flvplayer_v3.exe

The application flvplayer_v3.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vidsafehaven.com.
MD5:
b3b4ab24da09141beb14f316ca51d21a

SHA-1:
3260c4f000f4d286e601054027eea6180c677783

SHA-256:
ea2ccfc44d37b59c45af7e4d853ff1e6133a31f793c87772225d92c4b893e213

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 3:38:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.453573
951

Agnitum Outpost
Adware.Generic
7.1.1

AhnLab V3 Security
PUP/Win32.InstallCore
14.06.29

Avira AntiVirus
APPL/Downloader.Gen6
7.11.149.28

AVG
AdInstaller.InstallC
2015.0.3429

Bitdefender
Adware.Generic.453573
1.0.20.900

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
Application.Win32.ClickRun.I
18259

Dr.Web
Adware.InstallCore.80
9.0.1.0180

Emsisoft Anti-Malware
Adware.Generic.453573
8.14.06.29.10

ESET NOD32
Win32/InstallCore.AZ (variant)
8.9787

F-Prot
W32/InstallCore.W.gen
v6.4.7.1.166

F-Secure
Adware.Generic.453573
11.2014-29-06_1

G Data
Adware.Generic.453573
14.6.24

MicroWorld eScan
Adware.Generic.453573
15.0.0.540

NANO AntiVirus
Trojan.Win32.InstallCore.csewdg
0.28.0.59608

Panda Antivirus
PUP/MultiToolbar.A
14.06.29.10

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.1.0

Rising Antivirus
PE:Trojan.Win32.Generic.13E9BD3C!334085436
23.00.65.14627

VIPRE Antivirus
Click run software
29118

File size:
1.9 MB (2,035,984 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flvplayer_v3.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:7JcEdz30ywug8a9tVwBGdZAXiWqGG/wXy:7JcER30ywN8CtV8Gda+ey

Entry address:
0xD5BB0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 5C, 56, 40, 00, E8, 94, F8, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
866 KB (886,784 bytes)

The file flvplayer_v3.exe has been seen being distributed by the following URL.

Remove flvplayer_v3.exe - Powered by Reason Core Security