flashplayerpro_setup.exe

File Monarch

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application flashplayerpro_setup.exe, “Fusion Install ” by File Monarch has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Fusion Install   (signed by File Monarch)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
1259a0df28cc729fda97a78a6051d9b1

SHA-1:
aa2b2bb9ac8904c534a5891a8d6fca46f1a99c48

SHA-256:
0f02b7e0dd5578f1bffd269f139596df02ad4b684c35e49dc7aabfb888d59bf7

Scanner detections:
13 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/28/2024 4:46:01 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/iBryte.bxop
7.11.171.10

avast!
Win32:PUP-gen [PUP]
140813-1

AVG
AdPlugin
2015.0.3360

Comodo Security
Application.Win32.AgentCV.HWYE
19435

Dr.Web
Trojan.DownLoader11.30892
9.0.1.05190

ESET NOD32
Win32/AdWare.iBryte.BG (variant)
8.10375

G Data
Win32.Adware.Ibryte
14.9.24

K7 AntiVirus
Unwanted-Program
13.183.13286

Kaspersky
not-a-virus:AdWare.Win32.iBryte
15.0.0.463

Malwarebytes
PUP.Optional.Ibryte
v2014.09.06.07

Reason Heuristics
PUP.Installer.FileMonarch.U
14.9.6.6

Sophos
Mal/Inject-CEE
4.98

VIPRE Antivirus
Threat.4778314
32210

File size:
264.4 KB (270,712 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayerpro_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/17/2014 5:00:00 PM

Valid to:
3/18/2015 4:59:59 PM

Subject:
CN=File Monarch, O=File Monarch, STREET="4600 Madison Ave., FL 10", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E65C750985B066CBB7B485ACF86E58B1

File PE Metadata
Compilation timestamp:
9/5/2014 2:00:17 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:/Tad7qFw2Vkt2TVOsNmEDke4HJViL/z37Fj7N1B39wGsloE:/TadW9kETDTDkbJqL3J7HgGsqE

Entry address:
0x15B2F

Entry point:
E8, BE, 05, 00, 00, E9, D7, FC, FF, FF, CC, FF, 25, 54, 81, 41, 00, 68, 99, 5B, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, D0, 41, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, DA, 56, 41, 00...
 
[+]

Entropy:
7.1488

Code size:
89.5 KB (91,648 bytes)

The file flashplayerpro_setup.exe has been seen being distributed by the following 4 URLs.

Remove flashplayerpro_setup.exe - Powered by Reason Core Security