adobeshockwavextrabundle.exe

Adobe Shockwave Player

Adobe Systems Incorporated

The executable adobeshockwavextrabundle.exe has been detected as malware by 10 anti-virus scanners.
Publisher:
Adobe Systems Inc.  (signed by Adobe Systems Incorporated)

Product:
Adobe Shockwave Player

Version:
12.1.3.153

MD5:
405f8ae0ff764bb1216bfa82dbc618c5

SHA-1:
ee2861758074ae4a802c48e9b1e165dc9391dcf3

SHA-256:
acc3f6515fae29794f6a5c374a346590f71098c9121e2525fa595bfe8cdf242c

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
12/26/2024 2:29:54 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Patched-JI
160215-2

AVG
Win32/Slugin.A
2015.0.4530

Dr.Web
Win32.Wplugin.1
9.0.1.05190

Emsisoft Anti-Malware
Win32.SlugIn
10.0.0.5366

ESET NOD32
Win32/Agent.NAG virus
8.0.319.0

F-Prot
W32/Slugin.B
4.6.5.141

Kaspersky
Virus.Win32.Slugin
15.0.0.562

McAfee
Virus.W32/Wplugin
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6510.0

VIPRE Antivirus
Threat.4314870
47236

File size:
958.9 KB (981,947 bytes)

Copyright:
© Adobe Systems Inc 1985-2011

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\adobeshockwavextrabundle.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
1/14/2014 12:00:00 AM

Valid to:
1/7/2016 11:59:59 PM

Subject:
CN=Adobe Systems Incorporated, OU=Shockwave Player, O=Adobe Systems Incorporated, L=San Jose, S=California, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
179D59ADF23718F7715D27F6F38550EA

File PE Metadata
Compilation timestamp:
1/29/2009 2:42:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:3OL28HJj9oSDpFOro1rTXRfnbY34Ig6goEHyp5ky:30pjxDJVXhs34FoPTL

Entry address:
0x3542

Entry point:
60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 00, 10, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 00, 10, 89, 45, 00, 8B, 83, B3, 4B, 00, 10, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 00, 10, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 00, 10, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 00, 10, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
25 KB (25,600 bytes)

Remove adobeshockwavextrabundle.exe - Powered by Reason Core Security