adobe_flash_setup.exe

flash setup

OOO DIGITAL MEMORI

The application adobe_flash_setup.exe by OOO DIGITAL MEMORI has been detected as a potentially unwanted program by 3 anti-malware scanners. The file has been seen being downloaded from get24update.applicationtechnica.tech and multiple other hosts.
Publisher:
OOO DIGITAL MEMORI  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
eeb19967968eceeb57d61b98b76b89bf

SHA-1:
c602b2c225c5000056595fbf5f467cd3cc496ecc

SHA-256:
9750321d2678b40af0656adffce4e65f333267012f139e1846563e0817f7e34c

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:34:59 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/TrojanDownloader.Adload.AZ trojan
8.0.319.0

Reason Heuristics
PUP.OOODIGIT.Installer (M)
16.4.25.22

VIPRE Antivirus
Threat.4786018
29708

File size:
187.1 KB (191,568 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\adobe_flash_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/30/2015 12:00:00 AM

Valid to:
12/29/2016 11:59:59 PM

Subject:
CN=OOO DIGITAL MEMORI, O=OOO DIGITAL MEMORI, STREET="g. Moskva, proezd Nizhnelikhoborski 3-i, d. 1 A", L=Moscow, S=Moscow, PostalCode=127238, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A020E61DC95C3CBA45FA596877E669E1

File PE Metadata
Compilation timestamp:
4/16/2016 12:08:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:fXc8Eufojifsq2eWEXQjb4tMUeTkHHRAzQ4IbLHhxy/jJdurUh1T/WLwA6FeY:poGUq2eWEQbjQUQ7hxyLur+YMFh

Entry address:
0xC2CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3781

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41 KB (41,984 bytes)

The file adobe_flash_setup.exe has been seen being distributed by the following 17 URLs.

http://get24update.applicationtechnica.tech/dl.php?sgfds=Iu5sv4NYl_zlgN93nmUm2GAAg-MzAOgMZUlagyP7ABQ.&cid=MTA1MHw1MjA1fEJSfDN8MXx8Y3pKeipTazFETVRVeE5sOVFYMTlUV25kb1FrVmpMVkJrUWxSQ1dGRm9TRXhSfHw&conversion_id=14616237244137&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=o1ABdDaO2vsPgvYux4OiNbMRZUlk95ddh08IYSFBKcY.&lpp=*-*-*

http://versionsupport.clickonupdate.top/dl.php?btrn=Iu5sv4NYl_zlgN93nmUm2GAAg-MzAOgMZUlagyP7ABQ.&cid=MTA1MHw1MjA1fFVTfDN8MXx8Y3pKeipTazFETVRFMU1WOXZhSFJNUm5aQmNXUmZMVkJqVmxKQ1YzVTBVR0kyfHw&conversion_id=14616313817314&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=ANSnbZduE7Rzvd-eYXLMk_Uv66nmcCr4oK4HAtIJQX4.&lpp=*-*-*

http://safe.soft2download.website/dl.php?gwzter=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2OTZ8MjgyMzU3fFNBfDN8MXx8WlhCdFlXUnpYM2RwWkhSbypNekl3flkyZyp-ZEhvKk13flkyeHBZMnMqfmRHRnlTV1EqWlhCdFlXUnpMV0UzTUdJMU56VXhZMk0wWWpreE9EaGxOelEzTWpkaE4ySXhNekV3WVRZMUxUWTBNSGd5TlRBflpYQnRZV1J6WDJobGFXZG9kQSpOVEF-Y21WeGRXVnpkRkpsWmcqYUhSMGNEb3ZMM2QzZHk0MGMyaGhjbVZrTG1OdmJTOTJhV1JsYnk5RWVETnljVUpVZFdKaEwyMWhjbmRoWDNObFpXdHpYemN5TXk1b2RHMXN-ZEEqTVRRMk1UWXlPRFU1TVRRMU5nfmRnKk1RfmNtVnhkV1Z6ZEZWeWJBKmFIUjBjRG92TDNkM2R5NDBjMmhoY21Wa0xtTnZiUzkyYVdSbGJ5OUVlRE55Y1VKVWRXSmhMMjFoY25kaFgzTmxaV3R6WHpjeU15NW9kRzFzflpteGhjMmhXWlhJKk1qRXVNQ0J5TUF-YzJOeVYybGtkR2cqTVRBeU5BflkwbGtjdypNVEEwT0RjNUxERXdORGczTnl3eE1EVXpORFF-WVdSelEyRnRjR0ZwWjI1TFpYaypNVFEyTVRZeU9EVTJNall4TUF-YTJWNSpZVGN3WWpVM05URmpZelJpT1RFNE9HVTNORGN5TjJFM1lqRXpNVEJoTmpVfmMyTnlTR1ZwWjJoMCpOakF3fHw&conversion_id=14616287447370&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=GgoJu_K8mesInhRDaSNTf0l0jQVzQpQrZIp_sYewvLM.&lpp=*-*-*

Remove adobe_flash_setup.exe - Powered by Reason Core Security