home

flashplayer.exe

The application flashplayer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from ahxuluthscsa.org.
MD5:
17fe43ae2b9e8ff563114b89ac0fc753

SHA-1:
3f2a136dc5f01f9ccb6c60f70a2f8d2a99ffdb85

SHA-256:
2f2413b43117c759b05a176b8362ddeac3f692b30fc5afd6b48d7f97ae8cf8a9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 2:56:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader
16.10.28.12

File size:
369.3 KB (378,136 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\downloads\flashplayer.exe

File PE Metadata
Compilation timestamp:
4/28/2016 12:43:17 PM

OS version:
4.0

OS bitness:
Win16

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:GP5rP9Xm+xu6Xa9phhpYEMmTsOwKIiPVnTiohGfCPpvREe51FS:KP92Tvpg8jTiohGSRH0

Entry address:
0x12E8

Entry point:
68, 84, 13, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, FE, 77, 42, 26, 2E, 3A, 45, 42, 80, 20, 3E, 3D, C1, A7, 92, 3D, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 41, 00, 20, 08, 41, 00, 4E, 72, 69, 6E, 67, 73, 6C, 6F, 76, 65, 6E, 65, 32, 00, 00, 00, 00, 00, 00, 00, 07, 00, 00, 00, CC, CE, 40, 00, 06, 00, 00, 00, B0, BA, 40, 00, 01, 00, 21, 00, F8, AF, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 7C, B6, 40, 00, 9C, 92, 45, 00...
 
[+]

Entropy:
7.3945

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
352 KB (360,448 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

https://ahxuluthscsa.org/187418388515/187418388515/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.