adobe_flash_setup .exe

flash setup

Digital Vei,OOO

The application adobe_flash_setup .exe by Digital Vei,OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from readyupdate.applicationtechnica.website and multiple other hosts.
Publisher:
Digital Vei,OOO  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
d05e6fb86a3343a4837522aa556ddd47

SHA-1:
887a596a18fd175afddfe2b4e20b9acec5cdf3af

SHA-256:
6b48ce90517d01674db8a707d528e09955d00b77e140687d953158672ccda3a1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 6:02:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.DigitalV.Installer (M)
16.4.18.21

File size:
187.1 KB (191,568 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_flash_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/24/2015 5:00:00 AM

Valid to:
4/24/2016 4:59:59 AM

Subject:
CN="Digital Vei,OOO", OU=Development 2, O="Digital Vei,OOO", STREET=ul. Bratislavskaya 21 Korp. 1, L=Moscow, S=Moscow, PostalCode=109451, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0081D507B47243FED522FD7B6AA8ED0F56

File PE Metadata
Compilation timestamp:
4/16/2016 10:08:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:40zLUcoQ9mZ5UGCqbntMUeTkHHRAzQ4IbLHhxy/jJdurUh1T/WLwA6F11:h/oQ9mZ5UEbiQUQ7hxyLur+YMFv

Entry address:
0xC36E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3821

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41 KB (41,984 bytes)

The file adobe_flash_setup .exe has been seen being distributed by the following 24 URLs.

http://readyupdate.applicationtechnica.website/dl.php?uzrs=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8MTgxOHwyNzI4NTl8MjQzMTk0fDE0NjEyNjcyMjh8NjgzZmFkNmQtZmI5OC00YzZkLWNjYzYtNzNkMDcyZTFiNmJlfDQxLjE0My44OC44fHwyfDdiODZkYTQxZDYyOTAwMDVkNzdkYWNjMDQ3YjY0MjNi&conversion_id=14612672914439&app_id=4&lp_id=1401&v=tribat&stub_id=305&v_id=2mCb9_-cVAVY70Zz4R-PNPxhmu8-pXHGNYdyMJCtAQ0.&lpp=*-*-*

http://softnewready.applicationtechnica.website/dl.php?ztse=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8NjYxNDR8MjcyODYwfDI3MjQ1N3wxNDYxMjY2MjcyfDA4YjU2ZjdkLTRlY2UtNGU3Mi1jZTljLTg3YmIzNjg4ZDJlZnw1Ljg4LjEyNi4xNjV8fDEyfDdiODZkYTQxZDYyOTAwMDVkNzdkYWNjMDQ3YjY0MjNi&conversion_id=14612663557177&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=tw97Z1Apezyu5emxVbsMx8sSndMhvCTVAjp6WFHbyF0.&lpp=*-*-*

http://liveupdate.newsearch2update.tech/dl.php?gtrh=fR-AFg94yfhF1DG-RUmngr1dNub5IDw8Vr41PwqauVs.&cid=MTI2NjM5NnxqZXRsb2FkLnR2fFVTQXx8MTMxNDgxNjB8fHwxODc5OTU4fDIwNC45My41OC4xMzF8NDk4fDMxfHw0MXwyfDN8MHwwfHx8MXwwfDE5MjB4MTA4MHw1NmUzZTEyZjkzZTQzMC40MDMxMzU4NTI2NDAyMDk2N3wxMDE5Mnx8MHwyfGpldGxvYWQudHZ8MHwwfDB8MmMzODE3ZDJlYWRkZTNmYjJjOWYwZTVkMWQ0NDQ0ZWM=&sub=jetload.tv&conversion_id=14613136432260&app_id=129&lp_id=1526&v=tribat&stub_id=305&v_id=_xeTh1yf9KQVTtrWU2Rj3-WM-nPnHir0xAKN276X6dA.&lpp=*-*-*

http://upgradeget.clickonupdate.site/dl.php?vuctr=FOxpjjPbb5uWJF4egS_a5iOG8oqZgkc60zinEq__lyo.&cid=P23P9R4610393097179054176&sub=3903&conversion_id=14610393102422&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=Z7zrHvVAEIyG7t4g2YIVT2-qqN_a9Glc1oHJLRTHEvo.&lpp=*-*-*

http://readyupdate.applicationtechnica.website/dl.php?uzrs=i3tCnE120uiRPGos8JmbRCR_GKOWydR8OoYMObPkBtY.&cid=10915&sid=1024382b35edb9f0447c0c25d2052a&conversion_id=14612667776521&app_id=63&lp_id=1392&v=tribat&stub_id=305&v_id=CfQ1KPQ15aclTJAEfakQL4erD3A1huXPLHGz2cjfFZ0.&lpp=*-*-*

http://getsoftnow.soft-video.top/dl.php?ertwgf=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8NjAzMHwyNzI4NTl8MjQyNTQyfDE0NjEwNDI3Njh8ZDlhYTgyZWMtMDg1ZC00NDZhLWM0YzUtMGFjNWQ0MTE0ZTBjfDExOS4xNTkuOTQuMTI5fHwzfDdiODZkYTQxZDYyOTAwMDVkNzdkYWNjMDQ3YjY0MjNi&conversion_id=14610427771739&app_id=4&lp_id=1401&v=tribat&stub_id=305&v_id=X_Vusw9brvv6OlV3s7b2T-P70KUCUe6IQsTSpoVq5Vg.&lpp=*-*-*

Remove adobe_flash_setup .exe - Powered by Reason Core Security