adobe_flash_player.exe

flash setup

OOO DIGITAL MEMORI

The application adobe_flash_player.exe by OOO DIGITAL MEMORI has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from upgradecircle.askupdate.online and multiple other hosts.
Publisher:
OOO DIGITAL MEMORI  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
c634d5e8b8ca36e3ad624fe073b32958

SHA-1:
cda3a585dd297216cd201126d885ac228f0845e4

SHA-256:
fab320f2268390d7ad29896e2504f4a188d4f400e30435c79b0f56c15ccbe33d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 6:34:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OOODIGIT.Installer (M)
16.5.19.23

File size:
120.6 KB (123,480 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_flash_player.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/10/2015 8:00:00 PM

Valid to:
6/10/2016 7:59:59 PM

Subject:
CN=OOO DIGITAL MEMORI, OU=CDN Insert v3, O=OOO DIGITAL MEMORI, STREET="proezd Nizhnelikhoborski 3-i, d. 1 A", L=Moscow, S=Moscow, PostalCode=127238, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D4031FFC0F60087D992B229CDE174F9A

File PE Metadata
Compilation timestamp:
5/18/2016 1:01:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:vdtKrtd9f2P7pjlaaQ9NEfPHcvhrpLsyzq5Ln/7YNpUzYcHeFZJ6XLk2ix:vd8r79f2TjaaQ7QPHcvhJoL2FzUdix

Entry address:
0x389E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.9571

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.5 KB (6,656 bytes)

The file adobe_flash_player.exe has been seen being distributed by the following 50 URLs.

http://upgradecircle.askupdate.online/dl.php?dsaff=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2Njd8MjgyMzU5fFVLfDN8MXx8fHw&conversion_id=14637555807351&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=OqEFBsQ8mG3OXk5MXAyspnXKaQAXNzp4ZVaPtLaNO8s.&lpp=*-*-*

http://prepare2upvideo.newsoft2update.online/dl.php?gthyrj=9Iew1aL_t8TO8-yJ2i4KbqnNa5I5mEDs_XUGlH-hKWY.&cid=DET7Mw65zQ2jkMXJ6GPY67M6dQ-Ynvh81tcwwghSCNoo_iR8AZIlQRt3npxByLJi_fYAtU8FIl8t-cKIRrnVF3-yuGI4xqkIHpGtnpxXlm38mObLBQyvU&qs1=&conversion_id=14638885296551&app_id=4&lp_id=1541&v=tribat&stub_id=305&v_id=on7ZymBQQT9fVoS-6CVDxzLxEw3RIGUUnnWDst8g1Zg.&lpp=*-*-*

http://softready.askupdate.website/dl.php?tyrhu=zo1y2Xi9PFo46XICdALWKY7Iv7iHEX4a2b2o8JXIESo.&cid=30990453841463703752&conversion_id=14637037692304&app_id=4&lp_id=1594&v=tribat&stub_id=305&v_id=mEemT3wPOoRWz36NKdexepJqy8FesBCoc29jzANw5fc.&lpp=*-*-*

http://freshupdate.upgradenow24.site/dl.php?ghtjt=y4RQqWj83orTbuSI9Ydy21DEnefHYn2eUrGxkHknkRc.&cid=[MTV8MTM3fFVLfDN8MXx8fHw]&conversion_id=14638680180146&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=OTYDQyiIaESQY9i5K71HKuZvhgHpRPDB2bV3nIAyjyw.&lpp=*-*-*

http://free2update.upgradenow24.online/dl.php?gthyrjet=i3tCnE120uiRPGos8JmbRCR_GKOWydR8OoYMObPkBtY.&cid=10915&sid=102befa23bf28b089f9d4ec634fe2e&conversion_id=14638034135299&app_id=63&lp_id=1538&v=tribat&stub_id=305&v_id=4oF-LK-VZyMtYAow169MFGfcmwhpBMRn1oR5T6daV0E.&lpp=*-*-*

http://softwareupdate.upgradeget.top/dl.php?hyrgtu=zo1y2Xi9PFo46XICdALWKY7Iv7iHEX4a2b2o8JXIESo.&cid=11379754561463792775&conversion_id=14637927896968&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=G-Y7GqRuXiBYdK9u1vem9SmB4t9tKrhRisieG6vuYwY.&lpp=*-*-*

http://whenupdate.upgradecircle.download/dl.php?gthyj=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=180480825274&sid=226969&conversion_id=14637125113645&app_id=4&lp_id=1671&v=tribat&stub_id=305&v_id=W8LTh6po2XsY9l6ogqz4mShBiY6_qfriLhHmmTOKwyM.&lpp=No match

