FLVUpdate.exe

AOE

The executable FLVUpdate.exe has been detected as malware by 34 anti-virus scanners. The file has been seen being downloaded from canliizle.in.
Publisher:
AOE

Product:
AOE

Version:
773

MD5:
c51ca6d7d8158790d9244a40fa7c55b0

SHA-1:
38d1fe36bae99a8ad56d5686353763607d9d9565

SHA-256:
b5d68dfb74fc2954823349ce445e5ab624e2798a9d213ef002c71fdd4977b8a7

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
11/27/2024 8:54:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.IEC.856e41075b2
191

AegisLab AV Signature
Troj.Ransom.W32.Blocker.erqe!c
2.1.4+

Agnitum Outpost
Trojan.Blocker
7.1.1

AhnLab V3 Security
Trojan/Win32.Blocker.N1186310646
3.7.4.14

Avira AntiVirus
TR/Strictor.48995.5
8.3.3.4

avast!
Win32:Dropper-NYB [Drp]
2014.9-160727

AVG
Generic36
2017.0.2669

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16727

Bitdefender
Gen:Trojan.Heur.IEC.856e41075b2
1.0.20.1045

Comodo Security
UnclassifiedMalware
25351

Dr.Web
Trojan.DownLoader11.13969
9.0.1.0209

Emsisoft Anti-Malware
Gen:Trojan.Heur.IEC.856e41075b2
8.16.07.27.04

ESET NOD32
MSIL/Bepush (variant)
10.13721

Fortinet FortiGate
MSIL/Bepush.E!tr
7/27/2016

F-Secure
Gen:Trojan.Heur.IEC.856e41075b2
11.2016-27-07_4

G Data
Gen:Trojan.Heur.IEC.856e41075b2
16.7.25

IKARUS anti.virus
Trojan.MSIL.Bepush
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.231.20070

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-158

Malwarebytes
Trojan.Injector.MSIL
v2016.07.27.04

McAfee
RDN/Generic.tfr!dz
5600.6325

Microsoft Security Essentials
Trojan:MSIL/Bepush.gen!A
1.1.12805.0

MicroWorld eScan
Gen:Trojan.Heur.IEC.856e41075b2
17.0.0.627

NANO AntiVirus
Trojan.Win32.Blocker.datgwn
1.0.38.8984

nProtect
Trojan/W32.Blocker.206848.E
16.06.28.01

Panda Antivirus
Trj/CI.A
16.07.27.04

Qihoo 360 Security
Win32/Trojan.1e6
1.0.0.1120

Quick Heal
TrojanRansom.Blocker.r3
7.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.35FJ14
7.2.209

Trend Micro
TROJ_SPNR.35FJ14
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
50456

ViRobot
Trojan.Win32.S.Agent.206848.AE[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Blocker.Win32.19004
2.0.0.2932

File size:
202 KB (206,848 bytes)

Product version:
773

Copyright:
Copyright © 2014

Trademarks:
AOE

Original file name:
FLVUpdate.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flvupdate.exe

File PE Metadata
Compilation timestamp:
5/23/2014 6:45:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:rkocNolZTaH0tw3HmXOwJNVoUZTaH0t71HmiOwFN07ZTaH0taYHmxqAFNCoZTaHL:sNMa1yNzawFNSaYUNnaZ

Entry address:
0x329FA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 03, 00, 00, 00, 28, 00, 00, 80, 0E, 00, 00, 00, A0, 15, 00, 80, 10, 00, 00, 00, FE, 15, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 02, 00, 00, 00, 48, 00, 00, 80, 03, 00, 00, 00, 14, 11, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 60, 00, 00, 00, 6C, 40, 03, 00, A8, 10, 00, 00, 00, 00, 00, 00, 28, 00, 00, 00, 20, 00, 00, 00, 40, 00, 00, 00, 01, 00...
 
[+]

Entropy:
5.9904

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
194.5 KB (199,168 bytes)

The file FLVUpdate.exe has been seen being distributed by the following URL.

Remove FLVUpdate.exe - Powered by Reason Core Security