flashplayer.exe

MSIL

MIDIA TECHNOLOGIES LLC

The application flashplayer.exe by MIDIA TECHNOLOGIES has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Midia Downloader installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
MSIL TECHNOLOGIES LLC  (signed by MIDIA TECHNOLOGIES LLC)

Product:
MSIL

Version:
1.00.0015

MD5:
60e2c6515b5dfc1688eb008db59259e2

SHA-1:
88bb3dcc3279fb4222326386ae8b25e3f3b7898e

SHA-256:
6072e6db91188f82f62e9f6272119a2112928def751f4ec3156cf9a44373eba7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/26/2024 6:39:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Midia Technologies (M)
17.1.28.4

File size:
58.1 KB (59,520 bytes)

Product version:
1.00.0015

Original file name:
100214_new.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Midia Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
8/21/2014 10:27:01 PM

Valid to:
4/11/2015 3:45:06 PM

Subject:
CN=MIDIA TECHNOLOGIES LLC, O=MIDIA TECHNOLOGIES LLC, L=Lewes, S=Delaware, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043AB639CD00E5

File PE Metadata
Compilation timestamp:
8/21/2014 11:46:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1298

Entry point:
68, 50, 91, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 17, DA, BF, 18, 85, FD, 9C, 41, A9, D5, 9A, EA, 2D, 4C, 7D, 27, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 6D, 73, 69, 6C, 00, 30, 30, 30, 00, 00, 00, 00, FF, CC, 31, 00, 0B, F4, 78, 43, BC, 3C, B1, 36, 41, 8E, 39, 68, 98, 13, 26, 48, 05, F7, 4E, C1, C1, 3C, 89, 51, 44, 84, 9D, 9E, 26, DF, 3F, 7F, 7B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
44 KB (45,056 bytes)

Remove flashplayer.exe - Powered by Reason Core Security