http://newsoftready.upgradeget.download/dl.php?thytrj=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=180049081741&sid=645342&conversion_id=14637918834375&app_id=4&lp_id=1658&v=tribat&stub_id=305&v_id=lPaVGfwPZDuyO3IcoAX2AXgv-joJZ4wE6hfTLdcFZCk.&lpp=*-*-*

http://free2update.upgradenow24.online/dl.php?gthyrjet=_UCFXR4TNIaW8gB054H6FxHPFIidrjTwpsuceju4Vp0.&cid=6365_7524759379_M6ivM&conversion_id=14638009848483&app_id=4&lp_id=1667&v=tribat&stub_id=305&v_id=4D5xABujwiJbiuIlntpnrC0ggpxp72ieUJSswl_6TA8.&lpp=*-*-*

http://newsoft24.app4com.top/dl.php?frghe=_UCFXR4TNIaW8gB054H6FxHPFIidrjTwpsuceju4Vp0.&cid=6364_7516448817_Ko3g1&conversion_id=14637134522087&app_id=4&lp_id=1675&v=tribat&stub_id=305&v_id=6CO41Hvo4daYUpvybkcABnH6FalRKzzTReAUhVfyasY.&lpp=*-*-*

http://update2new.askupdate.site/dl.php?dsagf=q6kvNvkpY4J0n4imkma2mmA1mF2cf_djPsaGhVXg8k4.&cid=mVFRm3atJxvBpoMr09wFPrOdh79JvNiXrJNHP9k0hoIAnP8AXKdLgXwtccoQwaoOt5Z28XyrUoS_-UTXBc2FTEvs5iD9bNFQ_doCLzrY8uKGeWJlJLMUyIJa2CWZPm9csEJDFw-c5G1WWnEmE9RCd3afuqw6306at2myFk2rZpBQBvSzS53sEx7ADSbdKc0Frr0a1Y_S0AzwkuwR-eQ97fI-JgZwDcqS0PjZNsEAfNlEoRGi9ZD6mXjOKVqSxBxOLz7OggfCMmdMG8YISJASVIFW8gnun8nyNftxTxFDv8vtVWoSsjFJLdFNfzC7-4DR6rPprg2-TRSwjfzKBa8m7-QbAmm8T88PBbk7TiJlJzV7HoPhOpJ47A-7jwhaORz61Ct3t6YSyUyFLRoUcPoinGGZFwQuT3Vp0d3oVBQwQ9F2hD87z2iXgaiovIG3Px4klU-jf33Em5Svz_08K6vwbVC2PNLeoZtI_TRiEmDpb3_NW-O42J4eXUfB&sid=[SUB_ID]&conversion_id=14637328059185&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=biA4qiNTfNXHdedJu9AohxDLF6BF_sgJjwVmJgQZrNg.&lpp=*-*-*

http://newsoftready.upgradeget.download/dl.php?thytrj=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=195658833622&sid=90446&conversion_id=14637924586143&app_id=4&lp_id=1568&v=tribat&stub_id=305&v_id=nOi8EJDtcjd1PvYvRR7P2reLS7k2ctwklsvfv0UA0uc.&lpp=*-*-*

http://free4allup.newsoft2update.site/dl.php?gthyer=wksUAETo6OofhirdeZDp_6fX-OatEflanyp5UuoiaBU.&cid=MTI3MjI0NnxzdHJlYW10b3JyZW50LnR2fFVTQXx8MTMxNzcwMjB8fHwxOTAzMzU4fDk2LjIyNS4zOC4xM3w0OTR8MzF8fDQxfDJ8M3wwfDB8fHwxfDB8MTM2Nng3Njh8fDEyfHwxfDB8c3RyZWFtdG9ycmVudC50dnwwfDB8MHw2ZWQyMTJlNzVkZGE1MDNkOWYwNWIyMGI4OGU5MDRhNQ==&sub=streamtorrent.tv&conversion_id=14638674538514&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=FI5apRn6sYU6SbMD-EHlwS9ZNObr_FDoXp7MVOesDu4.&lpp=*-*-*

http://softready.askupdate.website/dl.php?tyrhu=KNIBM2EBa3zWtP9OSxV4EfwyPF4MGOKSf7HvUltNEbE.&cid=17561493471463713203&conversion_id=14637132119072&app_id=4&lp_id=1561&v=tribat&stub_id=305&v_id=6PeZvNXDB97RsxLKonGn1Am9VwTaBtFu8U5Gq1iUvVk.&lpp=*-*-*

