adobe_flash_setup.exe

CoinisRS Downloader

Advertaizing Grupp

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application adobe_flash_setup.exe by Advertaizing Grupp has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from s.updatenet-check.com.
Publisher:
CoinisRS  (signed by Advertaizing Grupp)

Product:
CoinisRS Downloader

Version:
1.0.5.a0.1_34217

MD5:
851a4c144789270868820ce9b853202f

SHA-1:
f6082254db17e2d74a2d576e669a0f20b3efae80

SHA-256:
aad39dc3f4120773d68fdc39f8baea76ca424e7bfaaa7830f969aa7785c1da6d

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/6/2024 5:40:15 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

AhnLab V3 Security
PUP/Win32.InstallCore
2015.03.08

Avira AntiVirus
Adware/InstallCo.zlz
7.11.211.202

avast!
Rootkit-gen [Rtk]
2014.9-160203

AVG
Generic
2017.0.2844

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Installcore-432
0.98/20330

Dr.Web
Trojan.InstallCore.57
9.0.1.034

ESET NOD32
Win32/InstallCore.VW potentially unwanted application
10.7.0.302.0

K7 AntiVirus
Trojan
13.197.15038

NANO AntiVirus
Riskware.Win32.InstallCore.dnxkbc
0.30.0.296

Reason Heuristics
PUP.Coinis.installCore.Installer (M)
16.2.3.16

Total Defense
Win32/Tnega.MFNTaRB
37.0.11453

VIPRE Antivirus
Threat.4150696
37588

File size:
757.4 KB (775,560 bytes)

Product version:
1.0.5.a0.1_34217

Copyright:
CoinisRS

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_flash_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/13/2015 12:00:00 AM

Valid to:
1/13/2016 11:59:59 PM

Subject:
CN=Advertaizing Grupp, O=Advertaizing Grupp, POBox=117405, STREET="ULITsA DOROZhNAYa,60B", L=GOROD MOSKVA, S=Russia, PostalCode=117405, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
230735435EBA58ABD22B8151728C3636

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:RzvpshFp2We3ECdKXNZDnI0v+OkWrcJFDM+9P2kPBUn1AJ3vOxhXtmxejFDho:RzvmhFp2We0CkXf7Io+LrJFNQkPW1qvZ

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.6593

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file adobe_flash_setup.exe has been seen being distributed by the following URL.

Remove adobe_flash_setup.exe - Powered by Reason Core Security