» adobeflashplayer.exe
Overview
Analysis
File Details
Downloads (28)
Network (2)

adobeflashplayer.exe

Installer

OOO ELEKTRO-KOD

The application adobeflashplayer.exe by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from freemaintenance.safe-video4u.xyz and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Publisher:

OOO ELEKTRO-KOD (signed and verified)

Product:

Installer

Version:

1.0.0.1

MD5:

7a81b488c546513e9e72b01d6ad26b5f

SHA-1:

abf9af6e733b520a32619d4723a5f1f0b2fe8a83

SHA-256:

67ec92b3edf9710c31ebf3407c80bcf5898e490c9dfee093553b1679d4604055

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 5:35:49 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.OOOELEKT.Installer (M)

16.6.23.16

File size:

107.6 KB (110,144 bytes)

Product version:

1.0.0.1

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\adobeflashplayer.exe

Digital Signature

Signed by:

OOO ELEKTRO-KOD

Authority:

COMODO CA Limited

Valid from:

4/14/2016 5:00:00 PM

Valid to:

4/15/2017 4:59:59 PM

Subject:

CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="ul. Ibragimova, d. 35 str. 2 Pom I Komn 14", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2EC7061CBC4E49BEE7F530967BE4F7BC

File PE Metadata

Compilation timestamp:

6/23/2016 3:03:18 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

80.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:pFQJCrnlrqt6NMZFebn9u2wdAvwu6b9Ym:L0CrnlrqQNMZAb9uNAvwu49

Entry address:

0x1247E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5895

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

65.5 KB (67,072 bytes)

The file adobeflashplayer.exe has been seen being distributed by the following 28 URLs.

http://freemaintenance.safe-video4u.xyz/dl.php?pcl=LTyOiHq3PmNJhwzC3tqU1nTi2zgV1swit5khbZmTfPw.&cid=25049601791466701954&conversion_id=14667019574213&app_id=4&lp_id=1561&v=tribat&stub_id=305&v_id=cpwYkaNVWp2SN-4JOWKGMLt1PUFGAPUCasQIeIGLdJA.&lpp=*-*-*

http://update4now.secure-updates.site/dl.php?rtyru=7Rjm8PC3nA8NBpEj5V89TnE1LGEm2QqGGZU_EVKycas.&cid=31116815761466764290&conversion_id=14667642932537&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=zH2cbUt9g3Cr2CqGVC2i2YOZbKnrZaToJqWZ7dc__Hk.&lpp=*-*-*

http://update4now.secure-updates.site/dl.php?rtyru=auugQQuu35sGCpB56L3RBiY8o_ItZLSbib59a5Kat9Q.&cid=14346400161466758360&conversion_id=14667583614341&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=1E7ExjS-HwyUZCVO1gXcFL2wSBL5ofoD9cI9E7fIyAw.&lpp=*-*-*

http://newalways.up247updater.website/dl.php?pcl=MriI1B8BE_ZLmVgBPm4ixOP51KzesxzWL0eMZt42418.&cid=12381308741466708890&SUB_ID=452252&conversion_id=14667088997592&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=6ULZsf52fD4ZIvebLiOHtY7dMckUhEKnzVH0ibi6id0.&lpp=*-*-*

http://prepareupdate.up247updater.xyz/dl.php?pcl=HjYIEnhfdSfpFSZpCj0k_KswTOJpmNh7C79eozBjYIw.&cid=12999924081466749464&conversion_id=14667494665513&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=87aT3fjU6GfoCucyk7LuT7Iv62duIf6PjjXUdPSFXG4.&lpp=*-*-*