http://upgrade.ready2update.xyz/dl.php?jnbd=L8Qvh1T1ybclQwAJiWpKlFbQ_ZrSjNjvMrKdzF1G2Sg.&cid=P23P7R4637148926040483210&sub=4175&conversion_id=14637148933707&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=G6Ft7Fclk7T6OOLtRcLG9wlkzLjIVh4puxz2gArtM5I.&lpp=*-*-*

http://upgrader.newsoft2update.website/dl.php?dsaff=7BF9sFjbfEMXTWG5CocS_ha-tXgknjQTC48kPo699YE.&cid=TemXTcH9UzIo9k5GI7MdohkrrkakCzmG5vFQK4EOMOrWHMmlSOGuxnwvlUGUms4ABfCFxjzJEjcNVNWKuRRuJspRca_UI-iYUr_guo3uKspt9VdWWwnAYp6rivEnDfY7AcHMC4bbP6DPqCFWvbrc4u4eBSm2deTL2MVoGMxff9y7eFau0QSgg1LduzA_pq0BI-JzMVNY2pd2T3pRlgF_T1BDGOJgsFC4yDne4r4ZbGrhgd2T6NpGPvBFBwD8a0YReaPDD9QO-M6-8_G6ckMgJiXKvR4_3DDHYCeb70FggoBBKAbGkL4qhnFxq_2qB72AEWxCL3VYHrxy_9B_z3TWAuRDrWLY-jyBgbRKnfDMChaVBIaGU-spFjOClsm76gk2ZITLeU-V-cjCneDfuY2kj2xcR0GznnWfivDOQHU-DkaX4jc9toE0P6Vpf7xsF_SSfkk3yNJnL4X4vcLlOk9iCof6AfD6Rq9DgNhc-tSzH_ZZ3xo4hsnaee_7_0HofMA9gL4v&conversion_id=14638093474059&app_id=4&lp_id=1674&v=tribat&stub_id=305&v_id=nE4oPCMM7Pk6advmwgKJTvwhXbB3ox9MfZK1b65e0Yc.&lpp=w10*-*-*

http://freshupdate.upgradenow24.site/dl.php?ghtjt=y4RQqWj83orTbuSI9Ydy21DEnefHYn2eUrGxkHknkRc.&cid=[MTV8MTM3fFVLfDN8MXx8fHw]&conversion_id=14638324999346&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=O6-Y_njhPvpy8HcY9MYcQCUmtpaP3et1xVDjgGxBHr0.&lpp=*-*-*

http://safe.ready2update.xyz/dl.php?jnbd=L8Qvh1T1ybclQwAJiWpKlFbQ_ZrSjNjvMrKdzF1G2Sg.&cid=P23P7R4637239784293206372&sub=3224&conversion_id=14637239792213&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=3mVGieGNRW_96Mok3W6lVSVJwHitAZrd0_XrPCk9SJE.&lpp=*-*-*

http://autoupdate.upgradenow24.xyz/dl.php?hyrut=6SLlsvdNfQxenibtKBbsQWRkxHF7cApPzsZWgTx27tk.&cid=478451901463847471&SUB_ID=1176086&conversion_id=14638474719382&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=RZbMM31DMDd4KNplJU3ErLB9sihrVtpuIawkaE0sD-8.&lpp=No match

http://testpc24.upgradeget.top/dl.php?hyrgtu=-3ymhH8Idg_MAq3_VXUs6wPd2h6zOCDlQpVOdacMtgc.&cid=13779865731463785350&SUB_ID=1210205&conversion_id=14637853522459&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=WP66qVevDYWhLvppZm4ThDScn7G1QyWLjZi_UK-bptQ.&lpp=*-*-*

http://prepare2upvideo.newsoft2update.online/dl.php?gthyrj=7BF9sFjbfEMXTWG5CocS_ha-tXgknjQTC48kPo699YE.&cid=iU5iGCEqsI95pz7Id0Fp_b74TAwn8d12QChWjkyXuYlAvdCTCkdmKfe1GH1AjYuqMyhgTBnOVcCp0MNeGiXYbhJ-3LJqEvwvnBd7ZpfpcdlXElnkRaPOaSFxMTs2AVuFPR6RRyp9OVwITR668ELT0oxI2f1J68DqgPuaCsR2zHuCrsc3OW8cekW0XMrROtXdMH6QVBEkB4ZxG7OWKwzZOMVyj8waGgKaFJ9uzHDm0WlEIVxp-DvBBpMdAK0xIMEXnLuMvDORaHM0AT9bqI7AyMKOk2kNhRVRY9Qoj7k5JXP8wmLqDOR9fyuCCTi-wDueb-Um9A8DqvwK7NURcJ6j6xqVZM1ctSDoYBlQL1KT-nCl_EZJh4G4foApuY0DB8RBRW_tiznvsoG_7pEypJcEk1pkS69T0EYxUNh5bTfmwKaZo7jAh2ckBE3h2AYYTgqKKGirm5IUjI6FFiN7eZqkpw-TZYL4ACSkNxNlF77AP13hoXXe1WYB3h_02egi&conversion_id=14638810835661&app_id=4&lp_id=1675&v=tribat&stub_id=305&v_id=V7VJroRn75z3i4QFLt2lArghr3dStJCgtXl_4nDGNLM.&lpp=*-*-*

