flashplayer.exe

Sale Vendor

Sale Vendor, Inc.

The executable flashplayer.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from 22.jxwblyks.queitsharestiforp.com.
Publisher:
Sale Vendor, Inc.

Product:
Sale Vendor

Version:
3.01.0001

MD5:
c8a25c7ce53d91fe72ec4d75aaf1ffb7

SHA-1:
02e11c9a5d9b579b6627f219ddb14c6f69f168d2

SHA-256:
95191eed7970621d839c2506e1e4d2c5e94962a2152aeb62c95680d5487c9932

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 8:09:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Kovter
16.1.5.8

File size:
324 KB (331,819 bytes)

Product version:
3.01.0001

Original file name:
Sale Vendor.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flashplayer.exe

File PE Metadata
Compilation timestamp:
1/3/2016 10:22:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:2HZhM3i5ijgX/wpFgXGN+oswVGqJLk4xk8+2G2wG+UqU:AL5iUvw3grGGqC4u8fpwGPt

Entry address:
0x124C

Entry point:
68, DC, 50, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, CA, 3F, DD, C0, 6D, 66, FF, 40, 84, 44, 53, 5B, 3E, 72, 07, 01, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 04, 00, 00, 00, 50, 65, 72, 73, 6F, 6E, 65, 6E, 66, 61, 68, 72, 73, 74, FC, 68, 6C, 65, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, C6, 11, D4, 8D, 23, C1, 31, 46, 90, F9, 80, FB, FC, D3, 40, C9, DF, 73, 26, 25, E4, 3F, 0E, 4F, 9F, 8B, 68, 62, 46, 27, 8B, 33, 3A, 4F, AD...
 
[+]

Entropy:
7.3867

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
280 KB (286,720 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

Remove flashplayer.exe - Powered by Reason Core Security