flashplayerpro.exe

Loko

Perets Smart, TOV

The application flashplayerpro.exe, “Loko Setup ” by Perets Smart, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.townuniversetower.com.
Publisher:
Perets Smart, TOV  (signed and verified)

Product:
Loko

Description:
Loko Setup

Version:
1.3.5.5

MD5:
2e750607c14543ff7f1cf9a192d4723f

SHA-1:
c21c4bdbf2018976b20a315c3f95f52a12fe1212

SHA-256:
7fe8a6433db75328e0feeb6fb0512a6a152e35edde71e29e5243607985637367

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 8:42:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.14.20

File size:
950.8 KB (973,648 bytes)

Product version:
1.8.1

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flashplayerpro.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/25/2016 8:00:00 PM

Valid to:
5/26/2017 7:59:59 PM

Subject:
CN="Perets Smart, TOV", OU=IT, O="Perets Smart, TOV", STREET="Bud. 8 kv. 60, bul. Lesi Ukrainky", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13E2E656DC165E1ACE084B816FB003FB

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9310

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file flashplayerpro.exe has been seen being distributed by the following URL.

http://www.townuniversetower.com/6jmBgQamOeaUn58PBKggaFAiMczg8wvnm6R1lyBRQaFYhKquR 0Im Ac5NG7o7lbZJmPIy222CWRrBeTTeVk2cm8Z92IdZy 0RflIAJR MdYkUFICLDY44TJS3MNj0xAvteenmzMsZURZhuvpKuijbuAXncPp7bowJ_eedJhhi2rvl3KqIVRvEAa3vvWwPe2YZYdSKqpmlvPsYA6ygYxBHIHwD5B7MBKpKrQjc_6oAs97gjTz2sMBkAkt3Pm8u4qMZ4 FsXAppVhply4fEPUVKpweba5zjI9VVQTspAmNlghWZWjYNEqWn8r3cGgEOGwcLrM3dbKcf1Cu7nDzq6Aw wiVtzgl oMnPs9f 3NC3C8yW0Z ikoIa70Wgsp0eqY 31H9UzcAX_3ZYuUuH1QFmJrZb22qKoU2FQ2cUxvEk3ZPTJndPvpdLynEykSuti7GpYBquDX RKC6O 3cQ7RXup5sDMDof8UAvpsZCF_IyHyszgkdj0NB9F3NhwQqQdN513ivAkRZJeYRpKxvHlh5fcZ d9DgdM_NNeffi74 hxG7YfKhEojnt7umtVV2TZ 3PieIV3aR W2W1xhTM5JECLQSLjSt0uV1eBuHEPHw0GVIpf_b4MvXuDuuMQXPD6 6epMjgBpjxr2qDfZr52kq8Uj5 3IBZ3r8Ecak_SGeTipLFIu8kmp9Zu3ykZAi huhKyPzDPJmth7pWqFVH7kaXmCQHQ0PF3OTjmeyMp94thhjWZfqppJMnSbbi20RHH4A_bmRyo4CW5Zbfbf2kzEpM5zT8apiGbc5xlxqett6qxfcNhtalMBIFsiPqDT9f33XpVQx07lt3afTcLg2KEdYzWyRs3g==-GzwAAORtm8 QRt34QeNKWgliEI3qQjZpSCIJdikaF PK_Y7pmOI3gMDtNyNbk3FCFVZqRr_oAXkC

Remove flashplayerpro.exe - Powered by Reason Core Security