Alternative Flash Player Auto-Updater.exe

Flash Player Auto-Updater

Wecode.biz

The executable Alternative Flash Player Auto-Updater.exe, “Alternative Flash Player Auto-Updater” has been detected as malware by 9 anti-virus scanners. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
Publisher:
Wecode.biz

Product:
Flash Player Auto-Updater

Description:
Alternative Flash Player Auto-Updater

Version:
1.0.0.4

MD5:
3562bac775a777a8de9bff77dd483ea8

SHA-1:
fcc1fefe23bc0d774362d5c61632f0293e24c997

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/27/2024 7:50:25 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic34
2015.0.3502

IKARUS anti.virus
Trojan.Msil
t3scan.2.0.127

Kaspersky
Trojan.MSIL.Agent
14.0.0.4004

McAfee
RDN/Generic.dx!c2r
5600.7158

Norman
Suspicious_Gen4.ERCKB
11.20140417

Quick Heal
Trojan.MSIL.Agent.saq
4.14.12.00

Trend Micro House Call
TROJ_GEN.RCBH1HV
7.2.107

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Generic
20872

File size:
864 KB (884,736 bytes)

Product version:
1.0.0.4

Copyright:
Copyright © DiSTANTX

Original file name:
Alternative Flash Player Auto-Updater.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\alternative flash player auto-updater\alternative flash player auto-updater.exe

File PE Metadata
Compilation timestamp:
1/11/2011 8:24:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:AOb5klzPYbT9lGOb5klzPYbT9l7bnOb5klzPYbT9l:xfbby

Entry address:
0x9728E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
597 KB (611,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.120:80)

TCP (HTTP):

Remove Alternative Flash Player Auto-Updater.exe - Powered by Reason Core Security