home

install_flashplayer32_ssh_xxe.exe

The executable install_flashplayer32_ssh_xxe.exe has been detected as malware by 19 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-14-7k-docs.googleusercontent.com and multiple other hosts.
MD5:
03a10031d139f2a047070d022ad84ce4

SHA-1:
7e3a423e6c3a6da9c0de5b910d72bba1d42e8d07

SHA-256:
4b9eb6b30e46791db462acf9cadae247bbd3c839c84415aa8b4cdcdf6725b8be

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
4/24/2025 11:48:08 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11565089
697

Avira AntiVirus
TR/Drop.Agent.244224
7.11.164.52

avast!
Win32:Dropper-gen [Drp]
140617-1

Baidu Antivirus
Trojan.Win32.Banker
4.0.3.15310

Bitdefender
Trojan.Generic.11565089
1.0.20.345

Emsisoft Anti-Malware
Trojan.Generic.11565089
8.15.03.10.03

Fortinet FortiGate
W32/Banker.TFFD!tr
3/10/2015

F-Secure
Trojan.Generic.11565089
11.2015-10-03_3

G Data
Trojan.Generic.11565089
15.3.24

IKARUS anti.virus
Trojan-Banker.Win32.Banker
t3scan.1.6.1.0

Kaspersky
Trojan-Banker.Win32.Banker
14.0.0.2369

McAfee
Artemis!03A10031D139
5600.6831

MicroWorld eScan
Trojan.Generic.11565089
16.0.0.207

Norman
Suspicious_Gen4.GUZHD
11.20150310

nProtect
Trojan.Generic.11565089
14.07.27.01

Panda Antivirus
Trj/Genetic.gen
14.07.20.05

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0720
7.2.69

VIPRE Antivirus
Trojan.Win32.Generic
31662

File size:
238.5 KB (244,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\install_flashplayer32_ssh_xxe.exe

File PE Metadata
Compilation timestamp:
7/19/2014 2:38:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:1p+lzo6ScCSJ+fzfXqFLigf3ssiv4HZhmh+OFeG/rAY5GD:1pd6ShSJ+b6FugvjiQBgvsYI

Entry address:
0xA40D0

Entry point:
60, BE, 00, A0, 46, 00, 8D, BE, 00, 70, F9, FF, C7, 87, 98, 37, 08, 00, B0, 53, A3, 81, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
236 KB (241,664 bytes)

The file install_flashplayer32_ssh_xxe.exe has been seen being distributed by the following 2 URLs.

https://doc-14-7k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q4jhdtfv3gi54laqnt4dal3kuhtkdro3/1405792800000/14130965031576767322/.../0B-RKJRnOL-SmUVMtV3RtcFFhTnc?h=16653014193614665626&e=download

https://doc-0s-2s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ogqair3lh26j9ktma2l6ha9qcau1u445/1405879200000/06880553017299699329/.../0B0D-ceQnE6NUQXZHWWJLQkhXUkU?h=16653014193614665626&e=download

Remove install_flashplayer32_ssh_xxe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.