flash_player.exe

GENCO LABS LLC

The application flash_player.exe by GENCO LABS has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.netgetitfor.me.
Publisher:
GENCO LABS LLC  (signed and verified)

MD5:
573db653162352f9d17ab45e5e8e2268

SHA-1:
2db51c1541cee6987734f1f9e9c17db4d67aa95c

SHA-256:
340cee5902262e0742bec93dfbe1d3f2686151855ebdfd1a4487ecdb46a79e78

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
12/25/2024 3:58:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Adload.G
553

AhnLab V3 Security
PUP/Win32.Adload
2015.05.02

avast!
Malware-gen
2014.9-150501

AVG
Adware Generic_c
2016.0.3122

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
TrojWare.Win32.TrojanDownloader.Adload.ZQXT
21962

Dr.Web
Trojan.Fraudster.1462
9.0.1.0121

Emsisoft Anti-Malware
Adware.Adload
8.15.07.31.12

ESET NOD32
NSIS/TrojanDownloader.Adload.AM trojan
7.0.302.0

Fortinet FortiGate
Adware/AdloadAM
5/1/2015

K7 AntiVirus
Unwanted-Program
13.203.15778

Malwarebytes
PUP.Optional.Softonic.SID.C
v2015.07.31.12

MicroWorld eScan
Adware.Adload.G
16.0.0.636

NANO AntiVirus
Trojan.Nsis.Fraudster.dqgtty
0.30.24.1357

Norman
Downloader
11.20150501

nProtect
Adware.Adload.G
15.05.19.01

Reason Heuristics
Threat.BR Software.Installer
15.5.1.18

Sophos
PUA 'AdLoad' (of type Adware)
5.14

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4785227
39676

Zillya! Antivirus
Trojan.Nurjax.Win32.1
2.0.0.2164

File size:
75.7 KB (77,536 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\flash_player.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
2/17/2015 7:53:38 AM

Valid to:
10/20/2015 7:14:36 PM

Subject:
CN=GENCO LABS LLC, O=GENCO LABS LLC, L=Lewes, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00BE2471032696C220

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:aoLDYsacy7mHMowHjXJdx5QkVpkHCI1V5k6uYx5xGUGAFODaUb:aoPyys5jXJdx5QkVpkNTLx8AFOj

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flash_player.exe has been seen being distributed by the following URL.

Remove flash_player.exe - Powered by Reason Core Security