» adobeflashplayerv10.1.102.64.exe
Overview
Analysis
File Details
Downloads (1)

adobeflashplayerv10.1.102.64.exe

The application adobeflashplayerv10.1.102.64.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from ui2b-jj.serveirc.com.

File name:

MD5:

9d8061956b7a3d826c3ab4389ab25ecf

SHA-1:

a6b728ab4c48e3df314832c2c593d3bdcc5a6604

SHA-256:

d8fb10a99eaeaef6f402fb2f4877ac2e18d7ac5a47fb63118ced5a11a75dd9d9

Scanner detections:

29 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 4:30:25 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.FakeAV

7.1.1

AhnLab V3 Security

Trojan/Win32.FakeAV

2013.03.09

Avira AntiVirus

TR/FakeAV.CT.5

7.11.64.54

avast!

Win32:Delf-PPW [Trj]

2014.9-160217

AVG

Generic4

2017.0.2830

Bitdefender

Trojan.Agent.AROS

1.0.20.240

Comodo Security

UnclassifiedMalware

15506

Dr.Web

Trojan.Fakealert.20944

9.0.1.048

Emsisoft Anti-Malware

Trojan.Agent.AROS

8.16.02.17.08

ESET NOD32

Win32/Adware.FakeAntiSpy.AM (variant)

10.8097

Fortinet FortiGate

W32/FakeAV.AA!tr

2/17/2016

F-Secure

Trojan.Agent.AROS

11.2016-17-02_4

G Data

Trojan.Agent.AROS

16.2.22

IKARUS anti.virus

Trojan.Win32.FakeAV

t3scan.2.0.0.0

K7 AntiVirus

Trojan

13.163.8328

Kaspersky

Trojan.Win32.FakeAV

14.0.0.646

Malwarebytes

Trojan.Fakealert

v2016.02.17.08

McAfee

FakeAlert-PJ.gen.n

5600.6486

Microsoft Security Essentials

Rogue:Win32/FakePAV

1.163.1557.0

MicroWorld eScan

Trojan.Agent.AROS

17.0.0.144

NANO AntiVirus

Trojan.Win32.Fakealert.cskye

0.22.8.50837

Norman

Suspicious_Gen2.SNMUS

11.20160217

nProtect

Trojan/W32.FakeAV.633344.D

13.03.08.01

Panda Antivirus

Trj/Genetic.gen

16.02.17.08

Quick Heal

Trojan.FakeAV.cvjt

2.16.12.00

Sophos

Mal/FakeAV-CZ

4.86

Trend Micro House Call

TROJ_GEN.R21C2EB

7.2.48

Vba32 AntiVirus

Trojan.FakeAV.cvjs

3.12.20.2

VIPRE Antivirus

FraudTool.Win32.CleanThis

15936

File size:

618.5 KB (633,344 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\adobeflashplayerv10.1.102.64.exe

File PE Metadata

Compilation timestamp:

5/1/2011 12:01:03 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:8QIfqOiX9P/aazd1ctyDXATXs7dFTR+4TYGt9ROHBgCg0D:8QIydX/d1rTAyTR+SYGt9kBg70D

Entry address:

0x173EF0

Entry point:

60, BE, 00, 30, 4E, 00, 8D, BE, 00, E0, F1, FF, C7, 87, BC, 87, 0E, 00, B1, AC, 2C, B7, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

584 KB (598,016 bytes)

The file adobeflashplayerv10.1.102.64.exe has been seen being distributed by the following URL.

http://ui2b-jj.serveirc.com/.../adobeflashplayerv10.1.102.64.exe

Remove adobeflashplayerv10.1.102.64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.