flashplayer__6207_i939404408_il245.exe

The application flashplayer__6207_i939404408_il245.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from ads.displayincloud.com.
Version:
1.1.1.72

MD5:
a5ea2604bd777dcc2fe99b9165d72b2f

SHA-1:
0927968539e6f026ed65b09ebb06b7544c15b364

SHA-256:
85f26996250c3536fc2ec4812a1406554f560d716add8eac7d6eece06b8acec1

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 6:29:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Amonetize.K
693

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.06.27

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.157.32

avast!
Win32:Amonetize-CF [PUP]
2014.9-150313

AVG
BundleApp_r.R
2016.0.3171

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.15313

Bitdefender
Application.Bundler.Amonetize.K
1.0.20.360

ESET NOD32
Win32/Amonetize.AW (variant)
9.10005

F-Secure
Application.Bundler.Amonetize
11.2015-13-03_6

G Data
Application.Bundler.Amonetize
15.3.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.2352

Malwarebytes
PUP.Optional.Amonetize
v2015.03.13.12

McAfee
PUP-FBM
5600.6827

MicroWorld eScan
Application.Bundler.Amonetize.K
16.0.0.216

Qihoo 360 Security
Win32/Virus.Adware.932
1.0.0.1015

Rising Antivirus
PE:Malware.Adware!6.17D8
23.00.65.15311

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.R0CBH06FP14
7.2.72

File size:
332 KB (339,968 bytes)

Product version:
1.1.1.72

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer__6207_i939404408_il245.exe

File PE Metadata
Compilation timestamp:
6/23/2014 2:02:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:WRYFNgxM4n5Mr+Q+zSYsfyZBDBJvo2Eej7O1uROX7qrVIPxSsK6GzCpB88:WRYFCjn5w+XzSYsfyjDB3EWOX+rVASzi

Entry address:
0x28264

Entry point:
E8, 35, A0, 00, 00, E9, 89, FE, FF, FF, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00...
 
[+]

Entropy:
6.4482

Code size:
237 KB (242,688 bytes)

The file flashplayer__6207_i939404408_il245.exe has been seen being distributed by the following URL.

Remove flashplayer__6207_i939404408_il245.exe - Powered by Reason Core Security