flashplayer17_ga_install.exe

Moo Lobelia

MDG Advertising

The application flashplayer17_ga_install.exe, “Prong Mashing Panga ” by MDG Advertising has been detected as a potentially unwanted program by 29 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.mediafire.com.
Publisher:
MDG Advertising  (signed and verified)

Product:
Moo Lobelia

Description:
Prong Mashing Panga

Version:
1, 0, 0, 1

MD5:
077e9d48158be1e6b3fc92d1b590bf02

SHA-1:
b5bdc018f682597fedab40996a475a343a499581

SHA-256:
01c1d9ce41b4944e19890e9f04d743f16faf443631cb74b2f77cb5d3bec17e60

Scanner detections:
29 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:17:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2458385
211

AegisLab AV Signature
Troj.Generickd!c
2.1.4+

Avira AntiVirus
TR/Crowti.A.341
8.3.3.4

Arcabit
Trojan.Generic.D258311
1.0.0.696

avast!
Win32:Agent-BAYC [Trj]
2014.9-160708

AVG
Crypt4
2017.0.2689

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.1678

Bitdefender
Trojan.GenericKD.2458385
1.0.20.950

Dr.Web
Tool.Siggen.10923
9.0.1.0190

Emsisoft Anti-Malware
Trojan.GenericKD.2458385
8.16.07.08.10

ESET NOD32
Win32/Filecoder.CryptoWall
10.13609

Fortinet FortiGate
W32/Filecoder.CO!tr
7/8/2016

F-Secure
Trojan.GenericKD.2458385
11.2016-08-07_6

G Data
Trojan.GenericKD.2458385
16.7.25

IKARUS anti.virus
Trojan.Crypt
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.227.19844

Malwarebytes
Ransom.FileCryptor
v2016.07.08.10

McAfee
Ransom-CWall.a
5600.6345

Microsoft Security Essentials
Ransom:Win32/Crowti
1.1.12805.0

MicroWorld eScan
Trojan.GenericKD.2458385
17.0.0.570

NANO AntiVirus
Riskware.Win32.Siggen.dtgnhq
1.0.38.8881

nProtect
Trojan.GenericKD.2458385
16.06.07.01

Panda Antivirus
Trj/Genetic.gen
16.07.08.10

Quick Heal
PUA.Mdgadverti.Gen
7.16.14.00

Rising Antivirus
Malware.XPACK-HIE/Heur!1.9C48
23.00.65.16706

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_CRYPWALL.XXUAT
7.2.190

Trend Micro
TROJ_CRYPWALL.XXUAT
10.465.08

VIPRE Antivirus
Trojan.Compcert.52915
49952

File size:
223.7 KB (229,072 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2015

Original file name:
Quelling.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flashplayer17_ga_install.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/18/2015 3:00:00 AM

Valid to:
5/18/2016 2:59:59 AM

Subject:
CN=MDG Advertising, OU=IT, O=MDG Advertising, STREET=3500 NW BOCA RATON BLVD, L=Boca Raton, S=FL, PostalCode=33431, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E5D044297AD12EFD48A436E7B7E1EA4F

File PE Metadata
Compilation timestamp:
5/2/2005 12:20:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:f+v8l8oYcn2sxITyr29Lpg/DCGWN0b/DCLp71uNXvqE30zDmi:fjlh12sCTy64/gNy/D23uNfn0z7

Entry address:
0x1FED6

Entry point:
55, 8B, EC, 6A, FF, 68, 18, 22, 42, 00, 68, 5C, 00, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 3C, 12, 42, 00, 59, 83, 0D, 6C, 42, 42, 00, FF, 83, 0D, 70, 42, 42, 00, FF, FF, 15, 38, 12, 42, 00, 8B, 0D, 58, 42, 42, 00, 89, 08, FF, 15, 34, 12, 42, 00, 8B, 0D, 54, 42, 42, 00, 89, 08, A1, 30, 12, 42, 00, 8B, 00, A3, 68, 42, 42, 00, E8, 16, 01, 00, 00, 39, 1D, 80, 41, 42, 00, 75, 0C, 68, 58, 00, 42, 00, FF, 15, 2C, 12...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
128 KB (131,072 bytes)

The file flashplayer17_ga_install.exe has been seen being distributed by the following URL.

Remove flashplayer17_ga_install.exe - Powered by Reason Core Security