flashvideoplayer-186380241.exe

Outbox

Bicoastal Interactive

The application flashvideoplayer-186380241.exe by Bicoastal Interactive has been detected as a potentially unwanted program by 26 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. While running, it connects to the Internet address host-213.158.175.73.tedata.net on port 80 using the HTTP protocol.
Publisher:
Bicoastal Interactive  (signed and verified)

Product:
Outbox

Version:
1.15.146.711

MD5:
a80cd71af8151da7ffee7df600df8470

SHA-1:
a411fe6c0a8bf31e256d2cf1bfbb1b590183de10

SHA-256:
f4434ef36163543e302680e280b9abb5955b90789eb8085cad06b4e136358d5b

Scanner detections:
26 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:39:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DownloadAdmin.AM
-34

AhnLab V3 Security
PUP/Win32.Downloader.C1758492
3.8.3.16

Avira AntiVirus
TR/Dldr.Small.bryyo
8.3.3.4

Arcabit
Application.Bundler.DownloadAdmin.AM
1.0.0.798

avast!
Win32:Malware-gen
2014.9-170310

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17310

Bitdefender
Application.Bundler.DownloadAdmin.AM
1.0.20.345

Bkav FE
W32.HfsAdware
1.3.0.8876

Dr.Web
Trojan.Siggen7.10262
9.0.1.069

Emsisoft Anti-Malware
Application.AdLoad
8.17.03.10.04

ESET NOD32
Win32/DownloadAdmin.AA.gen potentially unwanted (variant)
11.15063

F-Secure
Application.Bundler.DownloadAdmin
11.2017-10-03_6

G Data
Application.Bundler.DownloadAdmin.AM
17.3.A:25.11099B:25.9046

IKARUS anti.virus
PUA.DownloadAdmin.Aa
0.2.1.2

K7 AntiVirus
Adware
13.10.4.22672

Malwarebytes
PUP.Optional.DownLoadAdmin
v2017.03.10.04

MicroWorld eScan
Application.Bundler.DownloadAdmin.AM
18.0.0.207

NANO AntiVirus
Trojan.Win32.Small.elgpta
1.0.70.15657

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
1.0.0.1120

Quick Heal
Trojan.IGENERIC
3.17.14.00

Reason Heuristics
PUP.DownloadAdmin (M)
17.3.10.4

Rising Antivirus
Malware.Generic.5!tfe (thunder:5:Ze6WuuhHFTL)
23.00.65.17308

SUPERAntiSpyware
PUP.DownloadAdmin/Variant
8545

Vba32 AntiVirus
Signed-Downware.DownloadAdmin
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
56532

Zillya! Antivirus
Downloader.DownloAdminCRTD.Win32.10446
2.0.0.3228

File size:
124.3 KB (127,256 bytes)

Product version:
6.12.42.799

Copyright:
Copyright (C) 2015 Tabletpenservicehelperclass Latencyaverageweight

Original file name:
Launchuseroobe.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashvideoplayer-186380241.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
5/19/2016 2:50:40 PM

Valid to:
5/19/2017 2:50:40 PM

Subject:
CN=Bicoastal Interactive, O=Bicoastal Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0096C56AE03C38A570

File PE Metadata
Compilation timestamp:
12/1/2016 3:47:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x76AD

Entry point:
E8, BE, 36, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, EC, D4, 41, 00, FF, 15, 10, 51, 41, 00, 85, C0, 75, 18, 56, E8, 0E, 10, 00, 00, 8B, F0, FF, 15, FC, 50, 41, 00, 50, E8, 13, 10, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, CC, C8, 41, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, C3, 3D, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, B7, 3D, 00, 00, 8D, 85, E0, FC...
 
[+]

Entropy:
6.5301

Code size:
76.5 KB (78,336 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-6-18-250.compute-1.amazonaws.com  (52.6.18.250:80)

TCP (HTTP):
Connects to host-213.158.175.90.tedata.net  (213.158.175.90:80)

TCP (HTTP):
Connects to host-213.158.175.73.tedata.net  (213.158.175.73:80)

Remove flashvideoplayer-186380241.exe - Powered by Reason Core Security