flashplayersetup__6595_i592230589_il7.exe

The executable flashplayersetup__6595_i592230589_il7.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Amonetize Downloader installer, however the file is not signed with an authenticode signature from a trusted source. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from www.holddownload.com.
Version:
1.1.5.89

MD5:
a39173467af374e4f5acb531f58527b4

SHA-1:
7071973eb3e1710a394ee4002533ad214496cc35

Scanner detections:
1 / 68

Status:
Malware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 12:59:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.5.10.19

File size:
342.5 KB (350,720 bytes)

Product version:
1.1.5.89

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\documents and settings\baja\mes documents\downloads\flashplayersetup__6595_i592230589_il7.exe

File PE Metadata
Compilation timestamp:
4/23/2014 10:01:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:bCjt7F9pvUdJRoKR7BDkcW4fvmeCaZQYSagt2cbJxmyxLSmBZwnVN0:bCR7F9pUdXoKRFDkfxaM2cbXmyrBOnz0

Entry address:
0x29971

Entry point:
E8, C6, 97, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F...
 
[+]

Code size:
244 KB (249,856 bytes)

The file flashplayersetup__6595_i592230589_il7.exe has been seen being distributed by the following URL.

Remove flashplayersetup__6595_i592230589_il7.exe - Powered by Reason Core Security