flashplayer.exe

Tridiapason

Itgms Ltd

The executable flashplayer.exe, “Propanedicarboxylic” has been detected as malware by 3 anti-virus scanners. The file has been seen being downloaded from ahxuluthscsa.org and multiple other hosts.
Publisher:
Filo  (signed by Itgms Ltd)

Product:
Tridiapason

Description:
Propanedicarboxylic

Version:
1.00

MD5:
c88a99c8e3547f04847481ec9a56cddf

SHA-1:
f5e8d39eed63b8080585f6f34582da36ad979bcc

SHA-256:
5b7a9c75865521b69f4d24e8aa26dfb84385630cc4dc4b93f696af45eeb2461f

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/14/2024 3:18:25 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Injector.CXJL trojan
8.0.319.0

Kaspersky
Trojan.Win32.Ocna
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.219.58.0

File size:
365.3 KB (374,040 bytes)

Product version:
1.00

Original file name:
Dss4.exe

File type:
Executable application (Win32 EXE)

Language:
Taiwanese

Common path:
C:\users\{user}\downloads\flashplayer.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/17/2015 7:00:00 PM

Valid to:
11/17/2016 6:59:59 PM

Subject:
CN=Itgms Ltd, O=Itgms Ltd, POBox=LS15 8JJ, STREET=44 Sandbed Court, L=Leeds, S=West Yorkshire, PostalCode=LS15 8JJ, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
642AD8E5EF8B3AC767F0D5C1A999BDAA

File PE Metadata
Compilation timestamp:
4/28/2016 12:43:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:WUGUBUVIo7pYkbPoMtiJ5D9YLUaSFUyffGczjGwzSZ:WVZk4nt6hYLlkUyfVzI

Entry address:
0x12E4

Entry point:
68, 88, 13, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, BB, E3, 72, 2E, D1, 2E, 54, 4B, 9E, D4, EF, DF, 9B, 45, 55, F4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 38, 83, 06, 03, 42, 6C, 6F, 6B, 6B, 72, 79, 70, 74, 6F, 67, 72, 61, 66, 69, 30, 00, 07, 41, 00, 6C, 83, 06, 03, 00, 00, 00, 00, 07, 00, 00, 00, 10, D3, 40, 00, 06, 00, 00, 00, 38, BE, 40, 00, 01, 00, 21, 00, D8, B3, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00...
 
[+]

Entropy:
7.3688

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
348 KB (356,352 bytes)

The file flashplayer.exe has been seen being distributed by the following 9 URLs.

https://ahxuluthscsa.org/6821613240862/6821613240862/.../FlashPlayer.exe

https://ahxuluthscsa.org/6391828400007/6391828400007/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security