home

adobeflash_setup.exe

The application adobeflash_setup.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from downloader.downloadinfo.co and multiple other hosts a web site host known to distribute potentially unwanted software operated by Downloadinfo.
MD5:
28cbbdada7250263a7e4f30c6c96ff3b

SHA-1:
2a3e10ff6dc415ba5382afe7f4909eea1fd491bb

SHA-256:
454fd40aa5dac10236b02fa6c97f0ec7b45834849fb700775635917260aa6ad5

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:
11/23/2024 2:23:41 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2013.04.19

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.73.120

Baidu Antivirus
Malware.Win32.Adware
4.0.3.14128

Comodo Security
UnclassifiedMalware
15977

Dr.Web
Adware.InstallCore.86
9.0.1.0342

ESET NOD32
Win32/InstallCore.AZ (variant)
8.8243

F-Prot
W32/InstallCore.S.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.164.8548

McAfee
Artemis!F01CFFC90ED5
5600.6922

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
1.163.1557.0

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.141206

Sophos
Install Core
4.93

Trend Micro House Call
TROJ_GEN.F47V0127
7.2.342

Trend Micro
TROJ_GEN.RCBCOCO
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic
16982

File size:
1.1 MB (1,203,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\adobeflash_setup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:OVUoZA0BgSpdjVwc8APvNkTvG0wEYur8xG6vuTkdTisspiMO7:yZTBgSpHKAeTvG0dYur8xciTis

Entry address:
0xD6810

Entry point:
55, 8B, EC, 83, C4, F0, B8, B8, FD, 41, 00, E8, 29, F4, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7126

Developed / compiled with:
Microsoft Visual C++

Code size:
869.5 KB (890,368 bytes)

The file adobeflash_setup.exe has been seen being distributed by the following 3 URLs.

http://downloader.downloadinfo.co/?id=7477907fa763bbefc266ceb17279d46c782033bf&ts=1359071791&r=/review/.../?kw=adobe flash player 11 free download&subid=DIAFUS&cust=adobe flash player 11 free download&type=flash&gclid=CPSMrPaYgrUCFe5xQgodsy0A3g&utm_campaign=DIAFUS&fwd=1

http://downloader.downloadinfo.co/?id=7477907fa763bbefc266ceb17279d46c782033bf&ts=1358808256&r=/review/.../?kw=adobe flash player&subid=DIAFUS&cust=adobe flash player&type=flash&gclid=CNyKnprD-rQCFdKd4Aod3EQA7w&utm_campaign=DIAFUS&fwd=1

http://downloader.downloadinfo.co/?id=7477907fa763bbefc266ceb17279d46c782033bf&ts=1359425056&r=/review/.../?kw=adobe's flash player&subid=DIAFUS&cust=adobe's flash player&type=flash&gclid=CIPE4fS8jLUCFQ45nAodh18AIA&utm_campaign=DIAFUS&fwd=1

Remove adobeflash_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.