adobe_flash_setup.exe

flash setup

OOO ELEKTRO-KOD

The application adobe_flash_setup.exe by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 2 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from testpc24.preparedupdate.website and multiple other hosts.
Publisher:
OOO ELEKTRO-KOD  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
cb088c44a9a38b6ebb96316c474e71d0

SHA-1:
3c718bb127197dbb18fe3b4fb37842f6fcea01cc

SHA-256:
49dfbba3ab01786700f9d62caec23baa502bfdd0e6b138a3b69e0d27f9b3da36

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 9:45:11 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.InstallCore.1954
9.0.1.05190

Reason Heuristics
PUP.OOOELEKT.Installer (M)
16.4.23.12

File size:
187.1 KB (191,568 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\My documents\downloads\adobe_flash_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/8/2015 12:00:00 AM

Valid to:
6/7/2016 11:59:59 PM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="109428,GOROD MOSKVA,,,,ULITsA IBRAGIMOVA,35, 2,I KOMN.14,", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D1727DFA82A3E28C73A633A65CE817E4

File PE Metadata
Compilation timestamp:
4/16/2016 10:38:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:wXc8Eufojifsq2eWEXQjb4tMUeTkHHRAzQ4IbLHhxy/jJdurUh1T/WLwA6FXt:moGUq2eWEQbjQUQ7hxyLur+YMFd

Entry address:
0xC2CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3778

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41 KB (41,984 bytes)

The file adobe_flash_setup.exe has been seen being distributed by the following 45 URLs.

http://testpc24.preparedupdate.website/dl.php?gvhrcc=C24SxZ0ojvG_bch-rtm13PN71DgbF2iMS5bkc5FAhZ0.&cid=184667509723&sid=424060&conversion_id=14614379079164&app_id=4&lp_id=813&v=tribat&stub_id=305&v_id=64npdKjw_bBAyrCL8lDZ7lZ85b0_k156-2chknB1pDo.&lpp=*-*-*

http://safe.soft2download.website/dl.php?zhrj=sMBycfqvPa_0a0ERkVjxMC-GoM0nWgBAhHPkmhCmIq0.&cid=10540970931461436717&conversion_id=14614367476094&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=TT_kgyhThVkvoqFg55croLLNE6Nv4IqRuyi7Ez3-_hE.&lpp=No match

http://safe.soft2download.website/dl.php?zhrj=3gyYySmOGJCgnf420qkn-OeEVGZVRlkn9f3J8QO71iA.&cid=11681388971461438270&conversion_id=14614382762594&app_id=4&lp_id=1550&v=tribat&stub_id=305&v_id=W4P5Va8S7Un7Ipx3JNzkMuxUYuptTvZ800TSYYpb134.&lpp=*-*-*

http://safe.soft2download.website/dl.php?zhrj=V6ggtPSfPBnjgGPLPRg1F8RvkCX3npdk8pUvwP5LaCY.&cid=15660137911461436953&conversion_id=14614369577190&app_id=4&lp_id=1594&v=tribat&stub_id=305&v_id=nREkPwly1XKEJ4qpPZgjxAo3X0fEZAK35IJx9gL-Z6Q.&lpp=*-*-*

http://safe.soft2download.website/dl.php?gwzter=JEZUCP9ythHm1KfOKYRUzQJerVL6zvgzPdolGyU62F0.&cid=170605536241&conversion_id=14616004229823&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=pr0Apw9e8dMrtLxDVUjKCUbmUctNtt-453lxJy5-7ao.&lpp=*-*-*

http://newupdate.softupdate4free.website/dl.php?sjsz=0ZK6LYwE9Q89ZaLgS0HdFWuVwpKYydTITyVX2MxrCbo.&cid=31912690821461557297&conversion_id=14615573013823&app_id=4&lp_id=1594&v=tribat&stub_id=305&v_id=yubBJ9i0wgvdpX_0lPSY7-RtFV6juMAhrMq0udQUFdw.&lpp=*-*-*

http://safe.soft2download.website/dl.php?gwzter=2IoEeC7_3Qqcv4ZGCdA_8-hpaDsMjH5dIUOAGEfjnpw.&cid=20335971701461621874&conversion_id=14616218801668&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=1pGNs0WY6C5fqEGXKPWidOXB4IjzxzYGZT630Zk2vWw.&lpp=*-*-*

