flash_player_setup.exe

flash setup

Digital Zones

The executable flash_player_setup.exe has been detected as malware by 3 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from setupupgrade12.livecheck.tech and multiple other hosts.
Publisher:
Digital Zones  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
526ab72a00327006a8f78093250837da

SHA-1:
e33b5f67b98b6ed044f3e901e67f1d6df141a4f0

SHA-256:
0ee760acbce448ad08652994fd720149cd99aec95da4e09406573f3c1174a046

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/26/2024 12:08:21 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/TrojanDownloader.Adload.AZ trojan
8.0.319.0

F-Secure
Variant.MSILPerseus.30942
5.15.21

Norman
Gen:Variant.MSILPerseus.30942
10.04.2016 15:29:17

File size:
117.4 KB (120,264 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flash_player_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/28/2016 2:00:00 AM

Valid to:
3/29/2017 1:59:59 AM

Subject:
CN=Digital Zones, OU=Digital Zone, O=Digital Zones, STREET="ul. Akademika Koroleva, d. 9 korp. 5", L=Moscow, S=Moscow, PostalCode=129515, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
07775D7C7B8C20E915DD534EA4F8DB84

File PE Metadata
Compilation timestamp:
5/10/2016 8:57:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:D5eY0vVH+y9xhqeebPDb3zTBuMZAn6F36nri:D5Fo1+0xhqeebLbPMMZ+6F36

Entry address:
0xC44E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41.5 KB (42,496 bytes)

The file flash_player_setup.exe has been seen being distributed by the following 14 URLs.

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=qU3Z7XUlfImHuT1FQ4EPPqG1uIwy8JoStrTO-HH4cqA.&cid=1463279448mb05379497708&conversion_id=14632794528508&app_id=4&lp_id=1590&v=tribat&stub_id=305&v_id=ywcgIjVsK2bOceJBLXDRATrRlZ3TOtcLji0CGqskSMI.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=qU3Z7XUlfImHuT1FQ4EPPqG1uIwy8JoStrTO-HH4cqA.&cid=1463280347mb04412653278&conversion_id=14632803511430&app_id=4&lp_id=1590&v=tribat&stub_id=305&v_id=rKCF1IaLNTf3p3Q8z1TVCaz-fOXnUhgrI4UF6qxFFfI.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=1SITLpyxaicxO5PUMWVMxn1yxX_V1-7O1yOLk055PpE.&cid=4191812591463279697&conversion_id=14632797027069&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=RASzCbenDhTZANwEk_VYdR3uJY-JsvNc0jROMx7uF5o.&lpp=*-*-*

http://2nowup.newsoft2install.website/dl.php?dfgg=PpwRkWz5LyxtL_vGPv-alkpi1qSU4ug9lzqrJ5NdKB8.&cid=us4786hfpeyq6apfawcn&subid=2279&conversion_id=14632814602899&app_id=4&lp_id=1671&v=tribat&stub_id=305&v_id=TbD5_cJGAx_tvs967fN7BPosUHc3wYHY7xcVZBAKIq4.&lpp=w10*-*-*

Remove flash_player_setup.exe - Powered by Reason Core Security