» adobe_flash_setup-105380053.exe
Overview
Analysis
File Details
Downloads (47)
Network (1)

adobe_flash_setup-105380053.exe

Downtown Media

The application adobe_flash_setup-105380053.exe by Downtown Media has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from intva31.infoversion.info and multiple other hosts.

File name:

Publisher:

Downtown Media (signed and verified)

MD5:

eeedc89c73e44aa6fd5868dd2e4133e0

SHA-1:

ac43bdd801456e4da79e0831f3d6944b3588f181

SHA-256:

23a9e8d4543d7eff9630354d26a578f29639bcf7d7a282d85d380ce7bb80a1ac

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

11/15/2024 9:33:20 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Pua.Loadmoney.Gen7!c

2.1.4+

Avira AntiVirus

PUA/LoadMoney.Gen7

8.3.3.4

avast!

Win32:Malware-gen

2014.9-160325

Dr.Web

Trojan.Vittalia.8828

9.0.1.05190

Qihoo 360 Security

Win32/Virus.06b

1.0.0.1120

File size:

136.6 KB (139,928 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_setup-105380053.exe

Digital Signature

Signed by:

Downtown Media

Authority:

GoDaddy.com, Inc.

Valid from:

3/8/2016 11:14:39 PM

Valid to:

3/8/2017 11:14:39 PM

Subject:

CN=Downtown Media, O=Downtown Media, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00C86FE599444C83FF

File PE Metadata

Compilation timestamp:

2/18/2016 6:04:26 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

1536:a7kZrmPvllwBSwV5JCP7WODX2Jxi8qOqcWt7nakGmlriQpLR66Ah//nA2T:aoGdlIsjNX2n9qnhariiQpla33

Entry address:

0x12C0

Entry point:

83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 28, A2, 41, 00, E8, AB, FE, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 50, A2, 41, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 3C, A2, 41, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 30, 41, 00, E8, 4E, 02, 01, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, 30, 41, 00, 89, 04, 24, E8, 2A, 02, 01, 00, 83, EC, 08, 89, C2, 85, D2, 74, 11, C7, 44, 24, 04, 08, 80, 41, 00, C7... 
[+]

Code size:

66.5 KB (68,096 bytes)

The file adobe_flash_setup-105380053.exe has been seen being distributed by the following 47 URLs.

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106763839&filename=adobe_flash_player.exe&cb=1552531123&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105967253&filename=adobe_flash_player.exe&cb=-1163644656&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106737525&filename=adobe_flash_player.exe&cb=-552531158&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105578949&filename=adobe_flash_player.exe&cb=-918129875&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105546109&filename=adobe_flash_player.exe&cb=314291652&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105920845&filename=adobe_flash_player.exe&cb=-578150834&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105996775&filename=adobe_flash_player.exe&cb=-1688072631&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105442821&filename=adobe_flash_setup.exe&cb=174869664&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106840475&filename=adobe_flash_player.exe&cb=836352111&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105705555&filename=adobe_flash_player.exe&cb=498886224&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106637545&filename=java_runtime_enviroment_setup.exe&cb=-408675376&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106560107&filename=adobe_flash_player.exe&cb=1046858263&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105508725&filename=adobe_flash_player.exe&cb=-1937511780&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106704799&filename=adobe_flash_player.exe&cb=-1335519582&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=107018165&filename=adobe_flash_player.exe&cb=322665213&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=107098725&filename=adobe_flash_player.exe&cb=-1689332854&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106864849&filename=adobe_flash_player.exe&cb=-350931554&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105960263&filename=adobe_flash_player.exe&cb=-546372656&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=107305313&filename=adobe_flash_player.exe&cb=1675447069&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105560865&filename=adobe_flash_player.exe&cb=-165494405&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106183075&filename=adobe_flash_player.exe&cb=1426542365&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=107196173&filename=adobe_flash_player.exe&cb=1583449956&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=107465663&filename=adobe_flash_player.exe&cb=1435821628&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106453557&filename=adobe_flash_player.exe&cb=1355472689&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105821215&filename=adobe_flash_player.exe&cb=613074024&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105891879&filename=adobe_flash_player.exe&cb=433083047&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106444481&filename=adobe_flash_player.exe&cb=288836889&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=107486175&filename=adobe_flash_player.exe&cb=-2082991260&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=106171003&filename=adobe_flash_player.exe&cb=-594750707&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

http://intva31.infoversion.info/dl-pure/1200543/.../?bc=1200543&checksum=105649643&filename=adobe_flash_player.exe&cb=-1811667359&hashstring=ap123asde&usefilename=true&executableroutePath=1200885&stub=true

Latest 30 of 47 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-6-18-250.compute-1.amazonaws.com (52.6.18.250:80)

Remove adobe_flash_setup-105380053.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.