http://installworking.check4upgrade.online/dl.php?fgtsyh=_Va78cAhdKUbkAZyfdq3Fi0pW-7WD3DQnzhWcty3-dw.&cid=us3f48eifb82mi8047us&subid=2279&conversion_id=14637534200562&app_id=4&lp_id=1677&v=tribat&stub_id=305&v_id=5GWoS3BTMDIjw62eMVEgBfZLGZKl2RFy0OOarfCLUC8.&lpp=*-*-*

http://newupdate.newupdate.download/dl.php?grthy=BYqksZLgkHcxMNvlsnO8vMaFJ8KHxR8XNShifuwJq14.&cid=13780030581463864858&SUB_ID=1231148&conversion_id=14638648594048&app_id=4&lp_id=1614&v=tribat&stub_id=305&v_id=0nb5rqj1mXKSteXYYDyLuXBTF9kw_Zau6lxCMgofbNo.&lpp=*-*-*

http://freshupdate.upgradenow24.site/dl.php?ghtjt=y4RQqWj83orTbuSI9Ydy21DEnefHYn2eUrGxkHknkRc.&cid=[MTV8MTM3fFVLfDN8MXx8fHw]&conversion_id=14638567422508&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=jAV2TJgfurEtyXlCR5rDGYJAw_hgeGavr-TJDwT9g44.&lpp=No match

http://nowgetsoft.app4com.website/dl.php?rgtwye=ygNaedMdxdlRZ3X0_thUVxhrlW-bmOvkR9g913Vxt3o.&cid=102e4605ee600ca4f41553b5b63a9f&sid=1012&conversion_id=14637453736450&app_id=4&lp_id=1542&v=tribat&stub_id=305&v_id=MjWWooIMXUah47eTB_QfQil4ivpC3W7glfyWbdabEIY.&lpp=*-*-*

http://free4allup.newsoft2update.site/dl.php?gthyer=44qzaB45lQGnw9sT1vTWQ1UsYo5-Lqz2FRZIQMEZkuk.&cid=eu1za9qow14mlsbufkp9&subid=2279&conversion_id=14638683842103&app_id=4&lp_id=1671&v=tribat&stub_id=305&v_id=_3t2njo6sFWPYTVvG1Hd-sUXf7ayijthmGIo2GPjfUY.&lpp=*-*-*

http://softready.askupdate.website/dl.php?tyrhu=J_VieM58x-A3QYETNvmZCqQYkJP3H7sdjueMIEDyUdQ.&cid=11650671281463706648&conversion_id=14637066502652&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=bGVjqKUqMAQ-eGZD5kQCo_ItLJEQEYfSmkz26LZzHxI.&lpp=*-*-*

http://safe.ready2update.xyz/dl.php?jnbd=HbI8PZesB2uzf13vvEFBoUX5NGqibPflTStP7fu8ZXU.&cid=P23P3R4637494848160708757&sub=2999&conversion_id=14637494852016&app_id=4&lp_id=1518&v=tribat&stub_id=305&v_id=Dl7Zxi1ZhFQUOUcJbgvAU4BS1R1-L1B5MQauhJhx1Ng.&lpp=w10*-*-*

http://readynewsoft.upgradeget.download/dl.php?thytrj=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=194446283013&sid=497259&conversion_id=14637766683635&app_id=4&lp_id=1658&v=tribat&stub_id=305&v_id=Uw_sz_fmaiREoOBc0_F80vcnAiciY-U6xjZrA6Q1rz4.&lpp=*-*-*

http://nowupdate4free.upgradecircle.website/dl.php?grtehr=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=180560328374&sid=90446&conversion_id=14637292646926&app_id=4&lp_id=1674&v=tribat&stub_id=305&v_id=f7WdGiNhu4SQiHHamfSKnUboKasPv0IgVQNXeK6Qacs.&lpp=w10*-*-*

Latest 30 of 113 download URLs

Remove adobe_flash_player.exe - Powered by Reason Core Security