home

flashplayer.exe

The executable flashplayer.exe has been detected as malware by 4 anti-virus scanners. The file has been seen being downloaded from ahxuluthscsa.org.
MD5:
a48d5552f7dfc9ad3ace9c0d0e951467

SHA-1:
edc1775b77c6ec8d100273de6a14b829d1ca1765

SHA-256:
2e3fd0aa95e3a5da4567a8e33a14849d13b3b8ca011d9df70656619a69529213

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/14/2024 2:58:50 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:VB-AJKB [Trj]
160518-2

Dr.Web
Trojan.Kovter.259
9.0.1.05190

ESET NOD32
Win32/Kovter.D trojan
8.0.319.0

McAfee
Trojan.Trojan-FIMQ!A48D5552F7DF
18.0.204.0

File size:
351.7 KB (360,134 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flashplayer.exe

File PE Metadata
Compilation timestamp:
4/28/2016 12:43:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:WUGUBUVIo7pYkbPoMtiJ5D9YLUaSFUyffGczjGwz:WVZk4nt6hYLlkUyfVz

Entry address:
0x12E4

Entry point:
68, 88, 13, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, BB, E3, 72, 2E, D1, 2E, 54, 4B, 9E, D4, EF, DF, 9B, 45, 55, F4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 38, 83, 06, 03, 42, 6C, 6F, 6B, 6B, 72, 79, 70, 74, 6F, 67, 72, 61, 66, 69, 30, 00, 07, 41, 00, 6C, 83, 06, 03, 00, 00, 00, 00, 07, 00, 00, 00, 10, D3, 40, 00, 06, 00, 00, 00, 38, BE, 40, 00, 01, 00, 21, 00, D8, B3, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00...
 
[+]

Entropy:
7.4305

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
348 KB (356,352 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

https://ahxuluthscsa.org/9391166327435/9391166327435/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.