flash_player_ax.exe

Adobe Flash Player ActiveX

Adobe Systems Incorporated

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.nutrilog.com and multiple other hosts.
Publisher:
Adobe Systems Incorporated  (signed and verified)

Product:
Adobe® Flash® Player ActiveX

Description:
Adobe® Flash® Player ActiveX Installer

Version:
1.0.20

MD5:
5f6c243a10337a4269f994cd8b3a6137

SHA-1:
901b53ebe26c62c0bd7fc7dc400552ce335685bb

SHA-256:
67aacd9226eb6272b901aa1618eeb7d6431b5ff2194b21da3745a881df5020a2

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/26/2024 12:27:21 PM UTC  (today)

Scan engine
Detection
Engine version

XVirus List
Win.Detected
2.3.31

File size:
1.9 MB (1,956,656 bytes)

Product version:
10.0.45.2

Copyright:
Copyright © 1996-2009 Adobe Systems Incorporated and its licensors. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flash_player_ax.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/5/2009 12:00:00 AM

Valid to:
12/10/2010 11:59:59 PM

Subject:
CN=Adobe Systems Incorporated, OU=Information Systems, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Adobe Systems Incorporated, L=San Jose, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D4EDD7706EF6B3131D00B1C6791D0C1

File PE Metadata
Compilation timestamp:
1/13/2007 6:28:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:twcrU7F8GAOXyN7XhvoR/XUaV5A4fngK71EzKdt:twcrUC82XBoRPUC5Xg6EzKj

Entry address:
0x36F2

Entry point:
81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BB, 10, A7, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 80, 40, 00, 56, FF, 15, 7C, 82, 40, 00, A3, D0, 6B, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, B8, 14, 42, 00, FF, 15, 58, 81, 40, 00, 68, 34, A8, 40, 00, 68, 20, 63, 42, 00, E8, 72, 29, 00, 00, BD, 00, D4, 42, 00, 55, 68, 00, 04, 00, 00, FF, 15, B8, 80, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 55, FF, 15, B4, 80, 40, 00, 68, 2C, A8, 40, 00, 55, E8, 5D...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file flash_player_ax.exe has been discovered within the following programs.

Adobe Flash Player 11 ActiveX  by Adobe Systems Incorporated
The Adobe Flash Player is freeware software for viewing multimedia, executing Rich Internet Applications, and streaming video and audio, content created on the Adobe Flash platform. Flash Player can run from a web browser (as a browser plug-in) or on supported mobile devices.
www.adobe.com
4% remove it
Adobe Flash Player 11 Plugin  by Adobe Systems Incorporated
Publisher's description - “Adobe Flash Player 11 drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices.”
5% remove it
Flash Player Pro V4.5  by FlashPlayerPro.com
FlashPlayerPro is bundled with various 3-rd party download managers and installers including OptimumInstaller by Adknowledge.
www.flashplayerpro.com
63% remove it
Safe X3 Client V1  by Sage Software, Inc.
www.Sage.com
About 7% of users remove it
syngo Dynamics Portal  by Siemens Medical Solutions
Publisher's description - “With syngo Dynamics you can rapidly read multi-modality images and create reports for your cardiovascular patients. Studies from across your enterprise can be accessed quickly, and are available at your fingertips.”
usa.healthcare.siemens.com/medical-imaging-it/cardiology-it-systems/syngodynamics
About 4% of users remove it
 
Powered by Should I Remove It?

The file flash_player_ax.exe has been seen being distributed by the following 14 URLs.

http://www.nutrilog.com/.../install_flash_player_active_x.exe

http://41.223.201.246:801/.../flash_player_ax.exe