home

flashplayer.exe

MIDIA TECHNOLOGIES LLC

The application flashplayer.exe by MIDIA TECHNOLOGIES has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
MIDIA TECHNOLOGIES LLC  (signed and verified)

MD5:
6ff84e55c6b1fc6a3240f342b7ff9e64

SHA-1:
cf7f9dbe6565905fa7cbcacc08145542b132c842

SHA-256:
271b5b5ea0c749463783c9786ceac614fa3ef3f4f5b8af3af26d1007e1aa94a1

Scanner detections:
16 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/13/2025 5:54:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11841024
855

AVG
Generic
2015.0.3333

Baidu Antivirus
Adware.Win32.Midia
4.0.3.14102

Bitdefender
Trojan.Generic.11841024
1.0.20.1375

Emsisoft Anti-Malware
Trojan.Generic.11841024
8.14.10.02.07

ESET NOD32
NSIS/TrojanDownloader.Agent.NQF trojan
7.0.302.0

F-Secure
Trojan.Generic.11841024
11.2014-02-10_5

G Data
Trojan.Generic.11841024
14.10.24

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.3161

Malwarebytes
PUP.Optional.Midia
v2014.10.02.07

MicroWorld eScan
Trojan.Generic.11841024
15.0.0.825

Norman
Downloader
11.20141002

nProtect
Trojan.Generic.11841024
14.10.02.01

Reason Heuristics
PUP.MIDIATECHNOLOGIES.L
14.10.2.18

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
33520

File size:
52.1 KB (53,328 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Midia Downloader (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\flashplayer.exe

Digital Signature
Signed by:
MIDIA TECHNOLOGIES LLC

Authority:
GoDaddy.com, Inc.

Valid from:
9/23/2014 10:26:01 PM

Valid to:
4/11/2015 3:45:06 PM

Subject:
CN=MIDIA TECHNOLOGIES LLC, O=MIDIA TECHNOLOGIES LLC, L=Lewes, S=Delaware, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0426CE83AFDABF

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:VQpQ5EP0ijnRTXJV5OruDuBvFF5LHVhlJ:VQIURTXJV5OruDuBv75RvJ

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.1752

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.