home

flash_player_setup.exe

flash setup

Digital Zones

The application flash_player_setup.exe by Digital Zones has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from workingupdate.nowinstallupgrade.online and multiple other hosts.
Publisher:
Digital Zones  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
bee48898dd1925d3a3ff7af646c39a3d

SHA-1:
c000b259897ab7f5b7bc536529ce086c12f7a97e

SHA-256:
279160af966e40271c4fdca6fd526d7eea073617da9546514038753c28cf8e54

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 1:35:13 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/TrojanDownloader.Adload.AZ trojan
8.0.319.0

Norman
Gen:Variant.MSILPerseus.30942
02.04.2016 17:35:19

Reason Heuristics
PUP.DigitalZ.Installer (M)
16.5.28.22

File size:
116.9 KB (119,752 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
Digital Zones

Authority:
COMODO CA Limited

Valid from:
3/28/2016 2:00:00 AM

Valid to:
3/29/2017 1:59:59 AM

Subject:
CN=Digital Zones, OU=Digital Zone, O=Digital Zones, STREET="ul. Akademika Koroleva, d. 9 korp. 5", L=Moscow, S=Moscow, PostalCode=129515, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
07775D7C7B8C20E915DD534EA4F8DB84

File PE Metadata
Compilation timestamp:
5/10/2016 8:57:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:G82s/N+UiHznlGjyaiAXXmLb8Db3zTBuMZAn6FS6nri:G8/FyTnlWyaiAXXmLbmbPMMZ+6FS6

Entry address:
0xC21E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41 KB (41,984 bytes)

The file flash_player_setup.exe has been seen being distributed by the following 25 URLs.

http://workingupdate.nowinstallupgrade.online/dl.php?gther=L8Qvh1T1ybclQwAJiWpKlFbQ_ZrSjNjvMrKdzF1G2Sg.&cid=P23P13R4630745592665297116&sub=4177&conversion_id=14630745604986&app_id=4&lp_id=1661&v=tribat&stub_id=305&v_id=7HPUglQEdb9odUFb9x16XodTLjYw-kET5v8SWXa-b-U.&lpp=*-*-*

http://newtest4pc.ready4newsoft.tech/dl.php?dfrtge=PpwRkWz5LyxtL_vGPv-alkpi1qSU4ug9lzqrJ5NdKB8.&cid=us3tmkggfs54ecad8fbw&subid=3829&conversion_id=14630710050235&app_id=4&lp_id=1401&v=tribat&stub_id=305&v_id=BZ2CDzZ-I0AA-Xk2M0bMvQtdSHKJ_6tseDn7BSj4M9g.&lpp=*-*-*

http://getupdate.softupdate4free.xyz/dl.php?vytre=mwK9xqzoV7CJFZFuMzUljhhSqRfSzOS0OjpXu8EpXWQ.&cid=MTA1MXw1MjEyfENBfDN8MXx8Y3pKeipTbFJETVRNM05WOU9kMHhFVVVkSk9IZFVMVkJqTkVKQ1dFZHlVR0pFfHw&conversion_id=14630878521395&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=5NH5Je0282gXtEuvWVZpCGNqa6xvloov38lc69NHWLQ.&lpp=*-*-*

http://installupgradenow.alwaysfreeupdate.xyz/dl.php?vtge=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=177093849644&sid=465554&conversion_id=14631040633439&app_id=4&lp_id=1609&v=tribat&stub_id=305&v_id=b1eHFbNj24MW9BEjJzx-loh9y_yA-JtaqsmVBMi4gpA.&lpp=*-*-*

http://readynewsoft.noteupgrade.online/dl.php?gyte=CLewqHlWIIChBaR_iGisoxGg9pB7VpPKRIflToz1LAU.&subid=VjJ8MTgxOHwyODQ3MzV8NTcyMzJ8MTQ2MzExNTA0MXxhMzZmMjc5OS00OWM1LTRkNTEtY2Q3Mi03NzdhMmRkNTk5ZDZ8NjguMzcuMTI5LjQ1fHw0fDlhMWI0ZjI2M2Q2N2Q4ZThlM2E4NmZiMTg1OWQ2ZjAy&conversion_id=14631153028239&app_id=4&lp_id=1401&v=tribat&stub_id=305&v_id=9zGkKgiq_2Oil5RtvqyzdcbfnxHmLHB-_WglPOShuM4.&lpp=No match

http://app4com.ready4maintain.top/dl.php?fgsh=UhtopDfT-Qw1wd0I9sitpTYHGuohmSBqFaltbtgBkBI.&cid=JFC1802_NY.rYawzqp-Pc6zBXJnPb6&conversion_id=14631010773035&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=52oJI41vW5RsquYTHNnZF1E9bY_2ZXJmTRhtrU-bq7s.&lpp=*-*-*

