flashplayerpro.exe

Nedin

Perets Smart, TOV

The application flashplayerpro.exe, “Nedin Setup ” by Perets Smart, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.signsapplicationlaboratory.com.
Publisher:
Perets Smart, TOV  (signed and verified)

Product:
Nedin

Description:
Nedin Setup

MD5:
78b50c0999a4e980218429918bc91a91

SHA-1:
96b99892b7e026b8f4f5140692e2903c6d425504

SHA-256:
b4a2598bff3dd552b5aa77e2f09a9d66ecbc19edf63ced7b52122adee8f10bc7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 4:42:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.16

File size:
943.2 KB (965,880 bytes)

Product version:
1.6

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flashplayerpro.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/25/2016 9:00:00 PM

Valid to:
5/26/2017 8:59:59 PM

Subject:
CN="Perets Smart, TOV", OU=IT, O="Perets Smart, TOV", STREET="Bud. 8 kv. 60, bul. Lesi Ukrainky", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13E2E656DC165E1ACE084B816FB003FB

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file flashplayerpro.exe has been seen being distributed by the following URL.

http://www.signsapplicationlaboratory.com/h1XMcrlUuG5wIhumx2erFz3gGCBBHbrxtei1M hlydytl6v4nbRGDc8xl5_HQxw4 0S oYeiI CK2mrbD7B4aMSrMuDTuOcoE7QH 3V9wt5tCkMSybee2uvxy2RE8eFnpRTf8XWOKHHdeKgXxMhjVh7ZmmlYp8CmpM8L ywWHJr1ZtTVKzMKgtivunxKmNiL1li4NneUz82ikQm3gtt7EkHXcYlWAIHKZ_KyjMm9J7z4Zlu7P6Ji6wgT1yV0usEgPBtUO2LX6fLh0X87 WZQ kz1RR104mD6uIt55CFUI6sqPIyfTOavrCjpEFkGv_2RD_lws2Cm 2fAbTUpm4y9pewwbBUBuV8ffeBmSEPn_1iclpobwb9opevkrMYkzHnlRP2fWGYf_8eqDMq8J kLss3RG8aLuqHzHCblsn1G1e4kLwNlWqcL0tapwWF5Fp7gAdON _0bRMcLrkJXRIDCiU9xEvgxOc3AgF3Wwyu6r ZPVZ2SyFRegmswn6NbZV88Wqz82BLM5VytYrrh n8V65Nbvpo394wAiawOsxqaFz5 fwhMZm8r0MqR0BlkqSF3USsz7sAf2JXG0t56noFk FErNg50e4IDwI08zTsMM6hFK77LtHnw6LChD3hrhuE4yBvr6PGC0XlbryM0zBzAMp0jQ0PGX3qRD_vbwIU4DnqFBcC3S5Flob5DhgIXpjv88YuQJzxUE6mdJpSi0l8TZ7U5AuFYTENBXk20vwjvvB3NqML0jUtDCyNXV6Kw1VhClfPY 3vx6LiCj79A5munpejiGFniHnNXNTRjHQTW P0Bi2tGx8iCRWvw46roNKWJK0rSDTxG-GzwAAORtm8 QRt34QeNKWgliEI3qQjZpSCIJdikaF PK_Y7pmOI3gMDtNyNbk3FCFVZqRr_oAXkC

Remove flashplayerpro.exe - Powered by Reason Core Security