info/dl-pure/1203367/.../?bc=1203367&checksum=75658748&ephemeral=1&filename=adobe_flash_player.exe&cb=-337054648&hashstring=co4jgOMqRLhh&usefilename=true&executableroutePath=1203867&stub=true

http://intva31.computeweblog.info/dl-pure/1203367/.../?bc=1203367&checksum=75561058&ephemeral=1&filename=adobe_flash_player.exe&cb=-1209467131&hashstring=co4jgOMqRLhh&usefilename=true&executableroutePath=1203867&stub=true

http://intva31.computeweblog.info/dl-pure/1203367/.../?bc=1203367&checksum=75654039&ephemeral=1&filename=adobe_flash_player.exe&cb=2014515754&hashstring=co4jgOMqRLhh&usefilename=true&executableroutePath=1203867&stub=true

http://intva31.computeweblog.info/dl-pure/1203367/.../?bc=1203367&checksum=75624632&ephemeral=1&filename=adobe_flash_player.exe&cb=-797340348&hashstring=co4jgOMqRLhh&usefilename=true&executableroutePath=1203867&stub=true

http://intva31.computeweblog.info/dl-pure/1203367/.../?bc=1203367&checksum=75588968&ephemeral=1&filename=adobe_flash_player.exe&cb=-1371783336&hashstring=co4jgOMqRLhh&usefilename=true&executableroutePath=1203867&stub=true

http://intva31.computeweblog.info/dl-pure/1203367/.../?bc=1203367&checksum=75612854&ephemeral=1&filename=adobe_flash_player.exe&cb=211641240&hashstring=co4jgOMqRLhh&usefilename=true&executableroutePath=1203867&stub=true

Remove adobe_flash_player-75559328.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.