adobe_flash_setup-132418774.exe

CertFreeCertificateContext

Bicoastal Interactive

The application adobe_flash_setup-132418774.exe by Bicoastal Interactive has been detected as a potentially unwanted program by 13 anti-malware scanners. The file has been seen being downloaded from intva31.websitetorrent.info and multiple other hosts.
Publisher:
Bicoastal Interactive  (signed and verified)

Product:
CertFreeCertificateContext

Version:
9.14.157.518

MD5:
154cd0ea0c16679f389cf4e0f634db08

SHA-1:
826d455f2ee5a616fdfcff8ccaaa64d6ff75bfdb

SHA-256:
be66c33c977ee898bed52f115d302d326da5f55071287e72591b0a457c222434

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:46:44 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.DownloadAdmin.R195114
3.8.3.16

Avira AntiVirus
TR/Siggen.gkdsw
8.3.3.4

avast!
Win32:Rootkit-gen [Rtk]
2014.9-170222

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17222

Comodo Security
Application.Win32.DownloadAdmin.Y
26639

Dr.Web
Trojan.Siggen7.10262
9.0.1.053

Emsisoft Anti-Malware
Application.AdLoad
8.17.02.22.02

IKARUS anti.virus
PUA.DownloadAdmin.Aa
0.2.1.2

McAfee
GenericRXAZ-EG!154CD0EA0C16
5600.6115

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
1.0.0.1120

Reason Heuristics
PUP.DownloadAdmin (M)
17.2.22.14

Vba32 AntiVirus
Signed-Downware.DownloadAdmin
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
56162

File size:
139.8 KB (143,144 bytes)

Product version:
7.12.96.910

Copyright:
Copyright (C) 2014 Default Browserpos

Original file name:
Taskbar.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\adobe_flash_setup-132418774.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
5/19/2016 1:50:40 PM

Valid to:
5/19/2017 1:50:40 PM

Subject:
CN=Bicoastal Interactive, O=Bicoastal Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0096C56AE03C38A570

File PE Metadata
Compilation timestamp:
11/29/2016 9:25:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x79BD

Entry point:
E8, BC, 36, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, EC, C4, 41, 00, FF, 15, D0, 50, 41, 00, 85, C0, 75, 18, 56, E8, 0E, 10, 00, 00, 8B, F0, FF, 15, BC, 50, 41, 00, 50, E8, 13, 10, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, CC, B8, 41, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, C3, 3D, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, B7, 3D, 00, 00, 8D, 85, E0, FC...
 
[+]

Entropy:
6.4835

Code size:
77.5 KB (79,360 bytes)

The file adobe_flash_setup-132418774.exe has been seen being distributed by the following 3 URLs.

http://intva31.websitetorrent.info/dl-pure/1205333/.../?bc=1205333&checksum=132529371&ephemeral=1&filename=adobe_flash_setup.exe&cb=405739780&hashstring=58ad9f1078d50&usefilename=true&executableroutePath=1205085&stub=true

http://intva31.websitetorrent.info/dl-pure/1205333/.../?bc=1205333&checksum=132529306&ephemeral=1&filename=adobe_flash_setup.exe&cb=-632253074&hashstring=58ad9f1078d50&usefilename=true&executableroutePath=1205085&stub=true

http://intva31.websitetorrent.info/dl-pure/1205333/.../?bc=1205333&checksum=132506636&ephemeral=1&filename=adobe_flash_setup.exe&cb=1951227048&hashstring=58ad9f1078d50&usefilename=true&executableroutePath=1205085&stub=true

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-6-18-250.compute-1.amazonaws.com  (52.6.18.250:80)

TCP (HTTP):
Connects to host-213.158.175.82.tedata.net  (213.158.175.82:80)

TCP (HTTP):
Connects to host-213.158.175.66.tedata.net  (213.158.175.66:80)

TCP (HTTP):
Connects to a88-221-254-184.deploy.akamaitechnologies.com  (88.221.254.184:80)

TCP (HTTP):
Connects to a88-221-254-187.deploy.akamaitechnologies.com  (88.221.254.187:80)

TCP (HTTP SSL):
Connects to a104-106-239-110.deploy.static.akamaitechnologies.com  (104.106.239.110:443)

TCP (HTTP):
Connects to a95-101-72-68.deploy.akamaitechnologies.com  (95.101.72.68:80)

TCP (HTTP):
Connects to a95-101-72-59.deploy.akamaitechnologies.com  (95.101.72.59:80)

TCP (HTTP):
Connects to a84-53-132-226.deploy.akamaitechnologies.com  (84.53.132.226:80)

TCP (HTTP):
Connects to a23-212-53-213.deploy.static.akamaitechnologies.com  (23.212.53.213:80)

TCP (HTTP):
Connects to a23-200-86-152.deploy.static.akamaitechnologies.com  (23.200.86.152:80)

TCP (HTTP):
Connects to 202-51-66-248.deploy.akamaitechnologies.com  (202.51.66.248:80)

TCP (HTTP):
Connects to 154.120.216.9.liquidtelecom.net  (154.120.216.9:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (52.216.224.120:80)

TCP (HTTP):
Connects to post.securestudies.com  (165.193.78.234:80)

TCP (HTTP):
Connects to net-inst-ash.opera.com  (37.228.108.239:80)

TCP (HTTP):
Connects to host-213.158.175.90.tedata.net  (213.158.175.90:80)

TCP (HTTP):
Connects to a95-101-72-18.deploy.akamaitechnologies.com  (95.101.72.18:80)

TCP (HTTP):
Connects to a84-53-132-249.deploy.akamaitechnologies.com  (84.53.132.249:80)

TCP (HTTP):

Remove adobe_flash_setup-132418774.exe - Powered by Reason Core Security