flashplayerpro.exe

Kehakame

Perets Smart, TOV

The application flashplayerpro.exe, “Kehakame Setup ” by Perets Smart, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.deliverytagsend.com.
Publisher:
Perets Smart, TOV  (signed and verified)

Product:
Kehakame

Description:
Kehakame Setup

Version:
1.4.5.8

MD5:
803f1f60b9c1ce8c05fed2a7d362bb7d

SHA-1:
9b33f1e889cfc0edd68aed8bd27a7f1acb397b08

SHA-256:
a846d640d802343e4fbd6e45b3683cba586b96b261b2bcf838e7a53d7961c351

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 8:40:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.12

File size:
968.5 KB (991,752 bytes)

Product version:
1.8

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flashplayerpro.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/26/2016 5:30:00 AM

Valid to:
5/27/2017 5:29:59 AM

Subject:
CN="Perets Smart, TOV", OU=IT, O="Perets Smart, TOV", STREET="Bud. 8 kv. 60, bul. Lesi Ukrainky", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13E2E656DC165E1ACE084B816FB003FB

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9090

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file flashplayerpro.exe has been seen being distributed by the following URL.

http://www.deliverytagsend.com/UekUD5Tj3XX8UBNydYXBuu3hRb7sJc_cxTc5zNud2TuiX6p4EZx RGjwW2147bcwU3TwG4MsDK4r_oa3eC79t5W1wvUpUjuvkEL5ItqzSU7EtMLotSxyQwrHF0FDmXkK7qcQvg ooOFLNvkTcFB4Rp7RPVKvEPhoVP15sHm4Nu4AzjzzNt0r0YAin9 EbZQv0GAFd8uAG4lcuZn 55RClOsDXuD3Fp9ndYFqrWpjbTz3nRnUow4VAB_EHEzJTQKxkXf9SlUixPPdbfHR9ZWXB5egpAF1fju1Au29chQuvC7W20bWVzhzjqaS532D1tMeKAVpf_xgrXQzQzObOtAVe_aBbAxx21o0_1NcZk1iGLYPmoBFEY1g_RFQ 6e5tUIbwuyOSRCnGL8zQkek56Avs4KRS_9ZZSUtrr56v8 4zkYpSBR7kABiBMxMuvLMAsZTj7dmHXeraBZ8 mLa1lT04uYyOQMaj2vY91aW vMxjEabn Rj7yhvLce8kAdrOv9MnqvZSIpwqM61IG_7Ea4OnVuCaZmxQHVTuIKcRhq7EjBH_xNZ3HsHUxCjq 0EpW1LFTimYGEsRZyGihI401gRTA9lvEzv1yiZGSL7ef_ j_OOGgdeXR1ZUZJA06JrdxZS RS qlppn5rLeoUHgb7gxD29c3HtFxbuK8r TKIhBe5l6ycUoDgVuFIicjA58906V4cwynQICX3 WHGpH8pnOgAZDRCRu YdlLCZHpfy_WbtP1_NmrS opY_E1uOOWxsD18VLPWLVop8o0W1JM2enCyNDR_LRk8jtPCPXpK4xioniSN9Zl07pMKeDa ZPI09L40eitE6-GzwAAORtm8 QRt34QeNKWgliEI3qQjZpSCIJdikaF PK_Y7pmOI3gMDtNyNbk3FCFVZqRr_oAXkC

Remove flashplayerpro.exe - Powered by Reason Core Security