adobe_flash_setup.exe

OOO

The application adobe_flash_setup.exe by OOO has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from blankboxonline.com.
Publisher:
OOO   (signed and verified)

MD5:
3cb5d2fe72c553362a19c9a0cbf1aade

SHA-1:
3db4b4837a74a7648dbbb4fc8db1336ce9c746c9

SHA-256:
32423c7f03499dc947b3428c6ea3af1853a61400b95af13eda9800b0883e9046

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 9:51:48 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.182.116

AVG
Generic
2015.0.3305

Dr.Web
Trojan.Packed.29221
9.0.1.0303

ESET NOD32
Win32/InstallCore.QH (variant)
8.10646

Malwarebytes
v2014.10.30.08

Reason Heuristics
PUP.Installer.OOO.R
14.10.30.18

Total Defense
Win32/Tnega.QQGbDEC
37.0.11255

File size:
767.3 KB (785,760 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\adobe_flash_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/29/2014 1:00:00 AM

Valid to:
9/30/2015 12:59:59 AM

Subject:
CN="OOO ""Finans Servis""", O="OOO ""Finans Servis""", STREET=proezd Serebryakova 6, L=Moscow, S=Moscow, PostalCode=129323, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E1FA7367E750C9DB1BC6472E5E6D59C7

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:S8Faeph/DZ9O9cmZlwJzZgV81AgN8DPH9hq0PvCWa3Samc0DwE2iT+w1Fyb2kT:S8F/h/1rmDiEe58Rhq0PvCxilkEqC6lT

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8577

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file adobe_flash_setup.exe has been seen being distributed by the following URL.

Remove adobe_flash_setup.exe - Powered by Reason Core Security