home

install_flashplayer.exe

The application install_flashplayer.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application.
MD5:
98b03d333ee725fbc3e8d662525de559

SHA-1:
1a96355c77095bbea4be90390c54f0f3bc793999

SHA-256:
e258184574dd71fb3f8ff238b8cb8857ab1b04e9932f2da9203faae5e39d3577

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:34:16 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/TrojanDownloader.Banload.WTT trojan
8.0.319.0

Reason Heuristics
PUP.Win.Reputation
16.2.18.13

File size:
1.1 MB (1,172,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\install_flashplayer.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:4WpDQB6fpHW5AjvG19xZ3ZYuEMIaMT3oximUYIEeTU+t7dre:4W6bDxZ3+wWfRTPtR

Entry address:
0xE5370

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 58, 4F, 4E, 00, E8, 73, 1C, F2, FF, 8B, 1D, 10, E9, 4E, 00, 8B, 03, E8, A6, 20, F8, FF, 8B, 03, C6, 40, 5B, 00, 8B, 0D, D0, EA, 4E, 00, 8B, 03, 8B, 15, B0, 2C, 49, 00, E8, A5, 20, F8, FF, 8B, 0D, 20, EB, 4E, 00, 8B, 03, 8B, 15, 60, 48, 4E, 00, E8, 92, 20, F8, FF, 8B, 0D, 9C, E8, 4E, 00, 8B, 03, 8B, 15, 00, 4C, 4E, 00, E8, 7F, 20, F8, FF, 8B, 03, E8, F8, 20, F8, FF, 5B, E8, EE, F2, F1, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
913 KB (934,912 bytes)

The file install_flashplayer.exe has been seen being distributed by the following 3 URLs.

http://[::ffff:36ac:aeba]/?GET=1

https://app.sugarsync.com/wf/D3941539_030_846199508/getfile/.../install_flashplayer.exe

http://54.172.174.186/?GET=1

Remove install_flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.