» flash_player_setup.exe
Overview
Analysis
File Details
Downloads (14)

flash_player_setup.exe

flash setup

Digital Zones

The executable flash_player_setup.exe has been detected as malware by 3 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from setupupgrade12.livecheck.tech and multiple other hosts.

File name:

Publisher:

Digital Zones (signed and verified)

Product:

flash setup

Version:

1.0.0.0

MD5:

526ab72a00327006a8f78093250837da

SHA-1:

e33b5f67b98b6ed044f3e901e67f1d6df141a4f0

SHA-256:

0ee760acbce448ad08652994fd720149cd99aec95da4e09406573f3c1174a046

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/1/2024 9:24:54 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

MSIL/TrojanDownloader.Adload.AZ trojan

8.0.319.0

F-Secure

Variant.MSILPerseus.30942

5.15.21

Norman

Gen:Variant.MSILPerseus.30942

10.04.2016 15:29:17

File size:

117.4 KB (120,264 bytes)

Product version:

1.0.0.0

Original file name:

Flash.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\flash_player_setup.exe

Digital Signature

Signed by:

Digital Zones

Authority:

COMODO CA Limited

Valid from:

3/28/2016 2:00:00 AM

Valid to:

3/29/2017 1:59:59 AM

Subject:

CN=Digital Zones, OU=Digital Zone, O=Digital Zones, STREET="ul. Akademika Koroleva, d. 9 korp. 5", L=Moscow, S=Moscow, PostalCode=129515, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

07775D7C7B8C20E915DD534EA4F8DB84

File PE Metadata

Compilation timestamp:

5/10/2016 8:57:29 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:D5eY0vVH+y9xhqeebPDb3zTBuMZAn6F36nri:D5Fo1+0xhqeebLbPMMZ+6F36

Entry address:

0xC44E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

41.5 KB (42,496 bytes)

The file flash_player_setup.exe has been seen being distributed by the following 14 URLs.

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=qU3Z7XUlfImHuT1FQ4EPPqG1uIwy8JoStrTO-HH4cqA.&cid=1463279448mb05379497708&conversion_id=14632794528508&app_id=4&lp_id=1590&v=tribat&stub_id=305&v_id=ywcgIjVsK2bOceJBLXDRATrRlZ3TOtcLji0CGqskSMI.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=qU3Z7XUlfImHuT1FQ4EPPqG1uIwy8JoStrTO-HH4cqA.&cid=1463280347mb04412653278&conversion_id=14632803511430&app_id=4&lp_id=1590&v=tribat&stub_id=305&v_id=rKCF1IaLNTf3p3Q8z1TVCaz-fOXnUhgrI4UF6qxFFfI.&lpp=*-*-*

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=1SITLpyxaicxO5PUMWVMxn1yxX_V1-7O1yOLk055PpE.&cid=4191812591463279697&conversion_id=14632797027069&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=RASzCbenDhTZANwEk_VYdR3uJY-JsvNc0jROMx7uF5o.&lpp=*-*-*

http://2nowup.newsoft2install.website/dl.php?dfgg=PpwRkWz5LyxtL_vGPv-alkpi1qSU4ug9lzqrJ5NdKB8.&cid=us4786hfpeyq6apfawcn&subid=2279&conversion_id=14632814602899&app_id=4&lp_id=1671&v=tribat&stub_id=305&v_id=TbD5_cJGAx_tvs967fN7BPosUHc3wYHY7xcVZBAKIq4.&lpp=w10*-*-*

https://doc-0g-3g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/kjp8c0bvscnabrvp52a90brjcn22sguj/1463277600000/09034358203482314548/.../0B_TQrhMzXRYlMmQyVkVZRFp5Z2s?e=download

http://setupupgrade.ready4maintain.online/dl.php?gthe=Ck9ciPLQ64ema6KqI6KvjRcWjfMOaynSp0Opaaaw3LY.&cid=16562491791463282363&conversion_id=14632823656971&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=s_anwLNpJitYZBok1R8jDCILVhM6Ba2yq3lu2VaNRaI.&lpp=*-*-*

http://soft4update.ad4softinstall.xyz/dl.php?jhsf=swYfGVtpa0ocNcW8rYQn9y_n3iJxrKESLoEZoA21nt4.&subid=102891_26e478cf2199faf2acce835475555f49&conversion_id=14632792883818&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=GcU27HDzxZWzlIXqcRiqE54fLOk3k200L6LKXU1Gv8I.&lpp=*-*-BR

http://howupdateworks.nowinstallupgrade.online/dl.php?gther=HbI8PZesB2uzf13vvEFBoUX5NGqibPflTStP7fu8ZXU.&cid=P23P3R4632831694556493170&sub=3224&conversion_id=14632831682278&app_id=4&lp_id=1666&v=tribat&stub_id=305&v_id=gehvAfP7D3AS9mi_l021IF3GlVwVIxB3ywgE03yo3_4.&lpp=*-*-*

http://soft4update.ad4softinstall.xyz/dl.php?jhsf=MDYFLcmc8ZrwpuJzcGX6a0wVgA6VfAYfBDfeSHwJbdM.&cid=6286_7439451083_uIBgY&conversion_id=14632737222151&app_id=4&lp_id=1671&v=tribat&stub_id=305&v_id=pGaphv7ZzcmzRu_TmIeDzXl0o-KRYbgQd_J45TbdIR0.&lpp=*-*-*

http://liveupdate.whensoftworks.tech/dl.php?htfrev=CLewqHlWIIChBaR_iGisoxGg9pB7VpPKRIflToz1LAU.&subid=VjJ8MTgxOHwyODQ3MzV8MzI1MDc0fDE0NjMyODI5ODV8NGUyM2RmZDItMTZhMS00ZmM4LWNmYmUtODJiY2U4ODMzZjYxfDcxLjE3OC4zNS4xNjJ8fDF8OWExYjRmMjYzZDY3ZDhlOGUzYTg2ZmIxODU5ZDZmMDI=&conversion_id=14632830036025&app_id=4&lp_id=1518&v=tribat&stub_id=305&v_id=HGB8-7UJOlNNKzmIg3gIU3bcs0aJTqQFDoO7tuOo-4Q.&lpp=No match

http://setupupgrade12.livecheck.tech/dl.php?gthyerj=1SITLpyxaicxO5PUMWVMxn1yxX_V1-7O1yOLk055PpE.&cid=12131977791463278542&conversion_id=14632785471227&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=N2Z6du-P7Ukil8ahDxqxcN7XUDZrZ_08yAXLW2usgjk.&lpp=*-*-*

http://soft2apt.livecheck.tech/dl.php?gthyerj=QM02ypgoHP_fhdUIuYbanIAJN_ts487Le3gmg6BJ0aE.&cid=18250546871463287446&conversion_id=14632874501413&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=Jp9BpaoCwCpvd6HmbeSsEw2OPEjj9i4LEBlZvguSB9s.&lpp=*-*-*

http://soft2apt.livecheck.tech/dl.php?gthyerj=1SITLpyxaicxO5PUMWVMxn1yxX_V1-7O1yOLk055PpE.&cid=11651851371463288505&conversion_id=14632885093622&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=ymhPkvRIU5me09WrHLdSqfckDR6ynFgD0SHEHNFrwjA.&lpp=*-*-*

http://24upgradecheck.install4freealways.online/dl.php?mncs=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=192800147572&sid=621779&conversion_id=14632744424441&app_id=4&lp_id=1609&v=tribat&stub_id=305&v_id=BTwMk1EB2enzK4vxW7zPPldMYTV28ZWw0jG_uY_mjGU.&lpp=*-*-*

Remove flash_player_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.