http://getupdate.softupdate4free.xyz/dl.php?vytre=Iu5sv4NYl_zlgN93nmUm2GAAg-MzAOgMZUlagyP7ABQ.&cid=MTA1MHw1MjA1fEJSfDN8MXx8Y3pKeipTa1ZJTVRFME5WOUhSVnBIWDFST1drSTRMVkJrUWxSQ1dGRm9TRXhSfHw&conversion_id=14630864920040&app_id=4&lp_id=1617&v=tribat&stub_id=305&v_id=hQ03Y_kWB2Ai5G456XE-L5hKd689g1CytMeDhjl1a-4.&lpp=*-*-*

http://newtest4pc.ready4newsoft.tech/dl.php?dfrtge=ww0ZyS3LXwXbcfAyYDv7Oa6aYcM6SogE5Pl-haYHK6c.&cid=[CLICK_ID]&sub=[3]&conversion_id=14630622480090&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=gv2QGyYrxwKnXMquoBn36MrNt2GQp2ezltivpyTzeZo.&lpp=*-*-*

http://app4com.ready4maintain.top/dl.php?fgsh=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMTAxMnwyODI1MjJ8REV8M3wxfHx8fA&conversion_id=14630893783020&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=O1q9t_n3OYlqczHALwZoWqss3K9QIq3N99NHnHYdews.&lpp=*-*-*

http://update2.whensoftworks.site/dl.php?tberb=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2OTZ8MjgyMzU3fEJSfDN8MXx8fHw&conversion_id=14631142279339&app_id=4&lp_id=1666&v=tribat&stub_id=305&v_id=A6yFjbQJzgajEIwZfuQPt6mW9H6xVG7se8sX9JVlmPo.&lpp=No match

http://update2.whensoftworks.site/dl.php?tberb=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2Njd8Mjg0MzY1fFVTfDN8MXx8fHw&conversion_id=14630632539068&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=In-7WtOhneLXQWawZbOgaaUR_WLNiJjsV9UVYeLMVOk.&lpp=*-*-*

http://app4com.ready4maintain.top/dl.php?fgsh=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2Njd8Mjg0MzYzfEJSfDN8MXx8fHw&conversion_id=14630777241544&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=psp8WBccC-SFrJWPryWhojjI2pLodeiLwkMBvgbnrR4.&lpp=*-*-*

http://newtest4pc.ready4newsoft.tech/dl.php?dfrtge=9Iew1aL_t8TO8-yJ2i4KbqnNa5I5mEDs_XUGlH-hKWY.&cid=nl9hId0r63KVQtw-o260gjhydQoWdck6lMi-zPPWt4yZiQIL72KFMEd8Xt9okJTR-0KGpbZS7z9VKeCk_v0cVK8sNE_K_BYQxlAmyykLMQ86SKFe9WX-&qs1=&conversion_id=14630871072903&app_id=4&lp_id=1508&v=tribat&stub_id=305&v_id=at-OKe6IcqCT7DJdeffCVcU6JDq-egseU1Tt5ljAVck.&lpp=No match

http://newtest4pc.ready4newsoft.tech/dl.php?dfrtge=ww0ZyS3LXwXbcfAyYDv7Oa6aYcM6SogE5Pl-haYHK6c.&cid=[CLICK_ID]&sub=[3]&conversion_id=14630990886364&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=9LCl38MWLCG2K6RgTGY2JUjS4sWJZAaLZylHYE5QFmw.&lpp=*-*-*

http://freemaintenance.soft2update.online/dl.php?asdaf=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=191611057272&sid=90446&conversion_id=14630655540858&app_id=4&lp_id=1609&v=tribat&stub_id=305&v_id=AJkCTWg0EQ_VQOJiIQXjjj9DG_OmYXrdGROYrPHGp7g.&lpp=*-*-*

http://installupgradenow.alwaysfreeupdate.xyz/dl.php?vtge=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=191871794652&sid=463057&conversion_id=14631140921817&app_id=4&lp_id=1609&v=tribat&stub_id=305&v_id=NuUH3JX0Klc_lblEt7kvL5OCfhdT9zHEAFPTm6ERnh8.&lpp=*-*-*

http://update2.whensoftworks.site/dl.php?tberb=g_ObVO2A8VB12Oj2c2io2EVf9-g0CGaBqw-B8aCRNFA.&cid=29739931421463064681&conversion_id=14630646848967&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=9iPWyFHQFE9tHUyLBCP5RFTeTWtHY0uPeFjYPDlJj1g.&lpp=*-*-*

http://readynewsoft.noteupgrade.online/dl.php?gyte=IAnnqFQWm9tZQKvNra508noeytmAYQ862eFMMBC4QcA.&cid=6115_7391239107_82UfR&conversion_id=14630909452080&app_id=4&lp_id=1408&v=tribat&stub_id=305&v_id=rN4TpV36yFDlzlTk-A5gN0y46y2hnuUyox2N7uuqXys.&lpp=*-*-*

http://update2.whensoftworks.site/dl.php?tberb=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2OTZ8MjgyMzU3fEJSfDN8MXx8fHw&conversion_id=14630706145118&app_id=4&lp_id=1658&v=tribat&stub_id=305&v_id=H1qybWNF0XJ2ysW6GMJADsO5u_YQfiG_rcHwCIzZ7cw.&lpp=No match

