home

flashplayerplug_11_4_76_983.exe

Adobe Flash Player Media 11.283

Adobe Flash, Media Inc TM.

The executable flashplayerplug_11_4_76_983.exe, “Adobe Flash Player Media 16 TM.” has been detected as malware by 10 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘FlashPlayerPlug_11_4_76_983’.
Publisher:
Adobe Flash, Media Inc TM.

Product:
Adobe Flash Player Media 11.283

Description:
Adobe Flash Player Media 16 TM.

Version:
1.2.2.1

MD5:
3934d33ddf3b88fe83027bf62e474854

SHA-1:
e5243dd252c6df70162bfca77e2de036b2e5313c

SHA-256:
2fd2ac65156dbe3deb8b31146b4df5a075f77100a927d4c02b2d0c765d1c64dd

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/24/2024 6:59:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.316361
957

AhnLab V3 Security
Trojan/Win32.Agent
2014.06.23

avast!
Win32:Dropper-gen [Drp]
2014.9-140622

Baidu Antivirus
Trojan.MSIL.ChadowTek
4.0.3.14622

Bitdefender
Gen:Variant.Kazy.316361
1.0.20.865

Emsisoft Anti-Malware
Gen:Variant.Kazy.316361
8.14.06.22.07

ESET NOD32
MSIL/ChadowTek (variant)
8.9981

F-Secure
Gen:Variant.Kazy.316361
11.2014-22-06_1

G Data
Gen:Variant.Kazy.316361
14.6.24

MicroWorld eScan
Gen:Variant.Kazy.316361
15.0.0.519

File size:
422.5 KB (432,640 bytes)

Product version:
1.2.2.1

Copyright:
Adobe Flash Player Media Inc

Trademarks:
Adobe Flash Player Media Inc

Original file name:
FlashPlayer Adobe.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\flashplayer install\flashplayerplug_11_4_76_983.exe

File PE Metadata
Compilation timestamp:
6/21/2014 11:32:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:340dqEpKZj2AL4l9SRLAdZyOwdZ4y7JXmO:f9XTy7T48J5

Entry address:
0x51EBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
320 KB (327,680 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
FlashPlayerPlug_11_4_76_983

Command:
C:\users\{user}\appdata\roaming\flashplayer install\flashplayerplug_11_4_76_983.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to we-in-f137.1e100.net  (173.194.66.137:443)

TCP (HTTP SSL):
Connects to par10s11-in-f4.1e100.net  (173.194.40.164:443)

TCP (HTTP SSL):
Connects to par10s09-in-f1.1e100.net  (173.194.40.97:443)

Remove flashplayerplug_11_4_76_983.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.