flashplayersetup__7343_i587381635_il7.exe

The application flashplayersetup__7343_i587381635_il7.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from ams1.ib.adnxs.com.
MD5:
124d2723dc2bd7aa337ed9af11ab103c

SHA-1:
808eb1b61cee8eb2e9b988a9bc7e482d709b32f6

SHA-256:
0fc534d3862de69aabf1806be42e69bf11257cecf2dfd1677fa5d1fa35746e60

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:44:41 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Amonetize-AM [PUP]
160708-3

AVG
Adware Generic_r.JX
2015.0.4604

Reason Heuristics
Adware.Amonetize.AT (M)
16.7.13.12

File size:
327.9 KB (335,780 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flashplayersetup__7343_i587381635_il7.exe

File PE Metadata
Compilation timestamp:
4/22/2014 4:02:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Zu8c1COmFuh0MZOPOqcBzp1WbqueSHnY52LtakP+bIZ559LD/BZA1:Zu8c1CO8uh/OPOqUzpCs2p7P+bIZ9BC

Entry address:
0x29C01

Entry point:
C6, 02, 56, E8, 6B, 7F, 00, 00, 59, 59, 85, C0, 0F, 84, 55, 02, 00, 00, 83, 7D, 18, 00, 0F, 94, C1, FE, C9, 80, E1, E0, 80, C1, 70, 88, 08, C6, 40, 03, 00, E9, 3B, 02, 00, 00, 25, 00, 00, 00, 80, 33, C9, 0B, C8, 74, 04, C6, 06, 2D, 46, 8B, 5D, 18, 85, DB, 0F, 94, C0, FE, C8, 24, E0, 04, 78, F7, DB, 1B, DB, C6, 06, 30, 88, 46, 01, 8B, 4F, 04, 83, E3, E0, 81, E1, 00, 00, F0, 7F, 33, C0, 83, C3, 27, 33, D2, 0B, C1, 75, 24, C6, 46, 02, 30, 8B, 4F, 04, 8B, 07, 81, E1, FF, FF, 0F, 00, 83, C6, 03, 0B, C1, 75, 05...
 
[+]

Code size:
245 KB (250,880 bytes)

The file flashplayersetup__7343_i587381635_il7.exe has been seen being distributed by the following URL.

Remove flashplayersetup__7343_i587381635_il7.exe - Powered by Reason Core Security