flash_player_14_plugin.exe

The application flash_player_14_plugin.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from kyle.mxp4117.com and multiple other hosts.
MD5:
6712fca4e337214bf509d0214dcf494e

SHA-1:
cea59a6c40c27d50c28c590aa2aefd47802905ec

SHA-256:
0523ea8423998a439048889524811f21eacee49d5902f76b7a885a2014ba462f

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 2:21:17 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.U
790

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.SmartSecure
2014.10.12

Avira AntiVirus
APPL/Softpulse.Gen8
7.11.177.186

avast!
Win32:SoftPulse-AH [PUP]
2014.9-140925

AVG
Generic
2015.0.3341

Bitdefender
Application.Bundler.DomaIQ.U
1.0.20.1700

Clam AntiVirus
Win.Trojan.Softpulse-44
0.98/19505

Dr.Web
Trojan.MulDrop5.40191
9.0.1.0268

ESET NOD32
Win32/SoftPulse (variant)
8.10549

F-Prot
W32/A-0146f17e
v6.4.7.1.166

F-Secure
Application.Bundler.DomaIQ
11.2014-06-12_7

G Data
Application.Bundler.DomaIQ
14.9.24

herdProtect (fuzzy)
2014.12.7.4

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13642

Malwarebytes
PUP.Optional.MultiPlug
v2014.09.25.07

McAfee
SoftPulse
5600.6997

Microsoft Security Essentials
Threat.Undefined
1.185.1001.0

MicroWorld eScan
Application.Bundler.DomaIQ.U
15.0.0.1020

NANO AntiVirus
Trojan.Win32.Agent.dfjvlg
0.28.2.62483

Panda Antivirus
Trj/Genetic.gen
14.09.25.07

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.25.7

Sophos
SoftPulse
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10338

Vba32 AntiVirus
BScope.Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
33854

File size:
1.3 MB (1,355,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flash_player_14_plugin.exe

File PE Metadata
Compilation timestamp:
9/22/2014 2:17:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:oDASdSysJOcj0VQpWbl7s2LP0CXuiAayiWASALUgv2j6R6XEVeRs9HgVfgy5:rSQtk2zQytkgis6yxX5

Entry address:
0x6BEA

Entry point:
E8, FF, 3C, 00, 00, E9, 7F, FE, FF, FF, E9, 0F, 00, 00, 00, 3B, 0D, 90, 30, 46, 00, 75, 02, F3, C3, E9, FA, 43, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 10, 49, 46, 00, FF, 15, 68, 50, 41, 00, 85, C0, 75, 18, 56, E8, 03, 45, 00, 00, 8B, F0, FF, 15, B8, 50, 41, 00, 50, E8, 08, 45, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7...
 
[+]

Entropy:
7.6696

Code size:
78 KB (79,872 bytes)

The file flash_player_14_plugin.exe has been seen being distributed by the following 2 URLs.

Remove flash_player_14_plugin.exe - Powered by Reason Core Security