flashplayerpro.exe

Lote

Perets Smart, TOV

The application flashplayerpro.exe, “Lote Setup ” by Perets Smart, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.todaymegasend.com.
Publisher:
Lucodeh   (signed by Perets Smart, TOV)

Product:
Lote

Description:
Lote Setup

MD5:
c4a3c8c87872ed53137e78c4811911f6

SHA-1:
d3005e54a4e7f0b2d7fd190ba1c1efd46955814d

SHA-256:
a937594d8cd91b8dcc00b5ac75141428624ca8edfea1741f3614c005492602a6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 4:20:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.1

File size:
949.3 KB (972,064 bytes)

Product version:
4.6.2

Copyright:
Wizard

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flashplayerpro.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/25/2016 7:00:00 PM

Valid to:
5/26/2017 6:59:59 PM

Subject:
CN="Perets Smart, TOV", OU=IT, O="Perets Smart, TOV", STREET="Bud. 8 kv. 60, bul. Lesi Ukrainky", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13E2E656DC165E1ACE084B816FB003FB

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9334

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file flashplayerpro.exe has been seen being distributed by the following URL.

http://www.todaymegasend.com/QTiz3BBYidEVMEd7OgIlIJSsLtbchCIwha7TCiwXccvGeJQIeOc2wk6LX9FeGrsE06uPx8gozLtTqAZBbFzHhdoC3vAulWrFwpnU1Lh_StIWz 8L7UrXWHirMHtWLgEoo0vYLNc459Ytj6mCAtFQxzf9Ifi7WuOfdO1wNV4cKHtJ4D9DEMg8 hKb7G0G3nXSuu SAw0_oukl k2bbF r3yFXKva1xTUA6kxlk x7FRyLEBMlYbdgx2_9UD9B3EALZO8Yudvs78MpOW m9FsMDBUvk5 28UEfj6evMYCJYLB6DJR06E24ig2Lf VrsLkuv_TuXU1MxhPK7k5wTYKKFT5z6g3X ovAp69ZDNJIrMR8HaA_6cpxthdidUR6FGAs4RqWYzWyF7P zKCQa6O8SinogGa3e7VKPBoW9K6IQn5hC2QqOG9d6v6TIJ1qfJYDS5HUE2t2VY0Flo6gWFYZv7LIsVjpC90jVP67mYwTWmdeb4i1e8H8bS2SUK39fz7qoumtsXVbQQIZJbH0Nqd8CgrgUkV3TveXmNubekTQWtP4WHhPsVK7bVIiPe 40qghqRkukst4uw4VyHkyR1S7q0ELtDoUmPvCggcMlbftSiLMv3MSqZDUgoupkzEbi25XhdnHStXn7bBYWJiXid3CcHFiNowBpcBj4dOQZEfbdWpVo7iZsg0KzV9yk0lEkbl5hmNgNSHxJ4IECihXWbDseVYBXhE3n7mID7T0DtxNzw9u89SbfHqw0RrS3ato5gguWkZsNjnmh8U1hNome iQAYAlaaYu9g58yobV1fE6Ria8 YpQ6hiAcC D4MerWzXyq6uNQgG-GzwAAORtm8 QRt34QeNKWgliEI3qQjZpSCIJdikaF PK_Y7pmOI3gMDtNyNbk3FCFVZqRr_oAXkC

Remove flashplayerpro.exe - Powered by Reason Core Security