» flash_player_ax.exe
Overview
Analysis
File Details
Programs (5)
Downloads (14)

flash_player_ax.exe

Adobe Flash Player ActiveX

Adobe Systems Incorporated

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.nutrilog.com and multiple other hosts.

File name:

flash_player_ax.exe

Publisher:

Adobe Systems Incorporated (signed and verified)

Product:

Adobe® Flash® Player ActiveX

Description:

Adobe® Flash® Player ActiveX Installer

Version:

1.0.20

MD5:

5f6c243a10337a4269f994cd8b3a6137

SHA-1:

901b53ebe26c62c0bd7fc7dc400552ce335685bb

SHA-256:

67aacd9226eb6272b901aa1618eeb7d6431b5ff2194b21da3745a881df5020a2

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/15/2024 12:44:20 AM UTC (today)

Scan engine

Detection

Engine version

XVirus List

Win.Detected

2.3.31

File size:

1.9 MB (1,956,656 bytes)

Product version:

10.0.45.2

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flash_player_ax.exe

Digital Signature

Signed by:

Adobe Systems Incorporated

Authority:

VeriSign, Inc.

Valid from:

11/5/2009 12:00:00 AM

Valid to:

12/10/2010 11:59:59 PM

Subject:

CN=Adobe Systems Incorporated, OU=Information Systems, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Adobe Systems Incorporated, L=San Jose, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4D4EDD7706EF6B3131D00B1C6791D0C1

File PE Metadata

Compilation timestamp:

1/13/2007 6:28:14 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:twcrU7F8GAOXyN7XhvoR/XUaV5A4fngK71EzKdt:twcrUC82XBoRPUC5Xg6EzKj

Entry address:

0x36F2

Entry point:

81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BB, 10, A7, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 80, 40, 00, 56, FF, 15, 7C, 82, 40, 00, A3, D0, 6B, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, B8, 14, 42, 00, FF, 15, 58, 81, 40, 00, 68, 34, A8, 40, 00, 68, 20, 63, 42, 00, E8, 72, 29, 00, 00, BD, 00, D4, 42, 00, 55, 68, 00, 04, 00, 00, FF, 15, B8, 80, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 55, FF, 15, B4, 80, 40, 00, 68, 2C, A8, 40, 00, 55, E8, 5D... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

24.5 KB (25,088 bytes)

The file flash_player_ax.exe has been discovered within the following programs.

Adobe Flash Player 11 ActiveX by Adobe Systems Incorporated

The Adobe Flash Player is freeware software for viewing multimedia, executing Rich Internet Applications, and streaming video and audio, content created on the Adobe Flash platform. Flash Player can run from a web browser (as a browser plug-in) or on supported mobile devices.

www.adobe.com

4% remove it

Adobe Flash Player 11 Plugin by Adobe Systems Incorporated

Publisher's description - “Adobe Flash Player 11 drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices.”

5% remove it

Flash Player Pro V4.5 by FlashPlayerPro.com

FlashPlayerPro is bundled with various 3-rd party download managers and installers including OptimumInstaller by Adknowledge.

www.flashplayerpro.com

63% remove it

Safe X3 Client V1 by Sage Software, Inc.

www.Sage.com

About 7% of users remove it

syngo Dynamics Portal by Siemens Medical Solutions

Publisher's description - “With syngo Dynamics you can rapidly read multi-modality images and create reports for your cardiovascular patients. Studies from across your enterprise can be accessed quickly, and are available at your fingertips.”

usa.healthcare.siemens.com/medical-imaging-it/cardiology-it-systems/syngodynamics

About 4% of users remove it

The file flash_player_ax.exe has been seen being distributed by the following 14 URLs.

http://www.nutrilog.com/.../install_flash_player_active_x.exe

http://41.223.201.246:801/.../flash_player_ax.exe

http://teacher.yhes.ntpc.edu.tw/103/.../install_flash_player_ax.exe

http://fk.uns/.../install_flash_player_10_active_x.exe

http://www.brothersoft.com/d.php?soft_id=43144&url=http://usfiles.brothersoft.com/dvd_video/.../Macromedia_Flash_Player.exe&name=Macromedia Flash Player

http://clientn.speedmp3downloader.com/.../flash_player_ax.exe

http://clientn.hotmp3downloader.com/.../flash_player_ax.exe

http://clientn.mp3freedownloader.com/.../flash_player_ax.exe

http://clientn.music-mp3-downloader.com/.../flash_player_ax.exe

http://clientn.super-mp3-download.com/.../flash_player_ax.exe

http://clientn.easymp3downloader.com/.../flash_player_ax.exe

http://clientn.mp3-rocket-download.com/.../flash_player_ax.exe

http://files.brothersoft.com/dvd_video/.../Macromedia_Flash_Player.exe

http://fpdownload.adobe.com/get/flashplayer/.../install_flash_player_ax.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.