home

flash_player_setup.exe

flash setup

Digital Zones

The application flash_player_setup.exe by Digital Zones has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from setupupgrade12.livecheck.tech and multiple other hosts.
Publisher:
Digital Zones  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
9d6633c0f05a914e8876cc98a47224fe

SHA-1:
c7b4584112f220e54d335d18535f7dc9884987ca

SHA-256:
88187f6478f01f6f5dd8d1ea2c28131c5456c9abd8766602d5987f61f6fcdcfa

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 7:56:25 PM UTC  (today)

Scan engine
Detection
Engine version

Norman
Gen:Variant.MSILPerseus.30942
02.04.2016 17:35:19

Reason Heuristics
PUP.DigitalZ.Installer (M)
16.5.28.22

File size:
117.4 KB (120,264 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\flash_player_setup.exe

Digital Signature
Signed by:
Digital Zones

Authority:
COMODO CA Limited

Valid from:
3/27/2016 9:00:00 PM

Valid to:
3/28/2017 8:59:59 PM

Subject:
CN=Digital Zones, OU=Digital Zone, O=Digital Zones, STREET="ul. Akademika Koroleva, d. 9 korp. 5", L=Moscow, S=Moscow, PostalCode=129515, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
07775D7C7B8C20E915DD534EA4F8DB84

File PE Metadata
Compilation timestamp:
5/10/2016 3:57:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:wZIkYoiCGtsYCvboDb3zTBuMZAn6FI6nri:+RBihtsYCvbabPMMZ+6FI6

Entry address:
0xC40E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41.5 KB (42,496 bytes)

The file flash_player_setup.exe has been seen being distributed by the following 18 URLs.

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=1SITLpyxaicxO5PUMWVMxn1yxX_V1-7O1yOLk055PpE.&cid=25482103221463247196&conversion_id=14632471976858&app_id=4&lp_id=1610&v=tribat&stub_id=305&v_id=wIEfoItMy2TSWPu2Iih2SLEPfTNL07JyDBe0RfcA99w.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=GVaWYHIOVQncaGxIQLPoAUEqrsoSBrTQoRRUFr9R4iA.&cid=13784679431463245459&conversion_id=14632454620631&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=bCo_4y79pGYHpfn63vuea9JEuBnVeLbvL5zFX8wC-ec.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=qU3Z7XUlfImHuT1FQ4EPPqG1uIwy8JoStrTO-HH4cqA.&cid=1463252321mb59709100949&conversion_id=14632523243580&app_id=4&lp_id=1590&v=tribat&stub_id=305&v_id=GDLaK9coGQkkeGCr7CzaWu5ymW8YLms9QO7nMXPdEsI.&lpp=*-*-*

http://24upgrade.freeinstallsoft.xyz/dl.php?sdfgg=mwK9xqzoV7CJFZFuMzUljhhSqRfSzOS0OjpXu8EpXWQ.&cid=MTA1MHw1MjEyfFVTfDN8MXx8Y3pKeipTazFETVRFMU1WOXFOSG96Tm5aeGIwNXJMVkJqVmxKQ1YzVTBVR0kyfHw&conversion_id=14633358826188&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=B7XTQsm87wvEJL79uLMcw316ChZrOVKCFCmUE3G1mUw.&lpp=No match

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=U9D0nJ7k9bUg5bGHlEzAWjLoG_fk8HErqK_2L_ETCN8.&cid=16327164981463333649&conversion_id=14633336521007&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=NE7e0cPmxtON8njzzJRUkaMC0B-O-sXRq3AHRAJtRBU.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=Ck9ciPLQ64ema6KqI6KvjRcWjfMOaynSp0Opaaaw3LY.&cid=11476633371463245680&conversion_id=14632456852696&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=CjE6PECfKil9HRCELYts63GBB8EybPrDZO8ot-YTRHs.&lpp=*-*-*

http://getupdate.ready4maintain.xyz/dl.php?gthre=swYfGVtpa0ocNcW8rYQn9y_n3iJxrKESLoEZoA21nt4.&subid=102891_a4a8023148591a4fc8804d059a052990&conversion_id=14632465879938&app_id=4&lp_id=909&v=tribat&stub_id=305&v_id=ueZNQwSGD8wvCL5uhy3wxAXuT2-R4xJNSwrYCY2tzo4.&lpp=*-*-BR

