» flashplayerpro.exe
Overview
Analysis
File Details
Downloads (1)

flashplayerpro.exe

program

LLC

The application flashplayerpro.exe, “program Setup ” by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.citybesttour.com.

File name:

flashplayerpro.exe

Publisher:

Lite internet (signed by LLC )

Product:

program

Description:

program Setup

Version:

1.4.4.5

MD5:

289e04692ee814a155e97fbf9eca8fe1

SHA-1:

a18e9097ddd88e235fb9c67580ad052b316c5155

SHA-256:

ccf2d7552084bebc4b880c30c36bf5254ce5f32437fea1609af7b935419c6499

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/15/2024 8:29:49 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.RES (M)

16.6.4.1

File size:

964.1 KB (987,248 bytes)

Product version:

5.2

Application

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flashplayerpro.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

1/10/2016 6:00:00 PM

Valid to:

1/10/2017 5:59:59 PM

Subject:

CN="LLC ""IT INNOVATIONS""", OU=IT, O="LLC ""IT INNOVATIONS""", STREET="prosp. 40-RICHCHYA ZHOVTNYA, 15", L=Kiev, S=Kiev, PostalCode=03039, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FE6F73741B326B0352AD2D2A49388BF0

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:7HQzhYTJIjMxFw6N1b0yGg8vujdyL2gGGG8ryoft:7wNtMxF11bag0ujUyPGPryI

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9352

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file flashplayerpro.exe has been seen being distributed by the following URL.

http://www.citybesttour.com/c?x=Fi/gn4fFLVFZ/lSBSfsdjmHiwv0KgWtaN80 hjMa688=&c=YkaEH4 t2A43nFI5DytA UYy97Q38YUyL2Wt90zdH5elqQgSAd6I5kpqY3qJN4OHrZuo4lY9fIo9Lruo0RgMGoxOR12B9uDdr/qC3t5ET/o/.../B6UXv9dGb67Y

Remove flashplayerpro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.