home

adobe_flash_player.exe

Domela

Fabo

The executable adobe_flash_player.exe, “Domela Setup ” has been detected as malware by 6 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.clearheartlaboratory.com.
Publisher:
Fabo

Product:
Domela

Description:
Domela Setup

Version:
5.7.3.4

MD5:
8357f23e8d6dd69b183f10ac788b29bf

SHA-1:
e7c5b44fa860d407cde888a8a196822ef2de2972

SHA-256:
76912d6adaf6d170a71dd698d0c907f70b612ce6eb113962f82bae8af91b0dac

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/5/2024 7:02:31 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Vitro
160414-2

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
11.5.0.6191

ESET NOD32
Win32/Virut.NBP virus
8.0.319.0

F-Prot
W32/Virut.E.gen
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.283.0

Norman
Win32.Virtob.Gen.12
28.05.2016 13:03:37

File size:
988 KB (1,011,712 bytes)

Product version:
5.0.8

Copyright:
Prog Installer Wizard

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_flash_player.exe

File PE Metadata
Compilation timestamp:
5/31/1996 2:02:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:77JlYcL8RWm6fD3A204sbMq9jURFUcMpMQUiPMAr:77HBFtf04sbMkjURFUcMNv

Entry address:
0xFD3F0

Entry point:
90, 83, 3C, 24, FE, 77, FE, 83, C4, 00, 8D, 64, 24, CC, 60, 83, EC, DC, E8, BD, 02, 00, 00, 4B, B1, C1, 66, 4B, 75, FC, F6, D2, 3C, 89, 90, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 8D, 04, 5A, 73, E5, B6, C1, 86, C0, 81, D9, E6, 13, 00, 00, 71, D9, FC, 86, D0, 47, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, C2, B4, FE, 4E, 47, 68, 21, 05, 18, FC, 83, FA, A1, E8, E7, 00, 00, 00, F6, C5, 90, 89, 74, 24, 44, 80, C1, C6, E8, 0D, 03, 00, 00, 0F, 91, C1, 90, 86, ED, 89, 44, 24, 34, 83...
 
[+]

Entropy:
7.9371  (probably packed)

Code size:
40.5 KB (41,472 bytes)

The file adobe_flash_player.exe has been seen being distributed by the following URL.

http://www.clearheartlaboratory.com/c?x=hP0CdT27TUQPanpAIqpHDgFu1N8tPKsCpmOZ6vPsMpk=&c=IB/ A07PnMjxp9fUCvD7C PwRU0PbUR8j3fKTqZ8fP7BgEjjrAEyL8E2Zx4vKUXkRoMKMSTGOYLVlUDyFnA9 jqxJdF04ZKUTvgQJpgf86zHNj6ebT4ZQ7zBdQVCih84&downloadAs=adobe_flash_player&fallback_url=http://downloadflash.net/.../adobe_flash_player.exe

Remove adobe_flash_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.