» flashplayer.exe
Overview
Analysis
File Details
Downloads (1)

flashplayer.exe

Windows

The executable flashplayer.exe has been detected as malware by 28 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from ssl2632.websiteseguro.com.

File name:

flashplayer.exe

Product:

Windows

Version:

1.0.0.0

MD5:

5968e6970bc5a7f032c8ab6011b38936

SHA-1:

ff6c85247c04419567a7b14971d83440a1ea0a80

SHA-256:

c9da8271300c52fa1205656d0cb1c835d7d10976e89d0d0afab454b50c48bb6b

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

11/15/2024 10:42:47 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11946704

792

Agnitum Outpost

Trojan.DL.Small

7.1.1

AhnLab V3 Security

Trojan/Win32.Kazy

2014.11.12

avast!

Win32:Dropper-gen [Drp]

2014.9-141204

Baidu Antivirus

Trojan.Win32.Badur

4.0.3.14124

Bitdefender

Trojan.Generic.11946704

1.0.20.1690

Emsisoft Anti-Malware

Trojan.Generic.11946704

8.14.12.04.12

ESET NOD32

MSIL/TrojanDownloader.Small.OD

8.10710

Fortinet FortiGate

W32/Badur.JMRJ!tr

12/4/2014

F-Secure

Trojan.Generic.11946704

11.2014-04-12_5

G Data

Trojan.Generic.11946704

14.12.24

IKARUS anti.virus

Trojan-Downloader.MSIL.Small

t3scan.1.8.3.0

Kaspersky

Trojan.Win32.Badur

14.0.0.2847

Malwarebytes

Trojan.Banker.ICA

v2014.12.04.12

McAfee

RDN/Generic.bfr!ht

5600.6926

MicroWorld eScan

Trojan.Generic.11946704

15.0.0.1014

NANO AntiVirus

Trojan.Win32.Badur.dgnqiq

0.28.6.62995

Norman

Small.NH

11.20141204

nProtect

Trojan.Generic.11946704

14.11.11.01

Panda Antivirus

Trj/Chgt.H

14.12.04.12

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Quick Heal

Trojan.Badur.r3

12.14.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.1779C835!393857077

23.00.65.141202

Sophos

Mal/BanLoad-AX

4.98

Trend Micro House Call

TROJ_GEN.R011C0EJV14

7.2.338

Trend Micro

TROJ_GEN.R011C0EJV14

10.465.04

Vba32 AntiVirus

Trojan.Badur

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

34726

File size:

9 KB (9,216 bytes)

Product version:

1.0.0.0

Original file name:

Windows.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\flashplayer.exe

File PE Metadata

Compilation timestamp:

10/8/2014 1:14:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

96:vAwUn5eShJZKUmqL1bDtV0y9tsH7rV7yIkadP3GMEC6hO8W2spvMu2jYcMzNt:v0n/ZJDt92R7yIk6P3mphO8baMu2sT

Entry address:

0x38BE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

6.5 KB (6,656 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

https://ssl2632.websiteseguro.com/.../flashplayer.exe

Remove flashplayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.