flashplayer.exe

Windows

The executable flashplayer.exe has been detected as malware by 28 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from ssl2632.websiteseguro.com.
Product:
Windows

Version:
1.0.0.0

MD5:
5968e6970bc5a7f032c8ab6011b38936

SHA-1:
ff6c85247c04419567a7b14971d83440a1ea0a80

SHA-256:
c9da8271300c52fa1205656d0cb1c835d7d10976e89d0d0afab454b50c48bb6b

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
12/27/2024 11:08:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11946704
792

Agnitum Outpost
Trojan.DL.Small
7.1.1

AhnLab V3 Security
Trojan/Win32.Kazy
2014.11.12

avast!
Win32:Dropper-gen [Drp]
2014.9-141204

Baidu Antivirus
Trojan.Win32.Badur
4.0.3.14124

Bitdefender
Trojan.Generic.11946704
1.0.20.1690

Emsisoft Anti-Malware
Trojan.Generic.11946704
8.14.12.04.12

ESET NOD32
MSIL/TrojanDownloader.Small.OD
8.10710

Fortinet FortiGate
W32/Badur.JMRJ!tr
12/4/2014

F-Secure
Trojan.Generic.11946704
11.2014-04-12_5

G Data
Trojan.Generic.11946704
14.12.24

IKARUS anti.virus
Trojan-Downloader.MSIL.Small
t3scan.1.8.3.0

Kaspersky
Trojan.Win32.Badur
14.0.0.2847

Malwarebytes
Trojan.Banker.ICA
v2014.12.04.12

McAfee
RDN/Generic.bfr!ht
5600.6926

MicroWorld eScan
Trojan.Generic.11946704
15.0.0.1014

NANO AntiVirus
Trojan.Win32.Badur.dgnqiq
0.28.6.62995

Norman
Small.NH
11.20141204

nProtect
Trojan.Generic.11946704
14.11.11.01

Panda Antivirus
Trj/Chgt.H
14.12.04.12

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Quick Heal
Trojan.Badur.r3
12.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.1779C835!393857077
23.00.65.141202

Sophos
Mal/BanLoad-AX
4.98

Trend Micro House Call
TROJ_GEN.R011C0EJV14
7.2.338

Trend Micro
TROJ_GEN.R011C0EJV14
10.465.04

Vba32 AntiVirus
Trojan.Badur
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34726

File size:
9 KB (9,216 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
Windows.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\flashplayer.exe

File PE Metadata
Compilation timestamp:
10/8/2014 1:14:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
96:vAwUn5eShJZKUmqL1bDtV0y9tsH7rV7yIkadP3GMEC6hO8W2spvMu2jYcMzNt:v0n/ZJDt92R7yIk6P3mphO8baMu2sT

Entry address:
0x38BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.5 KB (6,656 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

Remove flashplayer.exe - Powered by Reason Core Security