» flash_player_installer.exe
Overview
Analysis
File Details
Downloads (1)

flash_player_installer.exe

WindowsFormsApplication1

The application flash_player_installer.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. The file has been seen being downloaded from pornhox.com.

File name:

Product:

WindowsFormsApplication1

Version:

1.0.0.0

MD5:

93d2248e31366b674a12f222e948bfaf

SHA-1:

9348978f33cfcb9a11341abcc4fa3a51a716000e

SHA-256:

e37e972ed79d63393c282fb2233cbd8a972e736f1f55f898b59f8a06472ca800

Scanner detections:

27 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 3:35:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.7978122

343

Agnitum Outpost

Trojan.DR.Chextad

7.1.1

Avira AntiVirus

TR/Agent.18432.151

7.11.212.246

avast!

Win32:Trojan-gen

2014.9-160227

AVG

Dropper.Small

2017.0.2821

Baidu Antivirus

Trojan.MSIL.Dropper

4.0.3.16227

Bitdefender

Trojan.Generic.7978122

1.0.20.290

Comodo Security

UnclassifiedMalware

21248

Dr.Web

Adware.Plugin.17

9.0.1.058

Emsisoft Anti-Malware

Trojan.Generic.7978122

8.16.02.27.04

Fortinet FortiGate

W32/Chextad.H!tr

2/27/2016

F-Secure

Trojan.Generic.7978122

11.2016-27-02_7

G Data

Trojan.Generic.7978122

16.2.25

IKARUS anti.virus

Trojan-Dropper.MSIL

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.1915118

Kaspersky

Trojan-Dropper.MSIL.Chextad

14.0.0.599

McAfee

Artemis!93D2248E3136

5600.6477

Microsoft Security Essentials

Trojan:Win32/Meredrop

1.1.11400.0

MicroWorld eScan

Trojan.Generic.7978122

17.0.0.174

NANO AntiVirus

Trojan.Win32.Chextad.zvsvm

0.30.0.296

Norman

Troj_Generic.EWYIT

11.20160227

nProtect

Trojan.Generic.7978122

15.02.27.01

Panda Antivirus

Trj/OCJ.A

16.02.27.04

Qihoo 360 Security

Win32/Trojan.Dropper.378

1.0.0.1015

Sophos

Mal/Generic-L

4.98

VIPRE Antivirus

Trojan.Win32.Generic

38004

Zillya! Antivirus

Dropper.Chextad.Win32.1

2.0.0.2085

File size:

18 KB (18,432 bytes)

Product version:

1.0.0.0

Original file name:

WindowsFormsApplication1.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\flash_player_installer.exe

File PE Metadata

Compilation timestamp:

9/11/2012 3:09:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:+mrLqdLuLkL+LuiCLnL1QIgc6r4H1Q5aVV0K4kCzYcHe+m:dOqolLiF1r4HCav0K4RzYcHe+m

Entry address:

0x54AE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.6663

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

13.5 KB (13,824 bytes)

The file flash_player_installer.exe has been seen being distributed by the following URL.

http://pornhox.com/play.php?id=2

Remove flash_player_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.