flashplayer_updater.exe

Golden Banners

The application flashplayer_updater.exe by Golden Banners has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Tomorrow Software Installer installer. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Golden Banners  (signed and verified)

Product:
Golden Banners

Version:
73.7.3.2411

MD5:
982a41cc2171871b0eae60c31a4d0bbb

SHA-1:
e46c6783d28fbd9f3e9f5fea4f7abb02c7487fae

SHA-256:
2630f1610781cb809d49a3f62390584694d4684a86b1af6f226e1261760fc6c2

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 4:26:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TomorrowSoftware (M)
17.1.26.1

File size:
882.2 KB (903,416 bytes)

Product version:
73.7.3.2411

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tomorrow Software Installer

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer_updater.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
10/30/2015 9:34:38 PM

Valid to:
9/10/2016 8:39:55 PM

Subject:
CN=Golden Banners, O=Golden Banners, L=San Francisco, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00BE3C8F3DCF9E64C0

File PE Metadata
Compilation timestamp:
11/9/2014 10:41:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x3142

Entry point:
E8, D9, A3, 00, 00, E9, DB, 9C, 00, 00, CC, CC, CC, CC, 53, 55, 56, 8B, 74, 24, 10, 57, 6A, 01, 6A, 00, 56, E8, 0E, 27, 00, 00, 83, C4, 0C, FF, 15, A4, F0, 40, 00, 8B, C8, C1, E9, 08, 33, FF, 0F, B6, D8, 0F, B6, E9, 3D, 00, 00, 00, 80, 73, 05, C1, E8, 10, 8B, F8, 53, 56, E8, 05, 27, 00, 00, 8B, 15, A4, A8, 44, 00, 52, 6A, FE, 56, E8, 06, 25, 00, 00, 55, 56, E8, EF, 26, 00, 00, A1, 34, A9, 44, 00, 50, 6A, FE, 56, E8, F1, 24, 00, 00, 57, 56, E8, DA, 26, 00, 00, 8B, 0D, CC, A8, 44, 00, 51, 6A, FE, 56, E8, DB...
 
[+]

Code size:
53.5 KB (54,784 bytes)

Remove flashplayer_updater.exe - Powered by Reason Core Security