home

install_flashplayer.exe

The executable install_flashplayer.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from app.sugarsync.com.
MD5:
85e9e8c135da5bc8812f2ee1b702ed00

SHA-1:
3b6d36630f606a7fb2cb75a478833e46d545e7f7

SHA-256:
4b0c75486054c48aaf3b0d3a4922627b838e8a3556a3804904f36c35ab4175a8

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/15/2024 1:51:43 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160518-2

AVG
Win32/Parite
2015.0.4604

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
7.0.302.0

F-Prot
W32/Parite.B
4.6.5.141

McAfee
Trojan.Artemis!3D7054434059
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.225.81.0

Norman
Win32.Parite.B
28.05.2016 15:32:18

VIPRE Antivirus
Threat.46249
50308

File size:
695.5 KB (712,150 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\install_flashplayer.exe

File PE Metadata
Compilation timestamp:
5/21/2016 9:18:09 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:V1N7q5oB1COAVW07DgMvy0zphD7HbRG6DnS3XrPwGUNFcJObAQa11hHBq3qXV/55:Vn6oaOAoqPhlNLbRfnS3XrYGxJ11h03m

Entry address:
0x1CE000

Entry point:
90, 90, B9, EB, 49, 6B, 1B, 90, BA, 1C, E0, 5C, 00, BE, 98, 05, 00, 00, 90, 90, 31, 0C, 32, 90, 90, 4E, 83, EE, 03, 90, 75, F4, 03, 34, 6A, 1B, EB, 49, 6B, 1B, EB, 49, 2B, 1B, EB, 59, 6B, 1B, EB, 61, 63, 1B, 3D, 64, 63, 1B, EB, F9, 69, 1B, 14, B6, 94, E4, 7B, 88, 37, 1B, F9, 8A, 37, 1B, C9, 8A, 37, 1B, 7B, 5C, 63, 1B, FB, 8A, 77, 1B, CB, 8A, 77, 1B, 7B, 5C, 63, 1B, FB, 8A, 77, 1B, CB, 8A, 77, 1B, EB, 49, 6B, 1B, EB, 49, 6B, 1B, EB, 49, 6B, 1B, EB, 49, 6B, 1B, EB, 49, 6B, 1B, EB, 49, 6B, 1B, EB, 49, 6B, 1B...
 
[+]

Code size:
1.5 MB (1,535,488 bytes)

The file install_flashplayer.exe has been seen being distributed by the following URL.

https://app.sugarsync.com/wf/D3941539_030_951033488/getfile/.../install_flashplayer.exe

Remove install_flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.