home

flashplayer.exe

Tridiapason

Itgms Ltd

The application flashplayer.exe, “Propanedicarboxylic” by Itgms has been detected as a potentially unwanted program by 4 anti-malware scanners. The file has been seen being downloaded from ahxuluthscsa.org and multiple other hosts.
Publisher:
Filo  (signed by Itgms Ltd)

Product:
Tridiapason

Description:
Propanedicarboxylic

Version:
1.00

MD5:
e0a31d6b58017428dd8c907b14ea334e

SHA-1:
0686c48fd59a899dfa9cbe181f8c52cbe8de90f0

SHA-256:
14dcfa3d1779bc4e341dbf119d7bbf2a4e1186ad9f9323e7b45fa2bf88a11d13

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 12:33:49 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Injector.CXJL trojan
8.0.319.0

Kaspersky
Trojan.Win32.Ocna
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.219.58.0

Reason Heuristics
Adware.Downloader (M)
16.4.28.14

File size:
365.3 KB (374,040 bytes)

Product version:
1.00

Original file name:
Dss4.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\downloads\flashplayer.exe

Digital Signature
Signed by:
Itgms Ltd

Authority:
COMODO CA Limited

Valid from:
11/17/2015 4:00:00 PM

Valid to:
11/17/2016 3:59:59 PM

Subject:
CN=Itgms Ltd, O=Itgms Ltd, POBox=LS15 8JJ, STREET=44 Sandbed Court, L=Leeds, S=West Yorkshire, PostalCode=LS15 8JJ, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
642AD8E5EF8B3AC767F0D5C1A999BDAA

File PE Metadata
Compilation timestamp:
4/28/2016 9:43:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:zUGUBUVIo7pYkbPoMtiJ5D9YLUaSFUyffGczjGwzxI:zVZk4nt6hYLlkUyfVz+

Entry address:
0x12E4

Entry point:
68, 88, 13, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, BB, E3, 72, 2E, D1, 2E, 54, 4B, 9E, D4, EF, DF, 9B, 45, 55, F4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 38, 83, 06, 03, 42, 6C, 6F, 6B, 6B, 72, 79, 70, 74, 6F, 67, 72, 61, 66, 69, 30, 00, 07, 41, 00, 6C, 83, 06, 03, 00, 00, 00, 00, 07, 00, 00, 00, 10, D3, 40, 00, 06, 00, 00, 00, 38, BE, 40, 00, 01, 00, 21, 00, D8, B3, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00...
 
[+]

Entropy:
7.3688

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
348 KB (356,352 bytes)

The file flashplayer.exe has been seen being distributed by the following 10 URLs.

https://ahxuluthscsa.org/6101136321467/6101136321467/.../FlashPlayer.exe

https://ahxuluthscsa.org/5501668302912/5501668302912/.../FlashPlayer.exe

https://ahxuluthscsa.org/939847934772/939847934772/.../FlashPlayer.exe

https://ahxuluthscsa.org/4441206205022/4441206205022/.../FlashPlayer.exe

https://ahxuluthscsa.org/828406826421/828406826421/.../FlashPlayer.exe

https://ahxuluthscsa.org/8912920981105/8912920981105/.../FlashPlayer.exe

https://ahxuluthscsa.org/5911263949361/5911263949361/.../FlashPlayer.exe

https://ahxuluthscsa.org/8781197162307/8781197162307/.../FlashPlayer.exe

https://ahxuluthscsa.org/5001230977547/5001230977547/.../FlashPlayer.exe

https://ahxuluthscsa.org/546841014633/546841014633/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.