home

flash_player.exe

Fileangels

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application flash_player.exe, “Premium Installer ” by Fileangels has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from www.ifreeupdates.com.
Publisher:
Premium Installer   (signed by Fileangels)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
f9580afcd53247f9030dcaaa892f2c2d

SHA-1:
a4769847924b6009afce368569035a38f2f5ab17

SHA-256:
1df1b39f2467c41e32c3d473ed4c131a829889e159774345e20df959309de08a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/2/2024 5:18:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge.Fileange.Bundler (M)
16.5.4.3

File size:
79.9 KB (81,776 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flash_player.exe

Digital Signature
Signed by:
Fileangels

Authority:
COMODO CA Limited

Valid from:
7/13/2014 8:00:00 PM

Valid to:
7/14/2015 7:59:59 PM

Subject:
CN=Fileangels, O=Fileangels, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1D54F646CB5A85211464AF0FDAB3D591

File PE Metadata
Compilation timestamp:
11/5/2014 12:00:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:EBFh7xhnE81m3umhUSrFYlsnhv+Grmh4gJSwOeEW3eUZjwyDOJJu2vo8V:EBFh7nn/1m3VFn+GrYOv6P9QV

Entry address:
0x63A1

Entry point:
E8, 52, 05, 00, 00, E9, 36, FD, FF, FF, CC, FF, 25, C8, 81, 40, 00, 6A, 14, 68, B8, B7, 40, 00, E8, B6, 00, 00, 00, FF, 35, 2C, D4, 40, 00, 8B, 35, 98, 81, 40, 00, FF, D6, 59, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 94, 81, 40, 00, 59, EB, 67, 6A, 08, E8, B2, 05, 00, 00, 59, 83, 65, FC, 00, FF, 35, 2C, D4, 40, 00, FF, D6, 89, 45, E4, FF, 35, 28, D4, 40, 00, FF, D6, 59, 59, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, 80, 81, 40, 00, FF, D6, 59, 50, E8, 75, 05, 00, 00, 89, 45...
 
[+]

Entropy:
5.8171

Code size:
24.5 KB (25,088 bytes)

The file flash_player.exe has been seen being distributed by the following URL.

http://www.ifreeupdates.com/.../download.php?id=5459b9c80648b&i=35

Remove flash_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.