flashplayer.exe

Laienbruder

AhnLabs, Pro.

The executable flashplayer.exe has been detected as malware by 12 anti-virus scanners. The file has been seen being downloaded from 261.fpb8p6pggd.sieremyvisajobs.com.
Publisher:
AhnLabs, Pro.

Product:
Laienbruder

Description:
Sonces dor

Version:
2.02.0005

MD5:
271e58316e55eb4863bbf933ed4ee087

SHA-1:
f6655bc0f31a1592b81781bde0dfef81d50b6d98

SHA-256:
fa588bc029acefde930db607be2f0deb48f846953f6c3a29e778b5d956d2f8fc

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/27/2024 9:36:38 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.VB.45451
8.3.2.4

avast!
Win32:Malware-gen
160108-0

Bkav FE
HW32.Packed
1.3.0.7400

ESET NOD32
Win32/Injector.CPLN trojan
7.0.302.0

Fortinet FortiGate
W32/Injector.CPLN!tr
1/8/2016

Kaspersky
Trojan.Win32.Kovter
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.213.1787.0

Panda Antivirus
Trj/CI.A
16.01.08.10

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48 [F]
23.00.65.16106

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
46298

File size:
308 KB (315,438 bytes)

Product version:
2.02.0005

Original file name:
Sonces dor.exe

File type:
Executable application (Win32 EXE)

Language:
Norwegian, Nynorsk (Norway)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flashplayer.exe

File PE Metadata
Compilation timestamp:
1/3/2016 8:19:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:MSAn5o/8k9CM+N8iTi7cuQ+M4KjR1FQGtTu/2An1ix:MSAb+CM+u6uiTcGtiewix

Entry address:
0x1218

Entry point:
68, CC, E0, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 13, 15, 7D, 15, 77, 37, 55, 41, 99, 94, 93, 3D, C8, 26, AB, 85, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, C0, 00, 57, 00, 00, 00, 50, 72, 6F, 64, 75, 6B, 74, 69, 6F, 6E, 73, 70, 68, 61, 73, 65, 00, F6, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 09, FF, F5, CA, 7A, 53, D5, BC, 41, BB, FF, 71, 9B, EA, 20, 60, 7D, F2, 91, 60, CF, 4C, 25, 0D, 4D, A7, 43, F7, F0, 27, A3, 60, D9, 3A, 4F, AD...
 
[+]

Entropy:
7.4184

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
296 KB (303,104 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

Remove flashplayer.exe - Powered by Reason Core Security