http://softnewready.nowupgrade247.site/dl.php?tgfyd=wvw_Q22qW98gZoy0KS3oqL6rKUL4h7vLzrsK1wDWolk.&cid=6d65dBvtB7cB6Qe-Mbt1AlsZRnXmdMP2uSs4qs2ba6G5GNQB1XDAnCuVesVAPNK--_5d7BBpTwGBrrDRKBcur11dEepmknyDYTUmivFb0g2TgW66bw9lpB559d8Er-ATxHuGw18bg8szapo2VmJYLRXeDRifDsXXxib1aLTe7I1dRZ9SR8C6IaAmQgrjXeuXcqr3t-1gryZGuCyft4eZnAfFIFb0ewoSIEcJF2IFquPUOwWWF1E8jeApLwLuXuQ7Y8QbAc82Dr9F1o3oEXaXQcP3TuFxznTWD8gPnBzKXotn_ylTMSN7mojFGP-cSXWETQmhOLUuxi_5GSwUr6nrDX4cF__Lo7w6rPy2gaNrLCFT2ve6Wsruq4IGquwjOWOIgbPEy8EJHRCEMMpvsrhAG6zzWZTVtdbimVrIFqKm6RwSRBNhZwlpI_oY0UGdx178fjQauDH0sIdahcGZ_Ehghp8bzXWaL47IDaRpZUJcZFb8gJLxyMI&sid=[SUB_ID]&conversion_id=14667321891520&app_id=4&lp_id=1681&v=tribat&stub_id=305&v_id=xgH_xgvWjqAtWeExpY5L1sk2AHhJ-sezSFX8it97e40.&lpp=*-*-*

http://update2.secure-updates.site/dl.php?rtyru=LTyOiHq3PmNJhwzC3tqU1nTi2zgV1swit5khbZmTfPw.&cid=16119993041466707610&conversion_id=14667076154972&app_id=4&lp_id=1561&v=tribat&stub_id=305&v_id=VifMmFGsPfMp7Qeeqxb0Vm8-WK69ZoJklz0S6iBwnjM.&lpp=*-*-*

http://update2now.nowupgrade247.xyz/dl.php?htryj=Lp7VeWAEDf9s57jtwii4oIINVuWb84pCCfZ74or9u2I.&cid=0DvD2fKIh7_odiC-LBGMhRfRtcNQU2RzVoAYHCGGEXtHWQfdnwi-TpyIN4QvlOO8_zg-nKDUH1nAFFbSxqX4mKLGodKR49OK5BZ1AbCQEZZN58G7EFiK7GEXnQYY0kdoFGZ8lGGPKtiEbW9xRhH5TOujnU4SOais0XJqXUlVOnX75qBpdAbZoVLs5vRmIwnn1Terna8hUoxqwlz2ds3cZULhocwRcnYAfZRlUPGXtO9bOYzwXZqsS29l5Hn6saKfPJYzr-gz6cYgb5s6eRzdfbFbO836MTulUwBxBBeC319sLuVOPa9WU4iKjz-JK9OoPRluqDNPk89yU0eEy-hESnKcnYsJ9hknF-p5APAenXEa2HbGjOzDURE02qfP8x8GJ7Hxgob6NpHNEVR_sMEnreUxuKRAhS8Di9GSRCBL8GME0ulclCRyP1tfRyYDNZOsjKR-fIqHi2WKDs4jae3WeNaFDm5HKKKANpJPVHS38-Rigg9xMMuBMg9YOw&conversion_id=14666827411437&app_id=4&lp_id=1675&v=tribat&stub_id=305&v_id=ClZkuJIniwuTxDCpM6kPhCPKWWM7rdNicr7DBbtdiKA.&lpp=*-*-*

http://update2.secure-updates.site/dl.php?rtyru=Fx5HMY7FSZIOoMP0CmEUof4bdBzkLNC_94wPS5amifU.&cid=14641950831466723215&conversion_id=14667232171758&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=Flim6H1XAUL9P0-ef16Z3aSKmJjycjL54wKFrISym-o.&lpp=*-*-*

http://update4now.secure-updates.site/dl.php?rtyru=FyqMH3YM_Yab25MLrGeD4BGST9KrMxmjEGQnb-E2olU.&cid=14641725731466771945&conversion_id=14667719465766&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=8EJGD-0hM8BB6qr5Yj8npdD90RncB2kKSMsm1zxFkE8.&lpp=*-*-*

