» flashplayerpro_Setup.exe
Overview
Analysis
File Details
Downloads (1)

flashplayerpro_Setup.exe

Build Input

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application flashplayerpro_Setup.exe, “Fusion Install ” by Build Input has been detected as adware by 40 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

Fusion Install (signed by Build Input)

Product:

Fusion Install

Description:

Fusion Install

Version:

2.4.8.1

MD5:

1602f6e59a5de92a830b02c4770aa2b7

SHA-1:

93bd82f919166fe1991ab84190912eac638a1054

SHA-256:

1cb73186836821daff4676e76bdeb38b831d8abec9d54aa5be179730b2b10af7

Scanner detections:

40 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/28/2024 2:38:44 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1618449

905

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.IBryte

2014.08.14

Avira AntiVirus

TR/Click.Clikug.A.34

7.11.142.94

avast!

Adware-gen [Adw]

2014.9-140814

AVG

Clicker

2015.0.3383

Baidu Antivirus

Trojan.Win32.Clikug

4.0.3.14814

Bitdefender

Trojan.GenericKD.1618449

1.0.20.1130

Clam AntiVirus

Win.Adware.Ibryte-592

0.98/19086

Comodo Security

Application.Win32.iBryte.WRP

18251

Dr.Web

Trojan.Click3.5306

9.0.1.0226

Emsisoft Anti-Malware

Trojan.GenericKD.1618449

8.14.08.14.02

ESET NOD32

Win32/GigaClicks.AD (variant)

8.9734

Fortinet FortiGate

W32/Malware_fam.NB

8/14/2014

F-Prot

W32/A-c255719d

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1618449

11.2014-14-08_5

G Data

Trojan.GenericKD.1618449

14.8.24

herdProtect (fuzzy)

variant of c48ec794ca74bd00b4a5a90ede3eb0c5.exe (Adware)

2014.10.28.10

IKARUS anti.virus

Trojan-Clicker.BFNI

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.176.11711

Kaspersky

Trojan-Clicker.Win32.Agent

14.0.0.3409

Malwarebytes

PUP.Optional.GigaClicks.A

v2014.08.14.02

McAfee

Artemis!0FF2B0F7AD04

5600.7039

Microsoft Security Essentials

TrojanClicker:Win32/Clikug.A

1.10401

MicroWorld eScan

Trojan.GenericKD.1618449

15.0.0.678

NANO AntiVirus

Trojan.Win32.Adpeak.cumkpw

0.28.0.59826

Norman

IBryte.PDB

11.20140825

nProtect

Trojan.GenericKD.1618449

14.04.10.01

Panda Antivirus

Suspicious file

14.08.14.02

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Quick Heal

(Suspicious) - DNAScan

8.14.12.00

Reason Heuristics

PUP.Installer.BuildInput.U

14.8.25.1

Rising Antivirus

PE:Malware.iBryte!6.192B

23.00.65.14823

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

PUP.OptimumInstaller/Variant

10401

Trend Micro House Call

TROJ_CLIKUG.A

7.2.226

Trend Micro

TROJ_CLIKUG.A

10.465.14

Vba32 AntiVirus

AdWare.iBryte

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Clicker

28188

Zillya! Antivirus

Adware.iBryte.Win32.854

2.0.0.1790

File size:

132.4 KB (135,544 bytes)

Product version:

2.4.8.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion (using Nullsoft Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\flashplayerpro_setup.exe

Digital Signature

Signed by:

Build Input

Authority:

COMODO CA Limited

Valid from:

3/23/2014 5:00:00 PM

Valid to:

3/24/2015 4:59:59 PM

Subject:

CN=Build Input, O=Build Input, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0093C151407610A7B56F799C03CB8D955D

File PE Metadata

Compilation timestamp:

5/11/2014 1:04:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:g+0YBsBE3ain2Q5xq10DZYzI1wHCrbrZqr1L0wVQMw3zEfkdLav:gjnBTi2CRDZYzIq6blqr1PQMw32kO

Entry address:

0x322E

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 58, AF, 47, 00, E8, 9F, 2E, 00, 00, A3, A4, AE, 47, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, B8, 01, 44, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, A0, 2E, 47, 00, E8, 0A, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, B0, 4C, 00, 50, 53, E8, F8, 2A, 00, 00... 
[+]

Entropy:

4.9724

Packer / compiler:

Nullsoft install system v2.x

Code size:

24.5 KB (25,088 bytes)

The file flashplayerpro_Setup.exe has been seen being distributed by the following URL.

http://downloadsinstant.com/.../flashplayerpro?source=marimedia_lightspark-us-ddl-cpa&creative_id=player &adprovider=marimedia&ce_cid=nym1CM-IsI2nip_bRxACGM_hx5_PloHdHCINNzIuMjQxLjIwNy4xMCgBMI2ooJ4F

Remove flashplayerpro_Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.