flashplayer.exe

The executable flashplayer.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 193.146.59.34 and multiple other hosts.
MD5:
87d00ed666986d5be19ddf0db090a637

SHA-1:
f9110666e7f7c2c125573454aa639ef4a564e2cd

SHA-256:
f878e7c463df1a81c6b59d1e87bf5626adc4e3d8ad591a3637002b3544076aec

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/27/2024 10:30:25 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Spy.W32.Zbot
2.1.4+

Fortinet FortiGate
PossibleThreat.SB!tr.dldr
12/4/2014

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2847

Reason Heuristics
Threat.Downloader.KY
16.2.29.19

File size:
732 KB (749,568 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flashplayer.exe

File PE Metadata
Compilation timestamp:
9/18/2014 12:10:52 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:KL97VkAjfNBRe1RTXr3LJI9UaqUamI3MbMrUNWr7zk/LITsaeoAiL9wfTCPa94ud:KhB/Re19Xwg58/LdahhfK9JVb6Qg

Entry address:
0xA9C0C

Entry point:
55, 8B, EC, 83, C4, E8, 33, C0, 89, 45, E8, 89, 45, EC, B8, 24, 5B, 4A, 00, E8, 48, 0A, F6, FF, 33, C0, 55, 68, 77, 9C, 4A, 00, 64, FF, 30, 64, 89, 20, 8D, 55, EC, B8, 90, 9C, 4A, 00, E8, 81, B9, FF, FF, 8B, 45, EC, E8, 81, BB, FF, FF, 8D, 55, E8, B8, 08, 9D, 4A, 00, E8, 6C, B9, FF, FF, 8B, 45, E8, E8, 44, BE, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 7E, 9C, 4A, 00, 8D, 45, E8, BA, 02, 00, 00, 00, E8, 3A, D0, F5, FF, C3, E9, C4, C6, F5, FF, EB, EB, E8, C9, CD, F5, FF, 00, B0, 04, 02, 00, FF, FF, FF, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
674 KB (690,176 bytes)

The file flashplayer.exe has been seen being distributed by the following 3 URLs.

http://193.146.59.34/wp-content/uploads/.../flashplayer.exe

http://219.122.43.173/flashplayer.exe

Remove flashplayer.exe - Powered by Reason Core Security