http://update2.secure-updates.site/dl.php?rtyru=d00u9Qi8InOoW-OvPvS0tWsTMIl7fx4o5HbZDnwdX0U.&cid=14163740081466713849&conversion_id=14667138513923&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=UvPCfemALtQXgf1SflM1tVUG7yi_hIuYMSQ8eBZDBgM.&lpp=*-*-*

http://freemaintenance.safe-video4u.xyz/dl.php?pcl=S4uNCVdZc7Y5SRsOfssmpG_G93cOBz-H7RVyhtTnxxs.&cid=7794517631466691790&conversion_id=14666917927861&app_id=4&lp_id=1561&v=tribat&stub_id=305&v_id=mZPO1InYaifl9Kgho_IvrR9oO3VI7DFoUCK9OmLkRAY.&lpp=*-*-*

https://doc-10-9o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/datavphf9702miqcnei81dfhfmi4qpq8/1466748000000/16396057748643531587/.../0B9F7GJXyXSUINHNYUVlLWW5lcjA?e=download

http://freemaintenance.safe-video4u.xyz/dl.php?pcl=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8MzUxOTd8MjkxMTIwfDQzNTcxMnwxNDY2NzAwMzk1fGEzNDA0MTA1LTlkMWUtNGM5OC1jYzFlLTI5NjdlYWU4YTE0MXw4NC45NC4xODUuMTcyfHw1fDFhZWU0NDA5NTFmNTMzZGYwNzBkZTRlNDZhYTg0N2Nj&conversion_id=14667004020678&app_id=4&lp_id=1401&v=tribat&stub_id=305&v_id=wFFXLTRgw9_9XgUuLIYz1y5p7yhkbjERIxHEoe6LLp4.&lpp=*-*-*

http://prepareupdate.up247updater.xyz/dl.php?pcl=adpVY-sPuITI9X9mnKy61eQuF_5y33BATXWMQJ6Fg1Y.&cid=18436794921466747222&conversion_id=14667472249755&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=Ehv5VlKejOEQdW-uQxs9QxIN9UJ0avYgNzfotXowx0M.&lpp=*-*-*

http://newliveupdate.theultimateupgrader.online/dl.php?pcl=BYqksZLgkHcxMNvlsnO8vMaFJ8KHxR8XNShifuwJq14.&cid=858228581466683182&SUB_ID=1278203&conversion_id=14666831844293&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=heDxVcrK5_SqOy_TYHb-7D2W4Ydnv6hKBJU0BB7HgA4.&lpp=*-*-*

http://freemaintenance.safe-video4u.xyz/dl.php?pcl=FyqMH3YM_Yab25MLrGeD4BGST9KrMxmjEGQnb-E2olU.&cid=7794277531466694062&conversion_id=14666940675318&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=FeDw8HPcnDdIsnP0nydhtzXL74RTxsemUR2h0zZ-ndE.&lpp=*-*-*

http://finishedupdate.safe-video4u.xyz/dl.php?pcl=-3ymhH8Idg_MAq3_VXUs6wPd2h6zOCDlQpVOdacMtgc.&cid=13373079981466692012&SUB_ID=1278203&conversion_id=14666920151855&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=nuFmwinUBZxzJ_XgL90jWmejRGzC8ojXctvYKjOfHKQ.&lpp=*-*-*

http://newalways.up247updater.website/dl.php?pcl=BYqksZLgkHcxMNvlsnO8vMaFJ8KHxR8XNShifuwJq14.&cid=31116813101466704399&SUB_ID=1278203&conversion_id=14667044017401&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=3OLvoqjQVApLQUWFiiRlmucII45gAySGlNffLrD21ro.&lpp=*-*-*

