flashplayer.exe

The executable flashplayer.exe has been detected as malware by 30 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from docs.google.com and multiple other hosts.
MD5:
b8c32292f2ff18c460d13f12ab98c713

SHA-1:
7535d3657f3dabdb769fd3e9f4289fd4e7b22386

SHA-256:
5623fcaa0f3244bb76223ec6a2741667db6c35c124e4e059ed40ed1a6922fabf

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
12/27/2024 4:57:28 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.157760
385

Agnitum Outpost
Trojan.DL.Banload
7.1.1

AhnLab V3 Security
Trojan/Win32.Banker
2015.09.16

Avira AntiVirus
TR/Dldr.Delphi.Gen
8.3.2.2

Arcabit
Trojan.Zusy.D26840
1.0.0.527

avast!
Win32:Malware-gen
2014.9-160116

AVG
Downloader.Banload2
2017.0.2863

Baidu Antivirus
Trojan.Win32.Banload
4.0.3.16116

Bitdefender
Gen:Variant.Zusy.157760
1.0.20.80

Comodo Security
UnclassifiedMalware
23245

Dr.Web
Trojan.DownLoader15.54899
9.0.1.016

Emsisoft Anti-Malware
Gen:Variant.Zusy.157760
8.16.01.16.04

ESET NOD32
Win32/TrojanDownloader.Banload.WBG (variant)
10.12262

Fortinet FortiGate
W32/Banload.WBG!tr.dldr
1/16/2016

F-Secure
Gen:Variant.Zusy.157760
11.2016-16-01_7

G Data
Gen:Variant.Zusy.157760
16.1.25

IKARUS anti.virus
Trojan-Downloader.Win32.Banload
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.210.17233

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.809

McAfee
RDN/Generic Downloader.x
5600.6519

Microsoft Security Essentials
TrojanDownloader:Win32/Banload.BBS
1.1.12002.0

MicroWorld eScan
Gen:Variant.Zusy.157760
17.0.0.48

NANO AntiVirus
Trojan.Win32.DownLoader15.dvpcih
0.30.24.3283

Panda Antivirus
Trj/Genetic.gen
16.01.16.04

Qihoo 360 Security
HEUR/QVM11.1.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D[F1]
23.00.65.16114

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R02KC0DHP15
10.465.16

VIPRE Antivirus
Trojan.Win32.Generic
43800

Zillya! Antivirus
Downloader.Banload.Win32.67227
2.0.0.2400

File size:
568.5 KB (582,144 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flashplayer.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:TSjXPzZycR+qDbGm+V13iBoy7pl4cZLsegPgJEkIqdStfp1/GCBXVltzoriQah9:m7ZycRZCAJ0gGOdmfH/hbZ2xs

Entry address:
0x16CFE0

Entry point:
60, BE, 00, B0, 4F, 00, 8D, BE, 00, 60, F0, FF, C7, 87, B0, 00, 11, 00, 03, 19, 90, 03, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
460 KB (471,040 bytes)

The file flashplayer.exe has been seen being distributed by the following 2 URLs.

https://docs.google.com/uc?authuser=0&id=0B-esjd0txkTRd3JLcDJBeHJuRUE&export=download

Remove flashplayer.exe - Powered by Reason Core Security