adobe_flash_player.exe

Astalavista

The application adobe_flash_player.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from askupdate.searchforfreeupdates.net.
Publisher:
Astalavista

Description:
Download Manager

Version:
1.1.7.1

MD5:
f7556da40f77df03ad726d000545b0e4

SHA-1:
0b4ee99f5bef4de4560dff298fa1814770649a33

SHA-256:
d6fb216841caf8e7bddff27672c071b2b29acb4216a3e1a32b3d22328d9c79d7

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/30/2024 3:47:27 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.InstallCore.1556
9.0.1.05190

Reason Heuristics
PUP.Bundler.Astalavista.Meta (M)
16.2.3.17

File size:
46.2 KB (47,296 bytes)

Product version:
1.1.7.1

Copyright:
Copyright © 2015

Original file name:
PreInstaller.NET.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\users\juan josé\saved games\adobe_flash_player.exe

File PE Metadata
Compilation timestamp:
1/30/2016 5:15:42 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
48.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:tKcWFHPFM/5MjHbvn2C9jbhzQ4c2OwzYcHeofF+0JrYU7SzJA:HsPFCWL2C9HhQ5vNodhJr7SVA

Entry address:
0x965E

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
30 KB (30,720 bytes)

The file adobe_flash_player.exe has been seen being distributed by the following URL.

Remove adobe_flash_player.exe - Powered by Reason Core Security