http://24check.ads4update.xyz/dl.php?pcl=7Rjm8PC3nA8NBpEj5V89TnE1LGEm2QqGGZU_EVKycas.&cid=13371836401466680422&conversion_id=14666804254197&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=4jMr7y4FCC9pSQ9uEzu0A2eGOCMBRZJCAe7h5Yk9_DY.&lpp=*-*-*

http://24check4updates.theultimateupdater.online/dl.php?pcl=10QydW4wk10InnO0nVjw-Gm4HrFaEMU2YL_WW3YFynE.&cid=MTA1MXw1MjA3fENBfDN8MXx8Y3pKeipTa1pETVRNNE9GOUhNSFF3Y2xScWIxbzVMVkJqTkVKQ1dFZHlTRmhyfHw&conversion_id=14667306066985&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=Hgjz8135RUeYWnsvDgq_TRVhAu1ORwF_HaUeA7LzjmM.&lpp=*-*-*

http://freemaintenance.safe-video4u.xyz/dl.php?pcl=IbuHqHgKHLj4A2QxA7NwZ5nC82AiTOiIDHfLBH985cU.&cid=14641972211466692978&conversion_id=14666930177158&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=roIjTQMh6nEo7jbd5V04J-OZOZ80zvmNT5XIClfMZDc.&lpp=No match

http://freemaintenance.safe-video4u.xyz/dl.php?pcl=adpVY-sPuITI9X9mnKy61eQuF_5y33BATXWMQJ6Fg1Y.&cid=6207752211466699336&conversion_id=14666993374332&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=tYgYVNIcugpIkJsdIFVyita1w8EW6CS3hOb4AJFAQCI.&lpp=*-*-*

http://update4now.secure-updates.site/dl.php?rtyru=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8MzI0Mnw0Njg2OTF8MzI3MDU1fDE0NjY3NjA0MjN8MWFlYTI3NWItMmU5OS00OTk0LWM5NjctOWZkZjA2Mzk2ODdifDEyNy4wLjAuMXxwc2lkYWI3XzF8MXwxMTU0MzlmNWI2NTU3Yjc5NGZkNDg5NTY2OWVhMDE4Mw==&conversion_id=14667604491762&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=AUmdqunIaiDyecl_p6uII1TRNvNsJ6cChlJumJQFrHY.&lpp=w10*-*-*

http://update2.secure-updates.site/dl.php?rtyru=SQ9NBRHeS4l5rv859xPuNm0VNSHS5UYXrjGOH9D4puQ.&cid=6300654761466704594&conversion_id=14667046219279&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=kWkrEA-T1Z-Da6k7F4ZcMaOlPqfae2ypzAmWWxOBFi8.&lpp=No match

http://freemaintenance.safe-video4u.xyz/dl.php?pcl=FyqMH3YM_Yab25MLrGeD4BGST9KrMxmjEGQnb-E2olU.&cid=853612301466686330&conversion_id=14666863347084&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=1tKkqa_BpLndoGYrvIBec2RLJswwTRApDSrup2rleM4.&lpp=*-*-*

http://freemaintenance.safe-video4u.xyz/dl.php?pcl=Kx2Mf5x4vk_hEJF56gIFeDRUilfSN_F6XwmdPlDLaFE.&cid=14346411931466689428&conversion_id=14666894336327&app_id=4&lp_id=1674&v=tribat&stub_id=305&v_id=NGQAR9b8GcMbzjOE2fpVFNLQRaRPFdjpd9qnuuRkLa0.&lpp=*-*-*

http://newsoftready.secure-updates.club/dl.php?dgh=9f3UsPlgctFIiLxe_n6fKbn66KWr1PPPcXjBEu9cBOw.&cid=MzA3MSMxMjUzMCM5NzIjMjA2OTZ8Mjg2NzQ2fElMfDN8MXx8fDk2ejZiNmVtNmlyMHw&conversion_id=14667517234639&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=aNkP9wsPB9KmLQwdNRGlLgmTtFr31AvUd50q4cEBcn8.&lpp=*-*-*

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove adobeflashplayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.