flashplayerpro.exe

Fite

Perets Smart, TOV

The application flashplayerpro.exe, “Fite Setup ” by Perets Smart, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.headsignquick.com.
Publisher:
Perets Smart, TOV  (signed and verified)

Product:
Fite

Description:
Fite Setup

Version:
4.3.3.8

MD5:
4ff6707a55aab344530c06ac78dcc106

SHA-1:
f870913ed0e42a2d8dbd48d111e0ee34289f99fc

SHA-256:
df078e063c59cbd4d887de4396db8a6f30905f7c08a58e047dff39483167359d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 4:07:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.5

File size:
950.7 KB (973,544 bytes)

Product version:
4.5.5

Copyright:
Program Wizard

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flashplayerpro.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/25/2016 5:00:00 PM

Valid to:
5/26/2017 4:59:59 PM

Subject:
CN="Perets Smart, TOV", OU=IT, O="Perets Smart, TOV", STREET="Bud. 8 kv. 60, bul. Lesi Ukrainky", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13E2E656DC165E1ACE084B816FB003FB

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9125

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file flashplayerpro.exe has been seen being distributed by the following URL.

http://www.headsignquick.com/S_T jIEP5cGNzWDwhIbgddvh1YJS79uN FayO8MIon2eDM_amqkU47CEP6aO3261nMYBJungpdsdlXYLSu7fnkVASqATAMFJf9A NcXYDkSif4tDCaG1Pv1wOV7RFwz JsOeRueUwimyKBa gbMvOgbySnf8BVUjbdjxPPkwe1SkFuoQw1EiGmZ06gQ8P8AfkeUAPDw0Wi78fU1tx523yCkk7b3WbtlysKfmxPzv27oIZdGvvmRx88ZkQYMAIa8TNQ2GkLmSOQtKx8wJ865rWHhV3indUcL865ba79VxN9iokGC8UNVm6Pq6U0hMWX_H9BlDISYVbFVBCgNquZLDncagAQaiKRcgRHdenb8CRp9fYq32HIu9_OAKBUKzCrpharqwZU5YjrE8F_pAS6npq_mo3FFIG3U0UeGmu0ZgRIt0DgHK18cxzQ4Y_wVvfRaeaghcSaBT2mR3ccPiUxsT_mWtFrwhwu Ha5slZK7x_LPmgnAzMQmRSixUZ7sImlc6zIHWXVtDc3NZxx04ZmsDPlrBL59J2MeupNlKovPvJt5h pTF14qfqy0nymgSZt174Ji5vIXqlbFbngot5u4yBvZSKX_U2 _dbm azTrVtzKTgrrIiMY8B7_y4U3C6q15o0D2y3ounhVHqx_q5Kd58XX0 dxZKdN wVjR7VECjYhCr2z Nw0z0Q0WAD5sNJJN5xdsU1gyVZEgF_MiEE9cjOJdXf Ewl1QMtSIfPVkBbzTip0R1dI7gdr1IJSH7QedkDHEUUi5OAOy49e1FtVdJ6NNeaFICsvme93v8_LjS950N6TH5cEeQh4uT x8ryqlm_5VoWmj-GzwAAORtm8 QRt34QeNKWgliEI3qQjZpSCIJdikaF PK_Y7pmOI3gMDtNyNbk3FCFVZqRr_oAXkC

Remove flashplayerpro.exe - Powered by Reason Core Security