flash_player.exe

The application flash_player.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.4threquest.me.
MD5:
c227f35ace972c286e4244c9db5d4b0a

SHA-1:
d245118505b0c54f6a873ce5e3d3724e4bcb7164

SHA-256:
998690e911d31ca3676bbefb68ab0bb3a6c5c0136fc5a5343ab62053c2c551f9

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:23:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2405264
203

AhnLab V3 Security
Adware/Win32.LoadMoney
2015.05.28

Avira AntiVirus
TR/Dldr.Adload.66295
8.3.1.6

avast!
NSIS:Downloader-ACE [PUP]
2014.9-160716

AVG
Downloader
2017.0.2681

Baidu Antivirus
PUA.Win32.Adload
4.0.3.16716

Bitdefender
Trojan.GenericKD.2405264
1.0.20.990

Emsisoft Anti-Malware
Trojan.GenericKD.2405264
8.16.07.16.12

ESET NOD32
NSIS/TrojanDownloader.Adload.AM
10.11697

Fortinet FortiGate
Adware/AdloadAM
7/16/2016

F-Secure
Trojan.GenericKD.2405264
11.2016-16-07_7

G Data
Trojan.GenericKD.2405264
16.7.25

Kaspersky
Trojan-Downloader.Win32.Genome
14.0.0.-100

McAfee
Artemis!C227F35ACE97
5600.6337

MicroWorld eScan
Trojan.GenericKD.2405264
17.0.0.594

NANO AntiVirus
Trojan.Nsis.Genome.drxdju
0.30.24.1636

Norman
Downloader
11.20160716

nProtect
Trojan.GenericKD.2405264
15.05.28.01

Sophos
AdLoad
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-KD
9019

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Amonetize
40622

File size:
64.7 KB (66,295 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\flash_player.exe

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:MQpQ5EP0ijnRTXJk5NHFmQ2YGTtl6TwTlJzP:MQIURTXJk5Nlx2YGZ0MTfzP

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flash_player.exe has been seen being distributed by the following URL.

Remove flash_player.exe - Powered by Reason Core Security