alternative-flash-player-auto-updater-1.2.0.1-setup.exe

Project1

The executable alternative-flash-player-auto-updater-1.2.0.1-setup.exe has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from pxc-coding.com.
Product:
Project1

Version:
1.00

MD5:
ddf0994e2c7b9eba59ab389c9249c57f

SHA-1:
0fb040f0a9189d3eb055cb3e87987438b87c6791

SHA-256:
18beb169e27e829056cdd945259a0ce60170498243464bc86a9e77a6ecf5f918

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 12:26:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.7.21.9

File size:
1.6 MB (1,689,023 bytes)

Product version:
1.00

Original file name:
TJprojMain.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\alternative-flash-player-auto-updater-1.2.0.1-setup.exe

File PE Metadata
Compilation timestamp:
4/1/2013 2:08:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:tFOaCQiFgEA1o17u0gDWLA66m+NifPk4XUcq5ukdo2oLPJ+4MSAmUwHx76rl0Kuz:zW9F0oD0M6ho1Lq5dToFvk276R07neU

Entry address:
0x290C

Entry point:
68, DC, 3A, 40, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 57, 08, 7A, C5, 86, 1A, F4, 47, A8, FB, 94, FD, 7A, FD, 93, F4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 66, CF, 11, B7, 0C, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, 7F, A1, 6C, ED, CC, B4, F9, 4B, B4, 26, 0B, DE, 01, CB, 7E, 81, 01, 00, 00, 00, A0, 00, 00, 00...
 
[+]

Entropy:
7.7824

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
104 KB (106,496 bytes)

The file alternative-flash-player-auto-updater-1.2.0.1-setup.exe has been seen being distributed by the following URL.