adobe_flash_setup.exe

Internet

NEXT-POINT (OOO Next-Point)

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application adobe_flash_setup.exe, “Internet Setup ” by NEXT-POINT (OOO Next-Point) has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Web Internet   (signed by NEXT-POINT (OOO Next-Point))

Product:
Internet

Description:
Internet Setup

MD5:
ccc3102fcf0371d5e41c50fcd9282471

SHA-1:
708a7e99691eed921e940cb4cc47ed1089761d17

SHA-256:
ff8a3951d3ff66dea04c228945fd4128fa270a585116a4ed5881165c32bddfe7

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 7:33:50 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

AhnLab V3 Security
PUP/Win32.InstallCore
2015.03.17

Avira AntiVirus
7.11.217.176

avast!
Malware-gen
2014.9-160115

AVG
Generic
2017.0.2863

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallCore.DXS
21464

Dr.Web
Trojan.InstallCore.206
9.0.1.015

ESET NOD32
Win32/InstallCore.XP potentially unwanted application
10.7.0.302.0

K7 AntiVirus
Trojan
13.201.15274

Malwarebytes
v2016.01.15.02

McAfee
Trojan.Artemis!B11787274A7E
5600.6519

NANO AntiVirus
Riskware.Win32.InstallCore.dqfxvp
0.30.16.1110

Reason Heuristics
PUP.installCore.NEXTPOINTOOONextPoint.Installer (M)
16.1.15.14

Sophos
PUA 'Install Core Click run software'
5.14

VIPRE Antivirus
Threat.4150696
38050

File size:
759.7 KB (777,920 bytes)

Product version:
3.8

Copyright:
Application Internet

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\adobe_flash_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/22/2015 2:00:00 AM

Valid to:
1/23/2016 1:59:59 AM

Subject:
CN=NEXT-POINT (OOO Next-Point), O=NEXT-POINT (OOO Next-Point), STREET=Prospekt Leninskii 95, L=Moscow, S=Moscow, PostalCode=119313, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75E61A7B437F0F49B6A02FAA99CD28AC

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:3+aanviPebr6rPdZw9oNo0ehFez6dvfVCLnt6xskzwKdof6Alosu:3+a6viPebr6rPdZA2mvdvwLnSzNSf6m

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.6596

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file adobe_flash_setup.exe has been seen being distributed by the following URL.

Remove adobe_flash_setup.exe - Powered by Reason Core Security