http://update.soft2download.xyz/dl.php?bvurtv=_cyh1oEmbybn7m8Cxmo-s9kM_Ls_aQ_oI5B4Xeo4UXs.&cid=VjJ8MzA2MjJ8MjgzOTA3fDQwMTE5MXwxNDYxNTU1MDM2fDRhYTMyYzI5LWIwMmUtNDFhNi1jMTBlLTY3MTkxYzMyZGRlNXwxODAuMjU0LjE0MC4yMjV8fDJ8MDEzZDAzY2MzYTJlZmYzMzA2MDZjY2E3MjM1ZDhjNzI=&sub=2007&conversion_id=14615550431492&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=_Cy-_qK0eH85_FgDq9SkgEaje_JqKGeHRpUFTfpKnCo.&lpp=*-*-*

http://safe.soft2download.website/dl.php?zhrj=V6ggtPSfPBnjgGPLPRg1F8RvkCX3npdk8pUvwP5LaCY.&cid=13782455081461438319&conversion_id=14614383206166&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=MOleONQZbyFy4KzBUXyGsyS1XymHmiJh4Ydjk5UYIIU.&lpp=*-*-*

http://safe.soft2download.website/dl.php?gwzter=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2OTZ8MjgyMzU3fHwzfDF8fFpYQnRZV1J6WDNkcFpIUm8qTXpJd35ZMmcqfmRIbypOUzQxflkyeHBZMnMqfmRHRnlTV1EqWlhCdFlXUnpMV0UzTUdJMU56VXhZMk0wWWpreE9EaGxOelEzTWpkaE4ySXhNekV3WVRZMUxUWTBNSGd5TlRBflpYQnRZV1J6WDJobGFXZG9kQSpOVEF-Y21WeGRXVnpkRkpsWmcqYUhSMGNEb3ZMM2QzZHk0MGMyaGhjbVZrTG1OdmJTOW1hV3hsTDFCNVR6UmFjM0ozTDFOaGRtVkZaR2wwYjNJdWFIUnRiQX5kQSpNVFEyTVRVNU9EWXpOakl6T0F-ZGcqTVF-Y21WeGRXVnpkRlZ5YkEqYUhSMGNEb3ZMM2QzZHk0MGMyaGhjbVZrTG1OdmJTOW1hV3hsTDFCNVR6UmFjM0ozTDFOaGRtVkZaR2wwYjNJdWFIUnRiQX5abXhoYzJoV1pYSSpNakV1TUNCeU1BfmMyTnlWMmxrZEdnKk1UTTJOZ35ZMGxrY3cqTVRBME9EYzV-WVdSelEyRnRjR0ZwWjI1TFpYaypNVFEyTVRVNU9EWXpORE14T1F-YTJWNSpZVGN3WWpVM05URmpZelJpT1RFNE9HVTNORGN5TjJFM1lqRXpNVEJoTmpVfmMyTnlTR1ZwWjJoMCpOelk0fHw&conversion_id=14615986539589&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=aQys9WLXdT5MopngDpNoreKLKWRXIpLWT7knktzMSJU.&lpp=*-*-*

http://safe.soft2download.website/dl.php?gwzter=0ZK6LYwE9Q89ZaLgS0HdFWuVwpKYydTITyVX2MxrCbo.&cid=31564916741461598177&conversion_id=14615981787423&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=b01TEFaYn4r6ew-qWBELFRKcvW0dG4jPv1_-7CHj0Lg.&lpp=*-*-*

http://newalways.whensoftworks.download/dl.php?grew=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8NjAzMHwyNzI4NjB8NDAxMTkxfDE0NjE0MTY5MDd8MTdmNGRiOTctNjk0OS00YTM4LWNhMWUtYTUyNWU0MDY2OGE2fDExNS44Ny40MC40OHx8MXw3Yjg2ZGE0MWQ2MjkwMDA1ZDc3ZGFjYzA0N2I2NDIzYg==&conversion_id=14614169201663&app_id=4&lp_id=1401&v=tribat&stub_id=305&v_id=dFBbbhS4HF4p9OibPnjhoqy5CHmS7cnG1Ue3Jw_QvmI.&lpp=*-*-*

Latest 30 of 45 download URLs

Remove adobe_flash_setup.exe - Powered by Reason Core Security