» flashplayer.exe
Overview
Analysis
File Details
Downloads (1)

flashplayer.exe

Laienbruder

AhnLabs, Pro.

The executable flashplayer.exe has been detected as malware by 12 anti-virus scanners. The file has been seen being downloaded from 261.fpb8p6pggd.sieremyvisajobs.com.

File name:

flashplayer.exe

Publisher:

AhnLabs, Pro.

Product:

Laienbruder

Description:

Sonces dor

Version:

2.02.0005

MD5:

271e58316e55eb4863bbf933ed4ee087

SHA-1:

f6655bc0f31a1592b81781bde0dfef81d50b6d98

SHA-256:

fa588bc029acefde930db607be2f0deb48f846953f6c3a29e778b5d956d2f8fc

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

11/24/2024 2:53:22 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.VB.45451

8.3.2.4

avast!

Win32:Malware-gen

160108-0

Bkav FE

HW32.Packed

1.3.0.7400

ESET NOD32

Win32/Injector.CPLN trojan

7.0.302.0

Fortinet FortiGate

W32/Injector.CPLN!tr

1/8/2016

Kaspersky

Trojan.Win32.Kovter

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.213.1787.0

Panda Antivirus

Trj/CI.A

16.01.08.10

Qihoo 360 Security

QVM03.0.Malware.Gen

1.0.0.1077

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48 [F]

23.00.65.16106

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

46298

File size:

308 KB (315,438 bytes)

Product version:

2.02.0005

Original file name:

Sonces dor.exe

File type:

Executable application (Win32 EXE)

Language:

Norwegian, Nynorsk (Norway)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flashplayer.exe

File PE Metadata

Compilation timestamp:

1/3/2016 8:19:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:MSAn5o/8k9CM+N8iTi7cuQ+M4KjR1FQGtTu/2An1ix:MSAb+CM+u6uiTcGtiewix

Entry address:

0x1218

Entry point:

68, CC, E0, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 13, 15, 7D, 15, 77, 37, 55, 41, 99, 94, 93, 3D, C8, 26, AB, 85, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, C0, 00, 57, 00, 00, 00, 50, 72, 6F, 64, 75, 6B, 74, 69, 6F, 6E, 73, 70, 68, 61, 73, 65, 00, F6, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 09, FF, F5, CA, 7A, 53, D5, BC, 41, BB, FF, 71, 9B, EA, 20, 60, 7D, F2, 91, 60, CF, 4C, 25, 0D, 4D, A7, 43, F7, F0, 27, A3, 60, D9, 3A, 4F, AD... 
[+]

Entropy:

7.4184

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

296 KB (303,104 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

http://261.fpb8p6pggd.sieremyvisajobs.com/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.