home

adobeflash.exe

The executable adobeflash.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from tvnewsy.mooo.com.
Version:
0.0.0.0

MD5:
d5ba95350c49679cb1f6fc6826fd9a0d

SHA-1:
ef9641f5400c8fbe2d1d3a37182e513dc1cfb647

SHA-256:
dfd7d1e7ac9e442fe6729f9fd2884d381a37e7220dbaf0a880c75f734153cca7

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/5/2024 9:34:25 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.44.150

IKARUS anti.virus
Worm.Win32.Ainslot
t3scan.1.1.122.0

K7 AntiVirus
Trojan
13.152.7664

Kaspersky
Trojan.Win32.Jorik.Shakblades
14.0.0.77

Microsoft Security Essentials
PWS:Win32/Fignotok.A
1.163.1557.0

Panda Antivirus
W32/Vobfus.GEV.worm
16.06.10.01

Quick Heal
Trojan.Jorik.Shakblades.apg
6.16.12.00

Sophos
Mal/Generic-L
4.81

SUPERAntiSpyware
Trojan.Agent/Gen-Virtool
9090

VIPRE Antivirus
Trojan.Win32.Generic
13278

File size:
442.5 KB (453,120 bytes)

Product version:
0.0.0.0

Original file name:
crypted.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\adobeflash.exe

File PE Metadata
Compilation timestamp:
8/1/2011 10:36:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:4c4B7bbw2tD8cutQEH27KMk3RKAfnqBzWrv/:mBs2x8nLH2OHYBBzWrX

Entry address:
0x6FFAA

Entry point:
FF, 25, B8, FF, 46, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8C, FF, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, 37, 0E, 37, 4E, 00, 00, 00, 00, 02, 00, 00, 00, 47, 00, 00, 00, DC, FF, 06, 00, DC, E1, 06, 00, 52, 53, 44, 53, 29, 86, 58, 82, BC, 00, 1B, 42, 91, 3E, EE, 0E, CC, D1, C9, 09, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 52, 6F, 6E, 20, 61, 6C, 6C, 65, 6E, 5C, 41, 70, 70, 44, 61, 74, 61, 5C, 4C, 6F, 63, 61, 6C, 5C, 54, 65, 6D, 70, 5C, 44, 6F, 6E, 65, 2E, 70, 64, 62, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
440.5 KB (451,072 bytes)

The file adobeflash.exe has been seen being distributed by the following URL.

http://tvnewsy.mooo.com/.../AdobeFlash.exe

Remove adobeflash.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.