adobeflash_setup.exe

The application adobeflash_setup.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from downloader.downloadinfo.co and multiple other hosts a web site host known to distribute potentially unwanted software operated by Downloadinfo.
MD5:
28cbbdada7250263a7e4f30c6c96ff3b

SHA-1:
2a3e10ff6dc415ba5382afe7f4909eea1fd491bb

SHA-256:
454fd40aa5dac10236b02fa6c97f0ec7b45834849fb700775635917260aa6ad5

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:
12/26/2024 12:29:30 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2013.04.19

Avira AntiVirus
7.11.73.120

Baidu Antivirus
Malware.Win32.Adware
4.0.3.14128

Comodo Security
UnclassifiedMalware
15977

Dr.Web
Adware.InstallCore.86
9.0.1.0342

ESET NOD32
Win32/InstallCore.AZ (variant)
8.8243

F-Prot
W32/InstallCore.S.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.164.8548

McAfee
Artemis!F01CFFC90ED5
5600.6922

Microsoft Security Essentials
1.163.1557.0

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.141206

Sophos
Install Core
4.93

Trend Micro House Call
TROJ_GEN.F47V0127
7.2.342

Trend Micro
TROJ_GEN.RCBCOCO
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic
16982

File size:
1.1 MB (1,203,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\adobeflash_setup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:OVUoZA0BgSpdjVwc8APvNkTvG0wEYur8xG6vuTkdTisspiMO7:yZTBgSpHKAeTvG0dYur8xciTis

Entry address:
0xD6810

Entry point:
55, 8B, EC, 83, C4, F0, B8, B8, FD, 41, 00, E8, 29, F4, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7126

Developed / compiled with:
Microsoft Visual C++

Code size:
869.5 KB (890,368 bytes)

The file adobeflash_setup.exe has been seen being distributed by the following 3 URLs.

Remove adobeflash_setup.exe - Powered by Reason Core Security