flashplayer10.exe

Installer

my mobile ltd

The application flashplayer10.exe, “InstallScript Setup Launcher Unicode” by my mobile ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from 95.211.82.145 and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Setup  (signed by my mobile ltd)

Product:
Installer

Description:
InstallScript Setup Launcher Unicode

Version:
1.00.0000

MD5:
a36fa600be17ad7f8d9103ea694b7f3b

SHA-1:
2bf0f2c8443b6d9b8eb94b3e51554d9399eceafe

SHA-256:
0f2b8652269a412ada3f16945bfe0b401055d59f4da8c1eca2fc6690716cc536

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:06:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.mymobile.Installer (M)
15.12.26.21

File size:
7.9 MB (8,262,712 bytes)

Product version:
1.00.0000

Copyright:
Copyright (c) 2014 Flexera Software LLC. All Rights Reserved.

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer10.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/13/2014 9:00:00 PM

Valid to:
5/14/2015 8:59:59 PM

Subject:
CN=my mobile ltd, O=my mobile ltd, STREET=kremnitski 6, L=Tel Aviv, S=Israel, PostalCode=6789906, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD454874EF6832F612B8D7B8E9204DEF

File PE Metadata
Compilation timestamp:
5/13/2014 11:13:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
196608:FAogRC47CWZIqUyp55Htu+os7jcKVwlHxpxoUk/6/aZb8xxAogqVv:8NZIiXk+JvrylRpW1iCJG

Entry address:
0x4133E

Entry point:
E8, 9A, 68, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 33, D2, 8B, C2, 39, 45, 0C, 76, 11, 8B, 4D, 08, 66, 39, 11, 74, 09, 40, 83, C1, 02, 3B, 45, 0C, 72, F2, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61...
 
[+]

Code size:
416.5 KB (426,496 bytes)

The file flashplayer10.exe has been seen being distributed by the following 26 URLs.

http://95.211.82.145/file/-_-MmEwYV8xNThfNDE5Nl80MjM3X0JSXzE4Ny4xMy43MC4xNTFfMmRjXzg4ODhfQURT-_-ADSYS-a0e392f3-9370-11e4-80d8-873bc9b928a4/1456/FlashWindow/10709//bb0d46971420307276/.../

http://95.211.82.145/file/-_-ZGMyOF8xNThfNTEyN181MTY5X0JSXzE3Ny42NS4yMzIuNV9iMjFfODg4OF9BRFM-_-ADSYS-3d6e8057-91ae-11e4-89be-afb2a1241361/1456/Outdated/10709//b141e8051420113847/.../

http://95.211.82.145/file/-_-MzE4NV8xNThfNTEyN181MTY5X0JSXzE3Ny4yMi4yMjcuMV82ZDNfNjIzOF9BRFM-_-ADSYS-8da4c33a-943c-11e4-be49-a104decc5a86/1456/Outdated/7277//b116e3011420394877/.../

http://95.211.82.145/file/-_-MmMzMF8xNThfNDE5NV80MjM2X0JSXzIwMC4xNDguMTE5LjE4OF82YmFfNDg1NV9BRFM-_-ADSYS-e5bad6d2-9148-11e4-9286-eaaeed26532f/1456/FlashUpdate/5465//c89477bc1420070311/.../

http://95.211.82.145/file/-_-OGM1NF8xNThfNDE5NV80MjM2X0JSXzE3OS4xNTMuMjkuOTlfYTEzXzg4ODhfQURT-_-ADSYS-4732000b-927a-11e4-a108-ded95e95dbc7/1456/FlashUpdate/10709//b3991d631420201501/.../

http://95.211.82.145/file/-_-MmNlYl8xNThfNDE5N180MjM4X0JSXzE4Ni4yNDkuMTc2LjE0LCAxODYuMjQ5LjE3Ni4xNF9lNjdfNjI4MV9BRFM-_-ADSYS-464b4c05-9467-11e4-ade7-a7936d535eec/1456/FlashPlayer/10541//baf9b00e1420413220/.../

http://95.211.82.145/file/-_-Mzk1Zl8xNThfNDE5Nl80MjM3X0JSXzE4OS4xMjAuOTIuNTVfMzQ4XzYyODFfQURT-_-ADSYS-aaa8bb58-92e8-11e4-a780-dbcda8628dbe/1456/FlashWindow/10541//bd785c371420248880/.../

http://95.211.82.145/file/-_-MTQ4Zl8xNThfNDE5NV80MjM2X0JSXzE5MS4xODEuMjUzLjE3Nl80NWFfODg4OF9BRFM-_-ADSYS-5c2a54a6-92b5-11e4-9a71-85db9d682b79/1456/FlashUpdate/10709//bfb5fdb01420226848/.../

http://95.211.82.145/file/-_-OGM3Y18xNThfNDE5N180MjM4X0JSXzE4Ni4yMDguMjIxLjEzNF8yZGFfODg4OF9BRFM-_-ADSYS-9c386a07-9218-11e4-a4a3-915776e68909/1456/FlashPlayer/10709//bad0dd861420159552/.../

http://95.211.82.145/file/-_-OWFhY18xNThfNTEyN181MTY5X0JSXzE3OS4yMTYuMTMxLjU4XzAwNl82MjgxX0FEUw-_-ADSYS-e0583cb6-9215-11e4-9cdf-d6440d8bf94c/1456/Outdated/10541//b3d8833a1420158349/.../

