home

flashplayer.exe

Nachtbomberregiments

Bestsale, Imv.

The executable flashplayer.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from g7elagvk.aivoowwe100.com and multiple other hosts.
Publisher:
Bestsale, Imv.

Product:
Nachtbomberregiments

Description:
Morfing engines

Version:
0.02.0008

MD5:
2e6347a726d5dcdaf399eaf270049238

SHA-1:
313660fe01c0435eed8e9f76068c07bf24e7e43c

SHA-256:
47ea9bc5ab7f3a5d2d655ad590e0890ccf345583f7d98f1c85940bb4398618a9

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 12:47:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.1.28.7

File size:
332 KB (340,009 bytes)

Product version:
0.02.0008

Original file name:
Morfing engines.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer.exe

File PE Metadata
Compilation timestamp:
10/29/2015 9:22:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Zf9LORvmF+j3QfFOsnbXZofDjHv2WBuVU1K7vsDlJByP7U:HC3+OsbKDrv2curkJByY

Entry address:
0x1250

Entry point:
68, F0, B0, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 24, 18, BB, 31, A1, 4C, 0E, 41, 9E, FC, F5, 01, 32, DF, 99, 9B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 00, 06, 50, 83, 01, 50, 6F, 74, 65, 6E, 7A, 69, 65, 72, 65, 6E, 73, 00, 95, 0E, 03, 00, 00, 00, 00, FF, CC, 31, 00, 13, A4, 4C, B7, FA, 57, 5F, 3A, 4A, 92, 6A, C4, AA, 6F, E9, FE, 81, 37, 14, CD, 2B, FB, 27, 9D, 4F, AD, 86, 0D, 99, F0, 4C, 26, 2E, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.9714

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
320 KB (327,680 bytes)

The file flashplayer.exe has been seen being distributed by the following 2 URLs.

http://g7elagvk.aivoowwe100.com/.../FlashPlayer.exe

http://pipiqbcnbey.aivoowwe100.com/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.