install_flashplayer11x32_mssd_aih.exe

Max Setup

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application install_flashplayer11x32_mssd_aih.exe by Max Setup has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Max Setup  (signed and verified)

MD5:
dfb536305fb3b2dd0e88f624951be423

SHA-1:
818370cc4a4592a9aa5b1e8676851b996064c01b

SHA-256:
1e251990dbde04bbb1c6b45f964d3baae056589f16aab1f6d05498980944e16c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 4:14:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.7.15.21

File size:
660.9 KB (676,712 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\install_flashplayer11x32_mssd_aih.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/11/2014 1:00:00 AM

Valid to:
3/12/2015 12:59:59 AM

Subject:
CN=Max Setup, O=Max Setup, STREET=Lillienblam 28, L=Tel Aviv, S=Tel Aviv, PostalCode=651307, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008F6F1294DBB38F9F80A7A06DE489DF45

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:oIyvpntOQnqnj48Etl/PO8dKEBtLLiCPap4cG6V3MDH5XwF3:oIyvhARnM8Gl/PO8hB9LivG9Xwh

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file install_flashplayer11x32_mssd_aih.exe has been seen being distributed by the following URL.

Remove install_flashplayer11x32_mssd_aih.exe - Powered by Reason Core Security