home

flvblaster.exe

Pinball Corporation.

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application flvblaster.exe by Pinball has been detected as adware by 36 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from origin-ics.hotbar.com.
Publisher:
Pinball Corporation.  (signed and verified)

Description:
Installer

Version:
2.0.305.0

MD5:
f771942d1c47084133a2e6c064374828

SHA-1:
e77d43f2313db7eeaf94d037ae1975adb9de2749

SHA-256:
351659a090c2d19a233c9518d7a0ac790328148c802249f0ef227e23c52b5477

Scanner detections:
36 / 68

Status:
Adware

Analysis date:
12/27/2024 10:28:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Hotbar.1
793

Agnitum Outpost
Adware.Rugo.Gen.5
7.1.1

AhnLab V3 Security
Adware/Win32.Hotbar
2014.12.04

Avira AntiVirus
ADSPY/AdSpy.Gen2
7.11.30.172

avast!
Win32:HotBar-CJ [PUP]
141130-1

AVG
Adware Skodna.Generic_r.N
2014.0.4189

Bitdefender
Gen:Variant.Adware.Hotbar.1
1.0.20.1685

Clam AntiVirus
Suspect.W32.AdInstall.PBCXP
0.98/19719

Comodo Security
ApplicUnwnt.Win32.AdWare.Hotbar.F
20277

Dr.Web
Adware.Hotbar.700
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Hotbar
9.0.0.4668

ESET NOD32
Win32/Adware.HotBar.H application
7.0.302.0

Fortinet FortiGate
Riskware/Zango
12/3/2014

F-Prot
W32/HotBar.L.gen
4.6.5.141

F-Secure
Gen:Variant.Adware.Hotbar.1
11.2014-03-12_4

G Data
Gen:Variant.Adware.Hotbar
14.12.24

IKARUS anti.virus
not-a-virus:WebToolbar.Win32
t3scan.1.8.5.0

K7 AntiVirus
Adware
13.186.14225

Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
15.0.0.543

Malwarebytes
Adware.Hotbar
v2014.12.03.11

McAfee
Adware-HotBar.f
5600.6927

Microsoft Security Essentials
Threat.Undefined
1.189.1270.0

MicroWorld eScan
Gen:Variant.Adware.Hotbar.1
15.0.0.1011

NANO AntiVirus
Riskware.Win32.Zango.rafhl
0.28.6.63850

Norman
Gen:Variant.Adware.Hotbar.1
03.12.2014 19:18:07

Qihoo 360 Security
Malware.QVM11.Gen
1.0.0.1015

Quick Heal
Adware.Rugo.A
12.14.14.00

Reason Heuristics
PUP.Installer.PinballCorporation.K
14.12.3.23

Rising Antivirus
PE:Trojan.DL.Win32.Fednu.fg!1075351171
23.00.65.141201

Sophos
ClickPotato Installer
4.98

Total Defense
Win32/Zango.Pinball[HOTBAR]
37.0.11313

Trend Micro House Call
HeurSpy_Zango-3
7.2.337

Trend Micro
HeurSpy_Zango-3
10.465.03

Vba32 AntiVirus
Adware.Hotbar.1
3.12.26.3

VIPRE Antivirus
Threat.4672643
35224

Zillya! Antivirus
Adware.HotBar.Win32.362
2.0.0.1998

File size:
205.6 KB (210,584 bytes)

Product version:
2.0.305.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flvblaster.exe

Digital Signature
Signed by:
Pinball Corporation.

Authority:
VeriSign, Inc.

Valid from:
3/31/2011 8:00:00 PM

Valid to:
5/19/2013 7:59:59 PM

Subject:
CN=Pinball Corporation., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Pinball Corporation., L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22E49C51DCD71B05713AAF786582D135

File PE Metadata
Compilation timestamp:
5/24/2011 8:14:37 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:zxSG6JufSm3qBJmiDuVIXnRrQjoILywfOyo7/IyHLrjcE7Nb1opW1c9X:dqWSmaBkiDmJoILdGyo7/IyHjN7NbTSX

Entry address:
0x72240

Entry point:
60, BE, 00, 20, 44, 00, 8D, BE, 00, F0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8807

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
196 KB (200,704 bytes)

The file flvblaster.exe has been seen being distributed by the following URL.

http://origin-ics.hotbar.com/IC/GPLHBLite49/17730/2/.../FLVBlaster.exe

Remove flvblaster.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.