install_flashplayer14x32_x66.exe

Bass Player

The executable install_flashplayer14x32_x66.exe has been detected as malware by 29 anti-virus scanners. The file has been seen being downloaded from www.hightail.com.
Product:
Bass Player

Version:
3, 0, 0, 0

MD5:
dfe83034f4c629ce1dd9dfab70311072

SHA-1:
d02920875099d5a74749039b939a5843422b7902

SHA-256:
bd6ab0c3d6e5c7204c635bafe774bf79eea56b915215815aa419e1634904d56d

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
12/25/2024 5:13:49 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.VB
7.1.1

AhnLab V3 Security
Trojan/Win32.Asprox
2015.10.27

Avira AntiVirus
TR/Crypt.cfi.7956
8.3.2.2

Arcabit
Trojan.Generic.DBFC39C
1.0.0.585

avast!
Win32:Malware-gen
2014.9-160803

AVG
MultiDropper_c
2017.0.2662

Baidu Antivirus
Trojan.Win32.VB
4.0.3.1683

Bitdefender
Trojan.Generic.12567452
1.0.20.1080

Comodo Security
UnclassifiedMalware
23476

Dr.Web
Trojan.Siggen6.31237
9.0.1.0216

Emsisoft Anti-Malware
Trojan.Generic.12567452
8.16.08.03.08

ESET NOD32
Win32/VB.RTN
10.12465

Fortinet FortiGate
W32/VB.CTXV!tr
8/3/2016

F-Prot
W32/Kilim.B.gen
v6.4.7.1.166

F-Secure
Trojan:W32/Bepush.B
11.2016-03-08_4

G Data
Trojan.Generic.12567452
16.8.25

IKARUS anti.virus
Trojan.Win32.VB
t3scan.1.9.5.0

K7 AntiVirus
P2PWorm
13.212.17646

Kaspersky
Trojan.Win32.VB
14.0.0.-194

Malwarebytes
Trojan.PasswordStealer.AHK
v2016.08.03.08

McAfee
RDN/Generic Dropper
5600.6318

Microsoft Security Essentials
Trojan:Win32/Kilim.gen!C
1.1.12205.0

MicroWorld eScan
Trojan.Generic.12567452
17.0.0.648

NANO AntiVirus
Trojan.Win32.VB.dsxifx
0.30.26.3947

nProtect
Trojan.Generic.12567452
15.10.26.01

Panda Antivirus
Trj/Genetic.gen
16.08.03.08

Quick Heal
Trojan.VB.r4
8.16.14.00

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
44820

File size:
490.3 KB (502,098 bytes)

Product version:
3, 0, 0, 0

Copyright:
Bass Player

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\install_flashplayer14x32_x66.exe

File PE Metadata
Compilation timestamp:
9/25/2009 8:57:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:vNIQAPGsAqY9IMVYd38sJdpQHl0lY8Kf43:oPGSY91VwNJcFiq43

Entry address:
0x42B4F

Entry point:
6A, 60, 68, 88, 1A, 46, 00, E8, AD, 5C, 01, 00, BF, 94, 00, 00, 00, 8B, C7, E8, E9, 56, 01, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 14, A2, 45, 00, 8B, 4E, 10, 89, 0D, A4, B4, 46, 00, 8B, 46, 04, A3, B0, B4, 46, 00, 8B, 56, 08, 89, 15, B4, B4, 46, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, A8, B4, 46, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, A8, B4, 46, 00, C1, E0, 08, 03, C2, A3, AC, B4, 46, 00, 33, F6, 56, 8B, 3D, 5C, A2, 45, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
6.6363

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
354 KB (362,496 bytes)

The file install_flashplayer14x32_x66.exe has been seen being distributed by the following URL.

Remove install_flashplayer14x32_x66.exe - Powered by Reason Core Security