flash_player_plugin.exe

GEHTSOFT

The application flash_player_plugin.exe by GEHTSOFT has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from 9d455f124bef0ea9dc5989fd.needfasterly.ru.
Publisher:
GEHTSOFT  (signed and verified)

MD5:
71fc88c0889c57f9823e76ee015eb344

SHA-1:
cb3cf939cadef5d877cc463fa57d5d9d3604282e

SHA-256:
bb5f209b6571af9293e2e2cd94636393d78ac758b33d874d48624dc35ac83980

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 1:32:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCube (M)
17.3.8.9

File size:
3.3 MB (3,510,872 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flash_player_plugin.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/6/2016 5:00:00 PM

Valid to:
5/7/2017 4:59:59 PM

Subject:
CN=GEHTSOFT, O=GEHTSOFT, STREET="Rabinovicha, 84", L=Omsk, S=RU, PostalCode=644007, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BAC99C02090065AB875A9184F270889F

File PE Metadata
Compilation timestamp:
5/29/2016 7:26:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x345EF0

Entry point:
55, 8B, EC, 6A, FF, 68, 48, A1, 74, 00, 68, 88, 6C, 74, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 2C, A0, 74, 00, 33, D2, 8A, D4, 89, 15, 5C, 0D, 75, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 58, 0D, 75, 00, C1, E1, 08, 03, CA, 89, 0D, 54, 0D, 75, 00, C1, E8, 10, A3, 50, 0D, 75, 00, 33, F6, 56, E8, E3, 0B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, AE, 08, 00, 00, FF, 15, 60, A0, 74, 00, A3, 58, 12, 75, 00, E8...
 
[+]

Entropy:
6.2335

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.3 MB (3,444,736 bytes)

The file flash_player_plugin.exe has been seen being distributed by the following URL.

http://9d455f124bef0ea9dc5989fd.needfasterly.ru/api/web/getInstaller?transaction_id=245470392&token=3f801c432427cc9776b26e28c8e60658&return_url=http://.../fasttorrent.exe&source=&format=json

Remove flash_player_plugin.exe - Powered by Reason Core Security