FLVUpdate.exe

AOE

The executable FLVUpdate.exe has been detected as malware by 28 anti-virus scanners. The file has been seen being downloaded from doc-0o-4s-docs.googleusercontent.com and multiple other hosts.
Publisher:
AOE

Product:
AOE

Version:
203

MD5:
0c2cc27c3dbc8de71460ede114446bf7

SHA-1:
c4b39c87d18d6965fd69d09ebdbb02146ced7b19

SHA-256:
d9df960f3d21c64c93fa314bf1f6099c48e6e3f327f635f572a485628d0affab

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
11/30/2024 10:45:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.95038
916

Agnitum Outpost
Trojan.Bepush
7.1.1

AhnLab V3 Security
Trojan/Win32.Blocker
2014.07.10

Avira AntiVirus
TR/Bepush.A.11
7.11.159.220

avast!
Win32:Malware-gen
2014.9-140803

AVG
Generic36
2015.0.3394

Baidu Antivirus
Trojan.Win32.Bepush
4.0.3.1483

Bitdefender
Gen:Variant.Zusy.95038
1.0.20.1075

Comodo Security
UnclassifiedMalware
18829

Emsisoft Anti-Malware
Gen:Variant.Zusy.95038
8.14.08.03.08

ESET NOD32
MSIL/Bepush
8.10073

Fortinet FortiGate
MSIL/Bepush.E!tr
8/3/2014

F-Secure
Gen:Variant.Zusy.95038
11.2014-03-08_1

G Data
Gen:Variant.Zusy.95038
14.8.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12672

Malwarebytes
Trojan.MSIL
v2014.08.03.08

McAfee
Artemis!0C2CC27C3DBC
5600.7050

Microsoft Security Essentials
Trojan:MSIL/Bepush.gen!A
1.10701

MicroWorld eScan
Gen:Variant.Zusy.95038
15.0.0.645

NANO AntiVirus
Trojan.Win32.Bepush.dbnfpy
0.28.0.60698

Norman
Suspicious_Gen5.ARDWZ
11.20140803

Panda Antivirus
Generic Malware
14.08.03.08

Qihoo 360 Security
Win32/Trojan.485
1.0.0.1015

Quick Heal
Trojan.Bepush.r3
8.14.14.00

Trend Micro House Call
TROJ_GEN.R0CBC0DFE14
7.2.215

Trend Micro
TROJ_GEN.R0CBC0DFE14
10.465.03

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
31140

File size:
51 KB (52,224 bytes)

Product version:
203

Copyright:
Copyright © 2014

Trademarks:
AOE

Original file name:
FLVUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\flvupdate.exe

File PE Metadata
Compilation timestamp:
6/10/2014 1:36:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:d9Ntb1ZXgkiPfWf0nYqNwHKrMZl5aH0iCPmkXW:3NGYZTaH0iCPmkXW

Entry address:
0xCC7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9626

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
43.5 KB (44,544 bytes)

The file FLVUpdate.exe has been seen being distributed by the following 5 URLs.

Remove FLVUpdate.exe - Powered by Reason Core Security