home

flasher.exe

The executable flasher.exe has been detected as malware by 9 anti-virus scanners. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from atfupdate.atfsupport.com.
MD5:
dc81df3e18e34af1983118843135dbe4

SHA-1:
3c6c611fffa224a10e3dea4c68789bd57babd2c6

SHA-256:
c1b50fd241575d65e1e5e6edee0df3df3c49c38e340176134fc026c0a2f4117d

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 9:01:24 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160518-2

AVG
Win32/Parite
2015.0.4591

Dr.Web
Win32.Parite.2
9.0.1.05190

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.W32/Pate.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.721.0

Norman
Win32.Parite.B
28.05.2016 15:32:18

File size:
508 KB (520,160 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flasher.exe

File PE Metadata
Compilation timestamp:
10/5/2011 11:36:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.21

CTPH (ssdeep):
6144:cuZbomuowx+juJyxdpYF11LmLNspqGLgt1C/MQkkWDMJAo0zd0jq1zEPD:cuExxHj3ENYoGTWDcF0zd0O1zkD

Entry address:
0x50000

Entry point:
90, 90, 68, 47, 83, 05, 01, 5B, 90, 90, 68, 26, 00, 45, 00, 5E, 90, BF, 98, 05, 00, 00, FF, 34, 3E, 31, 1C, 24, 8F, 04, 3E, 90, 90, 83, EF, 04, 90, 75, EF, 90, 90, 90, AF, FE, 04, 01, 47, 83, 05, 01, 47, 83, 45, 01, 27, 92, 05, 01, 17, BB, 00, 01, A7, BC, 00, 01, 47, 33, 07, 01, B8, 7C, FA, FE, 6F, B1, 47, 01, 9D, B0, 47, 01, AF, B0, 47, 01, 3F, 6B, 04, 01, 9F, B0, 07, 01, A1, B0, 07, 01, 6F, 69, 04, 01, 9F, B0, 07, 01, A1, B0, 07, 01, 47, 83, 05, 01, 47, 83, 05, 01, 47, 83, 05, 01, 47, 83, 05, 01, 77, B1...
 
[+]

Entropy:
6.8560

Code size:
96.5 KB (98,816 bytes)

The file flasher.exe has been seen being distributed by the following URL.

http://atfupdate.atfsupport.com/.../index.php?dir=logs&dl=flasher.exe

Remove flasher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.