http://95.211.82.145/file/-_-NjA0YV8xNThfNDE5Nl80MjM3X0JSXzE4Ny42Ny4zMS4yMjhfNjA5XzQyNDBfQURT-_-ADSYS-37ab2777-92be-11e4-abb6-ea0d47fb1394/1456/FlashWindow/4802//bb431fe41420230655/.../

http://95.211.82.145/file/-_-MmI5Y18xNThfNDE5Nl80MjM3X0JSXzIwMC4xNTguOS4xNzhfMDZkXzg4ODhfQURT-_-ADSYS-6e30ac53-911b-11e4-898e-b4c5dbce0198/1456/FlashWindow/10709//c89e09b21420050819/.../

http://95.211.82.145/file/-_-Yjc3Nl8xNThfNTEyN181MTY5X0JSXzE3Ny43My45Mi43XzNiMF82MjgxX0FEUw-_-ADSYS-af05fc57-92f2-11e4-a4b3-e0e029a09b3a/1456/Outdated/10541//b1495c071420253184/.../

http://95.211.82.145/file/-_-ZWU5YV8xNThfNDE5NV80MjM2X0JSXzE4Ny44NC44MC44MF8wNDJfNDI3NV9BRFM-_-ADSYS-0809b85e-947b-11e4-bfbe-d83185e1e830/1456/FlashUpdate/4838//bb5450501420421717/.../

http://95.211.82.145/file/-_-NmU5YV8xNThfNDE5NV80MjM2X0JSXzIwMS4xNjIuNzkuMTI5X2UyNV80MjQwX0FEUw-_-ADSYS-535216f6-9209-11e4-91c7-8aee5dd37735/1456/FlashUpdate/4802//c9a24f811420152971/.../

http://95.211.82.145/file/-_-Y2U3N18xNThfNDE5N180MjM4X0JSXzE4Ni4yMDcuMTE2LjdfZjhjXzYyODFfQURT-_-ADSYS-c2b4ff4a-944b-11e4-8b6a-9a0a58d2a0d7/1456/FlashPlayer/10541//bacf74071420401395/.../

http://95.211.82.145/file/-_-YmE0MV8xNThfNDE5NV80MjM2X0JSXzIwMS4yNy4xMDguMjM4X2NhYV80MjQwX0FEUw-_-ADSYS-5bb98606-9486-11e4-8b6a-a6a0c15b31f3/1456/FlashUpdate/4802//c91b6cee1420426565/.../

http://95.211.82.145/file/-_-NzYwZl8xNThfNDE5N180MjM4X0JSXzIwMS4yOS43NC4yNTBfZDQwXzQyNDBfQURT-_-ADSYS-4f8aa679-910b-11e4-baf3-8008f513e309/1456/FlashPlayer/4802//c91d4afa1420043885/.../

http://95.211.82.145/file/-_-NDAyOV8xNThfNTEyN181MTY5X0JSXzE5Mi4xNjguMjUyLjIzMSwgMTc3LjQwLjI0OS45Ml80YzFfNjI4MV9BRFM-_-ADSYS-a669fd1f-9394-11e4-90fe-9f746e9e0e5d/1456/Outdated/10541//b12abdb11420322760/.../

http://95.211.82.145/file/-_-ZmY0Y18xNThfNDE5NV80MjM2X0JSXzE3Ny4xOTMuMTkyLjg1XzhmOV82MjgxX0FEUw-_-ADSYS-76830ade-9394-11e4-af4f-828da2758b63/1456/FlashUpdate/10541//b1c1c0551420322670/.../

http://95.211.82.145/file/-_-NDQ3MF8xNThfNDE5Nl80MjM3X0JSXzE3Ny45Mi40NS4xMTBfYmFiXzQyNDBfQURT-_-ADSYS-58cd9489-92d3-11e4-b8fa-f9c745ea54f5/1456/FlashWindow/4802//b15c2d6e1420239723/.../

http://95.211.82.145/file/-_-MWE4NF8xNThfNDE5Nl80MjM3X0JSXzIwMS42Ni41LjE0OV80Y2VfNjI4MV9BRFM-_-ADSYS-96b1deb6-93b2-11e4-9e53-8d2a04d34856/1456/FlashWindow/10541//c94205951420335611/.../

http://95.211.82.145/file/-_-M2RhY18xNThfNDE5N180MjM4X0JSXzE5MS4xNzYuMjU1LjU2X2YyM184ODg4X0FEUw-_-ADSYS-cdcc35a2-9297-11e4-abb6-c678fda8eb3f/1456/FlashPlayer/10709//bfb0ff381420214154/.../

http://95.211.82.145/file/-_-ODA3Zl8xNThfNDE5NV80MjM2X0JSXzE5MS4xODcuMjMyLjIxN19iMWVfNzk2Nl9BRFM-_-ADSYS-7782147c-92b4-11e4-aa1e-97b303c155d9/1456/FlashUpdate/9273//bfbbe8d91420226462/.../

http://95.211.82.145/file/-_-ZWMxMl8xNThfNDE5NV80MjM2X0JSXzE4Ny4zOC40Ny4yMDBfNDk5XzYyODFfQURT-_-ADSYS-974fd55a-9220-11e4-9e79-c4d0ad05050f/1456/FlashUpdate/10541//bb262fc81420163025/.../

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove flashplayer10.exe - Powered by Reason Core Security