home

flashplayer_21.2.1.exe

The executable flashplayer_21.2.1.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from storage-eu-6.sharefile.com.
MD5:
e118a870ffa11d344d8ddca987ec7dc6

SHA-1:
420bf1aaf9fefffa644edeedeac2f0bac39cf8ab

SHA-256:
e6b0bba0e375ab551001961726a37038c7d95f76666c0ba41a44f3565f5a2750

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/27/2024 4:46:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.57966
5813571

avast!
Win32:Dropper-gen [Drp]
160112-0

Emsisoft Anti-Malware
Gen:Variant.Symmi.57966
10.0.0.5366

ESET NOD32
Win32/TrojanDownloader.Banload.WTS trojan
7.0.302.0

Kaspersky
Trojan-Dropper.Win32.Dapato
15.0.0.562

McAfee
Trojan.Artemis!E118A870FFA1
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.3153.0

Norman
Gen:Variant.Symmi.57966
11.01.2016 17:30:26

File size:
433.5 KB (443,904 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flashplayer_21.2.1.exe

File PE Metadata
Compilation timestamp:
12/2/2015 2:19:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:KJbwdWInRlpfDt4VkSQbwu6+ZIqyHtVZalYPywH8PzSF96kG/c4fI9/KdsOVwuMZ:gMlpLtesMu70tawcPUtG/Pw

Entry address:
0x5D778

Entry point:
55, 8B, EC, 83, C4, F0, B8, 90, CA, F7, 07, E8, 90, 94, FA, FF, A1, 3C, FF, F7, 07, 8B, 00, E8, 68, 64, FF, FF, A1, 3C, FF, F7, 07, 8B, 00, C6, 40, 5B, 00, 8B, 0D, F8, FE, F7, 07, A1, 3C, FF, F7, 07, 8B, 00, 8B, 15, C0, C2, F7, 07, E8, 5D, 64, FF, FF, A1, 3C, FF, F7, 07, 8B, 00, E8, 89, 65, FF, FF, E8, A4, 75, FA, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
369.5 KB (378,368 bytes)

The file flashplayer_21.2.1.exe has been seen being distributed by the following URL.

https://storage-eu-6.sharefile.com/.../g=

Remove flashplayer_21.2.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.