flashplayersetup__4026_i541046404_il3022.exe

The executable flashplayersetup__4026_i541046404_il3022.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Amonetize Downloader installer, however the file is not signed with an authenticode signature from a trusted source. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from www.installpath.com.
Version:
1.1.5.55

MD5:
6babfde01be93cf94df4d0ae4c4ea7db

SHA-1:
2f94a78a567d801f5349d098f503204d2c4a1314

SHA-256:
63ad003e6e7a9732308ceaae24673b903a7f94a94299881b24fa39ebfa3c4625

Scanner detections:
1 / 68

Status:
Malware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 2:19:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.2.6.7

File size:
342.5 KB (350,720 bytes)

Product version:
1.1.5.55

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayersetup__4026_i541046404_il3022.exe

File PE Metadata
Compilation timestamp:
4/7/2014 9:04:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:WVRsqRPnA5Ep7TyTlE2BMKOApmXegeLOgYFBUmohqwDYSLr1+BZ4aG:WVRsqRY5E1yTlEWMK2zpBbohqwMXBOh

Entry address:
0x298C1

Entry point:
E8, C6, 97, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F...
 
[+]

Code size:
244 KB (249,856 bytes)

The file flashplayersetup__4026_i541046404_il3022.exe has been seen being distributed by the following URL.

Remove flashplayersetup__4026_i541046404_il3022.exe - Powered by Reason Core Security