flashplayer.exe

Lancets5

BITT LLC

The application flashplayer.exe by BITT has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from ooshojuegosgo.net.
Publisher:
n sc,  (signed by BITT LLC)

Product:
Lancets5

Description:
Intercropping

Version:
1.00

MD5:
2e06a68534e444b2cd5cb8183ad775ef

SHA-1:
5d5069e27a50a46cda56f848dc67b5dacb3d5a26

SHA-256:
94284fcd616882c13cbeb68b4d9a2b5ca3818bcbf0f58fb41d721faa14f82171

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 12:22:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.HPDefender.BITT.Meta (M)
16.7.2.3

File size:
313.3 KB (320,800 bytes)

Product version:
1.00

Copyright:
Normalvrdier

Trademarks:
Anskydningen

Original file name:
Overtness0.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/16/2016 7:00:00 PM

Valid to:
2/16/2017 6:59:59 PM

Subject:
CN="""BITT"" LLC", OU=IT, O="""BITT"" LLC", STREET="vul. Mykoly Vasylenka, 1", L=Kiev, S=Kiev, PostalCode=03113, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
01D6FE72C352595E055CDACCE2E60893

File PE Metadata
Compilation timestamp:
6/2/2016 3:55:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:1Xr3UOWqpYHuxSzTSEZMS/o4k1GOIDIafFa4JWRjz58d2XkmWUm0jK:JtpYr7V/pb840Rjz5BXvA

Entry address:
0x12E8

Entry point:
68, D8, 4D, 44, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, A1, D7, 1D, 1E, D4, 68, 90, 42, A4, B0, 60, FF, A5, DF, 35, B7, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 52, 65, 6A, 75, 76, 65, 6E, 65, 73, 63, 65, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 04, 53, D3, 74, 2E, A7, 2B, 6F, 43, 98, 64, 91, 30, 85, E9, 75, 25, 86, 9C, 9E, AA, ED, 71, B8, 4E, AD, 26, 5D, 4C, 08, 3C, 8E, CD, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.7201

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
296 KB (303,104 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

Remove flashplayer.exe - Powered by Reason Core Security