adobe_flashplayer_e2c7b_setup.exe

Program

OOO DIGITAL VEI

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application adobe_flashplayer_e2c7b_setup.exe, “Program Setup ” by OOO DIGITAL VEI has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Soft program   (signed by OOO DIGITAL VEI)

Product:
Program

Description:
Program Setup

MD5:
1928ce9995e1d77d4a1436f988e50368

SHA-1:
fbce5e8dc46f2102bd4da4685fe0ba758d3df14b

SHA-256:
118978f12f309e362aa40bf452518ca64785a82a6a2bc1743d0af9dce62f9111

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 12:52:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.2.6.6

File size:
964.5 KB (987,640 bytes)

Product version:
3.4

Copyright:
Generic

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_flashplayer_e2c7b_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/20/2015 1:00:00 AM

Valid to:
5/20/2016 12:59:59 AM

Subject:
CN=OOO DIGITAL VEI, OU=HTTP App Insert ver 2.0, O=OOO DIGITAL VEI, STREET="UL BRATISLAVSKAYA, D 21, KORP 1", L=Moscow, S=Moscow, PostalCode=109451, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4C134519ADB471ADC9A4BF6799A032C2

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9283

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove adobe_flashplayer_e2c7b_setup.exe - Powered by Reason Core Security