http://update2.whensoftworks.site/dl.php?tberb=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjQxOTl8MjgzODQ3fEJSfDN8MXx8fHw&conversion_id=14630661057627&app_id=4&lp_id=1659&v=tribat&stub_id=305&v_id=RsfvGS46xQy8gF4Ba1Yv-esvrisAT_Au7kpPiV_t9pQ.&lpp=*-*-*

http://getupdate.softupdate4free.xyz/dl.php?vytre=mwK9xqzoV7CJFZFuMzUljhhSqRfSzOS0OjpXu8EpXWQ.&cid=MTA1MHw1MjEyfEJSfDN8MXx8Y3pKeipTazFETVRJMU9WOWxVV0YyVVcxRlFrWllMVkJrUWxSQ1dGRm9TRXhSfHw&conversion_id=14630723732517&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=4I021JZTaD5rd_3LagHW-jebV1hnvAKtIzKo8787yuo.&lpp=*-*-*

http://update2.whensoftworks.site/dl.php?tberb=UhtopDfT-Qw1wd0I9sitpTYHGuohmSBqFaltbtgBkBI.&cid=JMC1259_AEABjPrKEA-Pc6zBXJnPb6&conversion_id=14630735876737&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=_gBEZ3uO3UOYEdrzdzxjTsvmHccYOpj22d9yZ-xQK6A.&lpp=No match

http://app4com.ready4maintain.top/dl.php?fgsh=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2Njd8MjgyMzU4fFVTfDN8MXx8fHw&conversion_id=14631044226154&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=mKLhzysfazSoknKuz6fy2b6VZ4z-4c92dGYK6utiioQ.&lpp=*-*-*

http://app4com.ready4maintain.top/dl.php?fgsh=DnpSQdqzYfx_s_FrbE3AwGPmsTozys2PoBW_Y66P_HI.&cid=JnnB3kJNRzQuhTR49XCME_NsiOF_6KWbU6nAkY7GPQOWYa4oi4PjwSUFuSy1boaUpPfkRQlpzgrGbOlxYJ3wUNz_YHuoE3LYgsK4cFB8gm0fES_CrNYglOYKKW3vOYk9p8XslU2BZhnO6SzCAOPms_9l3pTz2t_kf6P_5pObHTd6uti4czFGWJ9nMGdtBrcOqRDXzVPSScOd8d_B-hSiH7BsMN2LsQXip8QefaEsMWusDAZeAg7kmYgwvkaF0SEqT5o2XOCcLkk9Ym2HxKzN8b4fzKjO4d0HuLFQrUo2xg3MHBYgSoBAZWEbJ-EaZOhymFf46sc7rxnS-y59gLatSOrzPwCDg284ltBwEd60mMRgr4cO5lWVxqDxHa7JPWDGm1FfiUKAf-aSK3QPU22pEDdeWpuUQqcQluLQpKO7BxAPTcKI1u6fX4qJKvj_wqpcjCiYq-P0WL2EwsmFedaipgf450n8Fmq4f_Ru-_oDejvSqLoKcAST&sid=[SUB_ID]&conversion_id=14631027209017&app_id=4&lp_id=1659&v=tribat&stub_id=305&v_id=LBwnMQV82iZTegoOK82KFVIHHlQ6TzjdfN9vKboT2iI.&lpp=*-*-*

http://app4com.ready4maintain.top/dl.php?fgsh=DnpSQdqzYfx_s_FrbE3AwGPmsTozys2PoBW_Y66P_HI.&cid=GPSbVgimSOa-K-9I8j9JaI2Tn0v78uoTZM9tVyLyr2mQZv0k0aqp1Gg3MdFpXct2O5i87qQjftLiBKWmfK6vW_GatAkBKoIP9P1PW75NXhp9hLQEeBfUxP62Ft8nKG9oHoSIbH6bEn2En-s_W6gDsmy2CMuL_tdO6dNJkIQwA_5jXoVz2hlFSxUdfspChfLbddNxGVjZe-vz3XYhX003Je1YOHjW5iJxdzucFhvGeBe_ftU0TV9cU-HT40d4wgUnv9redH4nxmcy-XBOuF6fmh_1JjeSC0edUYAHvktZrbb96hWVR4nYOpqcpcfrL4desJSQIFe8k57gzSUhQm4lhqOUXoWxwSp8EDw8RTK8ctNCtFTp6tuWsOmGj7WCqkTfqZYnqMpLANQf3sRU0N_sfutFa9QimBz-yfT-3sDLFBqNHKwU5BWqGIUnrh62bsWrkoh5PBXUChn-g4MpjDhKp_21vXE3D94hGbGHyA&sid=[SUB_ID]&conversion_id=14631046664371&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=48E_bHwqYxYoLBrz3dR5dg8W3_y6No5kxQkcb4jL3SQ.&lpp=w10*-*-*

Remove flash_player_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.