adobe_flashplayer_installer.exe

The application adobe_flashplayer_installer.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.sugarsync.com and multiple other hosts.
MD5:
b1638d4845e61790957601dddf525ad5

SHA-1:
1781319c26b03fb5062fc30c1ef9a24584c7d2c6

SHA-256:
ff0b39197771eb7ce62c80d0bf1af325db69f3dafb70521fbaf960081439a1dd

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 2:24:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1602076
876

AhnLab V3 Security
Malware/Win32.Generic
2014.07.13

avast!
Win32:Adware-BLN [Adw]
2014.9-140912

AVG
Found Luhe.Fiha.A
2015.0.3354

Baidu Antivirus
Adware.Win32.Illyx
4.0.3.14912

Bitdefender
Trojan.GenericKD.1602076
1.0.20.1275

Comodo Security
ApplicUnwnt
18107

Dr.Web
BackDoor.Cybergate.1
9.0.1.0255

Emsisoft Anti-Malware
Trojan.GenericKD.1602076
8.14.09.12.11

ESET NOD32
Win32/GameTool.BB
8.9603

Fortinet FortiGate
W32/FrauDrop.ADJIS!tr
9/12/2014

F-Secure
Trojan.GenericKD.1602076
11.2014-12-09_6

G Data
Trojan.GenericKD.1602076
14.9.24

IKARUS anti.virus
Trojan-Dropper.Win32.FrauDrop
t3scan.2.2.29

K7 AntiVirus
Riskware
13.176.11584

Kaspersky
Trojan-Dropper.Win32.FrauDrop
14.0.0.3263

Malwarebytes
Trojan.Inject.RRE
v2014.09.12.11

McAfee
Artemis!37BD65F12E99
5600.7010

MicroWorld eScan
Trojan.GenericKD.1602076
15.0.0.765

NANO AntiVirus
Trojan.Win32.Autoit.dbiolu
0.28.0.60698

Norman
Suspicious_Gen4.FXLPV
11.20140912

nProtect
Trojan.GenericKD.1602076
14.03.27.01

Qihoo 360 Security
Win32/Trojan.Dropper.0c3
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.5.10

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R00UH07C914
7.2.217

Vba32 AntiVirus
TrojanPSW.Ruftar
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
27776

File size:
382 KB (391,168 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
7/24/2014 7:32:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:k+ssXv5jUA2OpjesAOfoTb+v+90TveVBciZnbCUxP4C9tgf/AN1LtdReCBJJKKri:OOv5jKhsfoPA+yeVKUCUxP4C902bdRtW

Entry address:
0xE2F10

Entry point:
60, BE, 00, F0, 48, 00, 8D, BE, 00, 20, F7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
340 KB (348,160 bytes)

The file adobe_flashplayer_installer.exe has been seen being distributed by the following 3 URLs.

https://www.sugarsync.com/.../D3661877_93920796_60588?directDownload=true

Remove adobe_flashplayer_installer.exe - Powered by Reason Core Security