adobe_flash_setup.exe

flash setup

OOO ELEKTRO-KOD

The application adobe_flash_setup.exe by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 2 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from safe.soft2download.website and multiple other hosts.
Publisher:
OOO ELEKTRO-KOD  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
ec73ee7da3e1e41b27c22c07cf4012a3

SHA-1:
0bd5635691329a3070d010dad935b78caf12f576

SHA-256:
782aa609702bf0e483274f6fd680b6a5d26caddc2886a08a95fa805abe697397

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/5/2024 12:45:00 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.InstallCore.1954
9.0.1.05190

Reason Heuristics
PUP.OOOELEKT.Installer (M)
16.4.23.18

File size:
187.6 KB (192,080 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\My documents\downloads\adobe_flash_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/8/2015 12:00:00 AM

Valid to:
6/7/2016 11:59:59 PM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="109428,GOROD MOSKVA,,,,ULITsA IBRAGIMOVA,35, 2,I KOMN.14,", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D1727DFA82A3E28C73A633A65CE817E4

File PE Metadata
Compilation timestamp:
4/16/2016 7:08:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:XFF3gerztvWlhIrZHUh+bbtMUeTkHHRAzQ4IbLHhxy/jJdurUh1T/WLwA6Fmd:1jzRWlhIrZHjb2QUQ7hxyLur+YMFY

Entry address:
0xC40E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3748

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41.5 KB (42,496 bytes)

The file adobe_flash_setup.exe has been seen being distributed by the following 43 URLs.

http://safe.soft2download.website/dl.php?zhrj=zo1y2Xi9PFo46XICdALWKY7Iv7iHEX4a2b2o8JXIESo.&cid=15123491541461443822&conversion_id=14614438702421&app_id=4&lp_id=1550&v=tribat&stub_id=305&v_id=Ifrz53p8g-eYgeEtzuGmzTJkwhbyOnqEXGzRlF36wqg.&lpp=No match

http://safe.soft2download.website/dl.php?gwzter=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2Njd8MjgyMzU4fFZFfDN8MXx8WlhCdFlXUnpYM2RwWkhSbypOekk0flkyZyp-ZEhvKkxUUXVOUX5ZMnhwWTJzKn5kR0Z5U1dRKlpYQnRZV1J6TFRrM05UTTFPVEZoTXpOaVl6TXlNRGhoWkRsaE9ETTBZMlE0WkRVNU1tVXdMVGN5T0hnNU1BflpYQnRZV1J6WDJobGFXZG9kQSpPVEF-Y21WeGRXVnpkRkpsWmcqYUhSMGNEb3ZMM2QzZHk0MGMyaGhjbVZrTG1OdmJTOW5aWFF2VW10ek1WSTJjSHBpWVM5amIzVnVkR1Z5WDNOMGNtbHJaVjh4Tmw5aWVWOWpZWEpzYjNOemJtRXVhSFJ0YkF-ZEEqTVRRMk1UWXdPVE15TVRBM01nfmRnKk1RfmNtVnhkV1Z6ZEZWeWJBKmFIUjBjRG92TDJWd2IyMWhaSE15TGpSemFHRnlaV1F1WTI5dEwyRmtjejkyUFRFbWEyVjVQVGRtTVdJek5qQmtNREF5Wm1Ka1lqVTBZV1prTldVNE1tSmtPV1l4TUdZekpuUmhja2xrUFdWd2IyMHROMll4WWpNMk1HUXdNREptWW1SaU5UUmhabVExWlRneVltUTVaakV3WmpNbVkwbGtjejBtWVdSelEyRnRjR0ZwWjI1TFpYazlNVFEyTVRZd09UTXhPRE00TlNaamFEMG1ZMnhwWTJzOUpuUjZQUzAwTGpVbWREMHhORFl4TmpBNU16RTVOemsxSm5KbGNYVmxjM1JWY213OWFIUjBjQ1V6UVNVeVJpVXlSbmQzZHk0MGMyaGhjbVZrTG1OdmJTVXlSbWRsZENVeVJsSnJjekZTTm5CNlltRWxNa1pqYjNWdWRHVnlYM04

http://safe.soft2download.website/dl.php?zhrj=0ZK6LYwE9Q89ZaLgS0HdFWuVwpKYydTITyVX2MxrCbo.&cid=17687216871461437623&conversion_id=14614376257157&app_id=4&lp_id=1594&v=tribat&stub_id=305&v_id=BKHsUG-9bIaJjOJ-kQfnsOLDZfR4xlWLxn5-4eQm-ho.&lpp=*-*-*

http://safe.soft2download.website/dl.php?gwzter=DnpSQdqzYfx_s_FrbE3AwGPmsTozys2PoBW_Y66P_HI.&cid=l7k73NxvnZectynP3NpsS6FfSUMQLeDJ7RXVAksAHLUmHDk6KkIyxpeu_BOUaNMPdgGMEvgSHPRUpH3y3neynj07J2zEdRPeonlJtStSZtnU1UQNICYNM7R3Nf917nEnv1WaPAw9rf3kVgTnSv0rD-QHhQubcjQSQsGHJptvLJxXI_ag7m--X6m8twMlihey1d9JnJogwKPZ1N_xKsvX-bNajx_O5ITzfu90cdn6L-mF_YxXuGUUj_kzOrW7e2oRQTWjGQFwAnuK8YOqXprtN0wujQrEgyzPIIbk3MBvQlkXk8GXzORr3pCBlnp62dKVSk9xoeKH2veFzn6rFKfUmwkpkgx4CvtrN-mam0MGcRiJ8_7qg72MeOynPGWtfUEr2D7PvdZN8Ts9F5ZAfnCvDUqTqGGV8Ru5JRN1YsBCGUxanKXPpcqEUDbDCMgAyVvfjJFpOHir1OBQLriaCAh10mWEoixUsvQo&sid=[SUB_ID]&conversion_id=14615826105929&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=Bvi0zeUrbX_atejjSzgZiaNkpt4pT3I2mdZ_mK2Awng.&lpp=*-*-*

Latest 30 of 43 download URLs

Remove adobe_flash_setup.exe - Powered by Reason Core Security