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=g_ObVO2A8VB12Oj2c2io2EVf9-g0CGaBqw-B8aCRNFA.&cid=13692560701463244656&conversion_id=14632446577777&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=KdqkL_IGYdD5kzmKhQooLjXG8WB6vCZuE4Xx9BVUrdI.&lpp=*-*-*

http://getupdate.ready4maintain.xyz/dl.php?gthre=J_U98tx3EmUeYDDZllcZD5Q_E6-T9XNo9E9RzXn1W0w.&cid=1025984d9a1044a4c7c42a57731a6e&sid=1012&conversion_id=14632477127851&app_id=4&lp_id=1618&v=tribat&stub_id=305&v_id=NswwlM1npp9P7TGz5gcv6aJrcZe3zy7u4UgHLcIRLAc.&lpp=w*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=qU3Z7XUlfImHuT1FQ4EPPqG1uIwy8JoStrTO-HH4cqA.&cid=1463247740mb62611047597&conversion_id=14632477404156&app_id=4&lp_id=1590&v=tribat&stub_id=305&v_id=4Kw96TIQs2-_Ivrk1Fd7-ZbXW03RghIXirMG0-jXm3Q.&lpp=*-*-*

http://24upgradecheck.install4freealways.online/dl.php?mncs=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=177960854974&sid=26518&conversion_id=14632562013535&app_id=4&lp_id=1609&v=tribat&stub_id=305&v_id=DMPtmxTyHN0ZKX6zNnsnFzUQDKOXIlhQfLL0DiZO-8k.&lpp=*-*-*

http://live.noteupgrade.top/dl.php?fgyhtrj=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=177892335084&sid=8825&t=direct&conversion_id=14632465239256&app_id=4&lp_id=1609&v=tribat&stub_id=305&v_id=S7AYJN-D0vPa_2HQxy3yPBNCGVAGKV_OdQmYIO-liKE.&lpp=*-*-*

http://check24.noteupgrade.tech/dl.php?gfehyr=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=193153389652&sid=473324&conversion_id=14633339168479&app_id=4&lp_id=1609&v=tribat&stub_id=305&v_id=TiSxypdD3GkXMKk5POppjO70UL7dRtgji4oSJ4Qs-rY.&lpp=*-*-*

http://getupdate.ready4maintain.xyz/dl.php?gthre=5ajM9B-i7T-4pIEhpN9uspgqXJrQFBm55sP5XLAOLx4.&sid=M_13548672297666eee37e1463248494&sub=15&ref=wegotmedia.co&tid=JFC1391_m7NKxbtJfv-PdRDBXiCPaa&pid=15&site=BaHFGckhqDWOh7vacAlZsULpQobHRrDQM6uckyIIJVQb3w&conversion_id=14632484895970&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=Npt78dMk48teoJvn7r0REAIWb1w-NylV1ov9MoEVSY8.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=GVaWYHIOVQncaGxIQLPoAUEqrsoSBrTQoRRUFr9R4iA.&cid=14517838751463247674&conversion_id=14632476757787&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=p4jnOT0QCGotmA7LNe_Q9-0cjqdoduV43H_nZBVDvw8.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=QM02ypgoHP_fhdUIuYbanIAJN_ts487Le3gmg6BJ0aE.&cid=31448548411463335239&conversion_id=14633352583663&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=Gafl_2qVHA1_7GILwSec-pbMDp0FXsrlyINRskciQlE.&lpp=No match

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=Jq6-L4Pwh2_3WjrrYXpymmf2D8p7_LIYogBo3fy2nRU.&cid=12262115931463248778&conversion_id=14632487813161&app_id=4&lp_id=1561&v=tribat&stub_id=305&v_id=XKRoKF3cv4517Y5X1bZdzWSvspyxYlwXgpsZYjq90bk.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=-F2ZLw-hRGC4yApioe-5_toMjp0--W1t_qHDHG3KwhI.&cid=192700232042&conversion_id=14632573358923&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=a7XtnGyhhqhGZv1V7Csi-b_S3UhE9x-WfX3UoWUuIqo.&lpp=*-*-*

Remove flash_player_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.