install_flashplayer14x32_x64md_aaa_aih.exe

Apple Inc.

The executable install_flashplayer14x32_x64md_aaa_aih.exe, “Apple Inc. 9.1.2 Installation ” has been detected as malware by 18 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.videooizleyin.com.
Publisher:
Apple Inc.

Description:
Apple Inc. 9.1.2 Installation

Version:
9.1.2

MD5:
b1e7cf4e498168a2221d983c9772b93a

SHA-1:
7c8f7a3045095b1f41e0fa4a29c8389a8ab0cb84

SHA-256:
816f61527c808debdf42cc135136e9765d12b2fe49ba4c716ea9540576371c88

Scanner detections:
18 / 68

Status:
Malware

Analysis date:
11/23/2024 1:14:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12585790
252

Avira AntiVirus
TR/Crypt.cfi.besd
7.11.208.148

avast!
Win32:Dropper-gen [Drp]
2014.9-160528

Baidu Antivirus
Trojan.Win32.VB
4.0.3.16528

Bitdefender
Trojan.Generic.12585790
1.0.20.745

Dr.Web
Trojan.Siggen1.63828
9.0.1.0149

Emsisoft Anti-Malware
Trojan.Generic.12585790
8.16.05.28.02

ESET NOD32
Win32/VB.RTN
10.11140

Fortinet FortiGate
W32/ExtenBro.AK!tr
5/28/2016

F-Secure
Trojan.Generic.12585790
11.2016-28-05_7

G Data
Trojan.Generic.12585790
16.5.25

Kaspersky
Trojan.Win32.VB
14.0.0.144

Malwarebytes
Trojan.KBayi.FLA
v2016.05.28.02

MicroWorld eScan
Trojan.Generic.12585790
17.0.0.447

nProtect
Trojan.Generic.12585790
15.02.06.01

Panda Antivirus
Trj/CI.A
16.05.28.02

Quick Heal
TrojanDownloader.Murlo.clv.n3
5.16.14.00

Zillya! Antivirus
Trojan.VB.Win32.131371
2.0.0.2057

File size:
664.1 KB (680,059 bytes)

Copyright:
Apple Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\install_flashplayer14x32_x64md_aaa_aih.exe

File PE Metadata
Compilation timestamp:
9/25/2009 8:57:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:eNIQAPGsAqY9IMVYd38sJdpQHlGlY8KfTdb/l9TXQCI:TPGSY91VwNJcFMqTdbdVXlI

Entry address:
0x42B4F

Entry point:
6A, 60, 68, 88, 1A, 46, 00, E8, AD, 5C, 01, 00, BF, 94, 00, 00, 00, 8B, C7, E8, E9, 56, 01, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 14, A2, 45, 00, 8B, 4E, 10, 89, 0D, A4, B4, 46, 00, 8B, 46, 04, A3, B0, B4, 46, 00, 8B, 56, 08, 89, 15, B4, B4, 46, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, A8, B4, 46, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, A8, B4, 46, 00, C1, E0, 08, 03, C2, A3, AC, B4, 46, 00, 33, F6, 56, 8B, 3D, 5C, A2, 45, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
354 KB (362,496 bytes)

The file install_flashplayer14x32_x64md_aaa_aih.exe has been seen being distributed by the following URL.

Remove install_flashplayer14x32_x64md_aaa_aih.exe - Powered by Reason Core Security