» flashplayer.exe
Overview
Analysis
File Details
Downloads (2)

flashplayer.exe

Rabah Azrarak

The application flashplayer.exe by Rabah Azrarak has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from ahcakmbafocus.org and multiple other hosts.

File name:

flashplayer.exe

Publisher:

Rabah Azrarak (signed and verified)

MD5:

1c98112e41f23fe61479e3e9a188b3f0

SHA-1:

e47dfe43bc5edf110a5ab0dbbc6a9041db3d52e4

SHA-256:

32f7a39bb851cba8042c965eee7d047bd79929223143709b8b159bd4c0ebbcb5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/30/2024 10:05:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.RabahAzr (M)

16.5.18.19

File size:

409.7 KB (419,512 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\flashplayer.exe

Digital Signature

Signed by:

Rabah Azrarak

Authority:

Unizeto Technologies S.A.

Valid from:

5/12/2016 2:39:13 AM

Valid to:

5/12/2017 2:39:13 AM

Subject:

E=rabahsoft@yahoo.com, CN=Rabah Azrarak, O=Rabah Azrarak, C=CH

Issuer:

CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

0ECD460CE14BD8EF2926DA2CD9A44176

File PE Metadata

Compilation timestamp:

5/15/2016 8:03:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

12288:cJ8q53wvBv8cjqFONrXXghS8g6NZDAup8:cnwpskHnW/DJ

Entry address:

0xE404

Entry point:

6A, 60, 68, 38, A5, 41, 00, E8, D4, 21, 00, 00, BF, 94, 00, 00, 00, 8B, C7, 90, 90, 90, 90, 90, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 14, A0, 41, 00, 8B, 4E, 10, 89, 0D, CC, 0B, 46, 00, 8B, 46, 04, A3, D8, 0B, 46, 00, 8B, 56, 08, 89, 15, DC, 0B, 46, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, D0, 0B, 46, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, D0, 0B, 46, 00, C1, E0, 08, 03, C2, A3, D4, 0B, 46, 00, 33, F6, 56, 8B, 3D, 50, A0, 41, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Entropy:

7.3142

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

100 KB (102,400 bytes)

The file flashplayer.exe has been seen being distributed by the following 2 URLs.

https://ahcakmbafocus.org/8301249922737/8301249922737/.../FlashPlayer.exe

https://wibaecrisil.org/9562923022330/9562923022330/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.