home

install_flashplayer11x32_mssa_aaa_aih.exe

The application install_flashplayer11x32_mssa_aaa_aih.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from hulkkmelimurp.were.me.
Version:
1.0.0.0

MD5:
45586179420f0b85bbddb6de33899442

SHA-1:
0a00cfc5bb88f6af537cb23b8dce6750f4e377d9

SHA-256:
7fc6fb02615c073d04d2b9740679fe21b7c10698950f0f1145391971a817c824

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 12:55:56 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:InstallMonstr-DK [PUP]
160215-2

Dr.Web
Trojan.InstallMonster.47
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Zusy.79454
10.0.0.5366

ESET NOD32
Win32/InstallMonstr.AY potentially unwanted application
8.0.319.0

F-Secure
Variant.Zusy.79454
5.15.21

Norman
Gen:Variant.Zusy.79454
17.02.2016 05:18:35

VIPRE Antivirus
Threat.4150696
47028

File size:
4.8 MB (5,059,910 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\install_flashplayer11x32_mssa_aaa_aih.exe

File PE Metadata
Compilation timestamp:
1/9/2014 4:56:16 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:4obZhGHyf5Jc5iSNCAgxhI7/Myu0ysgDBuu6m4qBfTtuWP1TTgt+7j4X4gPsbICu:4oFhGHyfh3rymXDIlqi2XgtvPd

Entry address:
0x3DE4D8

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 90, F5, 7C, 00, E8, 87, 06, C3, FF, A1, F0, 83, 7F, 00, 8B, 00, E8, 1F, C9, DF, FF, A1, F0, 83, 7F, 00, 8B, 00, B2, 01, E8, 55, E6, DF, FF, BB, 65, 00, 00, 00, E8, 63, 41, C3, FF, 4B, 75, F8, 8B, 0D, 3C, 7D, 7F, 00, A1, F0, 83, 7F, 00, 8B, 00, 8B, 15, BC, 0B, 7C, 00, E8, 04, C9, DF, FF, A1, F0, 83, 7F, 00, 8B, 00, E8, 5C, CA, DF, FF, 5B, E8, 36, AD, C2, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.9 MB (4,048,896 bytes)

The file install_flashplayer11x32_mssa_aaa_aih.exe has been seen being distributed by the following URL.

http://hulkkmelimurp.were.me/.../?j=c2lkPTQ0NzUmdXJsPWh0dHAlM0ElMkYlMkZhaWhkb3dubG9hZC5hZG9iZS5jb20lMkZiaW4lMkZsaXZlJTJGaW5zdGFsbF9mbGFzaHBsYXllcjExeDMyX21zc2FfYWFhX2FpaC5leGUmbmFtZT1pbnN0YWxsX2ZsYXNocGxheWVyMTF4MzJfbXNzYV9hYWFfYWloLmV4ZSZ0eXBlPWRpc2smc2l6ZT02MjkxNDU2

Remove install_flashplayer11x32_mssa_aaa_aih.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.