adobe_flash_setup-105380053.exe

Downtown Media

The application adobe_flash_setup-105380053.exe by Downtown Media has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from intva31.infoversion.info and multiple other hosts.
Publisher:
Downtown Media  (signed and verified)

MD5:
eeedc89c73e44aa6fd5868dd2e4133e0

SHA-1:
ac43bdd801456e4da79e0831f3d6944b3588f181

SHA-256:
23a9e8d4543d7eff9630354d26a578f29639bcf7d7a282d85d380ce7bb80a1ac

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/26/2024 12:11:56 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Pua.Loadmoney.Gen7!c
2.1.4+

Avira AntiVirus
PUA/LoadMoney.Gen7
8.3.3.4

avast!
Win32:Malware-gen
2014.9-160325

Dr.Web
Trojan.Vittalia.8828
9.0.1.05190

Qihoo 360 Security
Win32/Virus.06b
1.0.0.1120

File size:
136.6 KB (139,928 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_setup-105380053.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2016 11:14:39 PM

Valid to:
3/8/2017 11:14:39 PM

Subject:
CN=Downtown Media, O=Downtown Media, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00C86FE599444C83FF

File PE Metadata
Compilation timestamp:
2/18/2016 6:04:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
1536:a7kZrmPvllwBSwV5JCP7WODX2Jxi8qOqcWt7nakGmlriQpLR66Ah//nA2T:aoGdlIsjNX2n9qnhariiQpla33

Entry address:
0x12C0

Entry point:
83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 28, A2, 41, 00, E8, AB, FE, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 50, A2, 41, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 3C, A2, 41, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 30, 41, 00, E8, 4E, 02, 01, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, 30, 41, 00, 89, 04, 24, E8, 2A, 02, 01, 00, 83, EC, 08, 89, C2, 85, D2, 74, 11, C7, 44, 24, 04, 08, 80, 41, 00, C7...
 
[+]

Code size:
66.5 KB (68,096 bytes)

The file adobe_flash_setup-105380053.exe has been seen being distributed by the following 47 URLs.

Latest 30 of 47 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-6-18-250.compute-1.amazonaws.com  (52.6.18.250:80)

Remove adobe_flash_setup-105380053.exe - Powered by Reason Core Security