» flashplayer.exe
Overview
Analysis
File Details
Downloads (1)

flashplayer.exe

The executable flashplayer.exe has been detected as malware by 28 anti-virus scanners. The file has been seen being downloaded from universalorlando.bbsindex.com.

File name:

flashplayer.exe

MD5:

478671db688c48d49fa3a2b078a3f8ed

SHA-1:

98e53c115e4a649f40f5a8acab04b03d97346fe6

SHA-256:

378594f04f28aa333f7945ed405dddfe1ccc55ae0525d1e0b613540afa30e7cb

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

1/13/2025 10:54:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.565909

327

Agnitum Outpost

Trojan.Yakes

7.1.1

AhnLab V3 Security

Trojan/Win32.Darktima

2015.03.09

Avira AntiVirus

TR/Crypt.Xpack.157815

7.11.214.232

avast!

Win32:Rootkit-gen [Rtk]

2014.9-160314

AVG

Crypt3

2017.0.2805

Baidu Antivirus

Trojan.Win32.Yakes

4.0.3.16314

Bitdefender

Gen:Variant.Kazy.565909

1.0.20.370

Emsisoft Anti-Malware

Gen:Variant.Kazy.565909

8.16.03.14.05

ESET NOD32

Win32/TrojanDownloader.Zurgop.BK

10.11288

Fortinet FortiGate

W32/Zurgop.BK!tr.dldr

3/14/2016

F-Secure

Gen:Variant.Kazy.565909

11.2016-14-03_2

G Data

Gen:Variant.Kazy.565909

16.3.25

IKARUS anti.virus

Worm.Win32.Kasidet

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.200.15196

Kaspersky

Trojan.Win32.Yakes

14.0.0.519

Malwarebytes

Trojan.Upatre

v2016.03.14.05

McAfee

RDN/Downloader.a!us

5600.6461

Microsoft Security Essentials

TrojanDownloader:Win32/Dofoil.T

1.1.11400.0

MicroWorld eScan

Gen:Variant.Kazy.565909

17.0.0.222

NANO AntiVirus

Trojan.Win32.Yakes.dorpra

0.30.0.296

Norman

Suspicious_Gen4.IAVCG

11.20160314

Panda Antivirus

Generic Suspicious

16.03.14.05

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.16312

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R011H07C415

7.2.74

VIPRE Antivirus

Trojan.Win32.Generic

38246

File size:

100 KB (102,400 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\flashplayer.exe

File PE Metadata

Compilation timestamp:

3/30/2014 3:30:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:E2ZTlaxOW+AWLiPoowjjupuJjMfA7WegjaGEG:lZZ8OWgupyB7/g3

Entry address:

0x46F9

Entry point:

81, 0D, AA, 71, 40, 00, AD, 00, 00, 00, 81, 35, C3, 70, 40, 00, A6, 00, 00, 00, 87, 45, FC, 13, 05, 4B, 71, 40, 00, 87, 7D, FC, 83, C7, D2, 83, 1D, 1E, 70, 40, 00, 06, 83, 0D, 9E, 70, 40, 00, 4C, 55, 83, C5, 13, 83, F5, 17, 89, E5, 83, EC, 40, 66, 81, FD, 00, FE, 0F, 82, C2, EE, FF, FF, 82, 2D, E8, 70, 40, 00, 90, 83, 15, 3A, 71, 40, 00, 67, 01, C0, 82, 2D, 04, 71, 40, 00, 3E, 87, 4D, FC, 01, F9, 01, 05, 02, 70, 40, 00, 68, 1D, 7C, 40, 00, 68, 14, 7C, 40, 00, FF, 15, 38, 60, 40, 00, 83, C7, BD, 21, 05, 5C... 
[+]

Entropy:

3.0323

Code size:

20 KB (20,480 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

http://universalorlando.bbsindex.com/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.