adobe_flashplayer_plugin_setup_setup.exe

Mop

OOO Master-Code

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application adobe_flashplayer_plugin_setup_setup.exe, “Mop Setup ” by OOO Master-Code has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Keg   (signed by OOO Master-Code)

Product:
Mop

Description:
Mop Setup

MD5:
b7838ca87153cf004f20836c82be75fc

SHA-1:
f75e997e370fe2793eaf0293ad0bb30b8e8b3af5

SHA-256:
dbcc87bd83b86196ae97cb28c79548ec41b4d63b1b078c8d8c7c3a5fa3296e1b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 3:24:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.5.22

File size:
1 MB (1,075,984 bytes)

Product version:
1.5.3

Copyright:
Application

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\adobe_flashplayer_plugin_setup_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/15/2015 5:30:00 AM

Valid to:
5/15/2016 5:29:59 AM

Subject:
CN=OOO Master-Code, OU=Development Unit, O=OOO Master-Code, STREET="Leningradskoe shosse, d. 96 korp. 1", L=Moscow, S=Moscow, PostalCode=125195, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
247D0A048891B169A5C28AFBF92C3C40

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9106

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove adobe_flashplayer_plugin_setup_setup.exe - Powered by Reason Core Security