adobe_flashplayer_setup.exe

Freemium GmbH

The file adobe_flashplayer_setup.exe by Freemium GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Freemium GmbH  (signed and verified)

MD5:
77cd727065e19ad460e2453a066adeb1

SHA-1:
79e60427034266d02fb72c2e18bbf04b3d44691d

SHA-256:
2849db2817a6e8bbad923e0acd16c55d86ff347dba4657df71a46273272f6578

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/27/2024 3:33:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus (M)
17.3.16.10

File size:
555.2 KB (568,488 bytes)

Bundler/Installer:
Covus

Language:
English (United States)

Common path:
C:\users\{user}\downloads\adobe_flashplayer_setup.exe.9fsn3bv.partial

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/6/2016 2:00:00 AM

Valid to:
4/13/2017 1:59:59 AM

Subject:
CN=Freemium GmbH, O=Freemium GmbH, STREET=Schwedter Straße 9a, L=Berlin, S=Berlin, PostalCode=10119, C=DE

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BCEDCE129E9AA236BBF4BC059A58BA55

File PE Metadata
Compilation timestamp:
2/24/2017 6:11:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x1496C

Entry point:
E8, A4, 7A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 68, B5, 45, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, CC, B1, 45, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 98, F2, 47, 00, 89, 0D, 94, F2, 47, 00, 89, 15, 90, F2, 47, 00, 89, 1D, 8C, F2, 47, 00, 89, 35, 88, F2, 47, 00, 89, 3D...
 
[+]

Code size:
358 KB (366,592 bytes)

Remove adobe_flashplayer_setup.exe - Powered by Reason Core Security