home

flv_installer.exe

Guangzhou Shibei Information Technology Co., Ltd.

The application flv_installer.exe by Guangzhou Shibei Information Technology Co. has been detected as adware by 11 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.trackfiledownload.com.
Publisher:
Guangzhou Shibei Information Technology Co., Ltd.  (signed and verified)

MD5:
9a55b39f0d00bc692062c5ff7a3a2e82

SHA-1:
e8d00f4fd73964863fede25463593d0e4b98fc9f

SHA-256:
aa7c86d54d3924b962378cb2d9d40fbccf9570b5c338b453db44ac8b4a627f8e

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
11/15/2024 9:07:06 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-150918

AVG
Generic
2016.0.2983

ESET NOD32
Win32/SquareNet.A potentially unwanted application
9.7.0.302.0

G Data
Win32.Application.Bundler
15.9.24

herdProtect (fuzzy)
variant of flv_installer(1).exe (Adware)
2015.9.18.2

IKARUS anti.virus
PUA.SquareNet
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.181.12846

McAfee
PUP-FAU
5600.6639

Reason Heuristics
PUP.GuangzhouShibeiInformationTechnologyCo (M)
15.8.9.10

Sophos
Square Network Installer
4.98

VIPRE Antivirus
Threat.4150696
31208

File size:
1 MB (1,053,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flv_installer.exe

Digital Signature
Signed by:
Guangzhou Shibei Information Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
5/14/2014 8:00:00 PM

Valid to:
5/15/2015 7:59:59 PM

Subject:
CN="Guangzhou Shibei Information Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Guangzhou Shibei Information Technology Co., Ltd.", L=Guangzhou, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
730FCD851F607FC42ED72447D10ED84A

File PE Metadata
Compilation timestamp:
5/31/2014 9:52:48 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:v/V//jlulUrfzY5R0AK8hlBNAbC+t3dsynNPPTVWrYopiw:J/jks78hlBNAbL3dpPPTVoNiw

Entry address:
0xA1B8C

Entry point:
E8, 71, D4, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 57, 83, FB, 04, 72, 75, 8D, 7B, FC, 85, FF, 76, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 7D, FC, 72, C2, EB, 3F, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46...
 
[+]

Entropy:
6.4984

Code size:
752 KB (770,048 bytes)

The file flv_installer.exe has been seen being distributed by the following URL.

http://www.trackfiledownload.com/entry/.../exefile?ref=scpxi&site_id=2424026&CLICK_ID=nym1CPfu0J394Li3BRACGLrAocrniYqeYyIONjQuMjAzLjE5OS4xMjEoATDdw9KcBQ..

Remove flv_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.