home

flashplayer.exe

MIDIA TECHNOLOGIES LLC

The application flashplayer.exe by MIDIA TECHNOLOGIES has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
MIDIA TECHNOLOGIES LLC  (signed and verified)

MD5:
9bf21e38c8c2ecd71e63020efa3b811c

SHA-1:
43d0c39c462b36c2520fbca52a385f46a39ba6ef

SHA-256:
8581d1367d379c6f2454c2e0703e0940ef71e580ae90655b40c844ca993bfa1f

Scanner detections:
17 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 12:34:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11841024
855

AVG
Generic
2015.0.3333

Baidu Antivirus
Adware.Win32.Midia
4.0.3.14102

Bitdefender
Trojan.Generic.11841024
1.0.20.1375

Emsisoft Anti-Malware
Trojan.Generic.11841024
8.14.10.02.07

ESET NOD32
NSIS/TrojanDownloader.Agent.NQF trojan
7.0.302.0

F-Secure
Trojan.Generic.11841024
11.2014-02-10_5

G Data
Trojan.Generic.11841024
14.10.24

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.3161

Malwarebytes
PUP.Optional.Midia
v2014.10.02.07

MicroWorld eScan
Trojan.Generic.11841024
15.0.0.825

Norman
Downloader
11.20141002

nProtect
Trojan.Generic.11841024
14.10.02.01

Panda Antivirus
Trj/CI.A
14.10.02.07

Reason Heuristics
PUP.MIDIATECHNOLOGIES.L
14.10.2.18

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
33520

File size:
52.1 KB (53,328 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Midia Downloader (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\flashplayer.exe

Digital Signature
Signed by:
MIDIA TECHNOLOGIES LLC

Authority:
GoDaddy.com, Inc.

Valid from:
9/23/2014 10:26:01 PM

Valid to:
4/11/2015 3:45:06 PM

Subject:
CN=MIDIA TECHNOLOGIES LLC, O=MIDIA TECHNOLOGIES LLC, L=Lewes, S=Delaware, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0426CE83AFDABF

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:VQpQ5EP0ijnRTXJV5OruDuBvFF5LHVhls:VQIURTXJV5OruDuBv75Rvs

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.1748

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.