» installer_adobe_flash_player_arabe.exe
Overview
Analysis
File Details
Downloads (12)

installer_adobe_flash_player_arabe.exe

The executable installer_adobe_flash_player_arabe.exe has been detected as malware by 40 anti-virus scanners. The file has been seen being downloaded from d.kgroot.com and multiple other hosts.

File name:

MD5:

e4823e56ab3f91336eb85d304f83006f

SHA-1:

f0b908597027c75ef6f80c9e6eb1f664812d60c9

SHA-256:

af9bf0611e2d6da694ad5665172cec600c671c2eff10e0b5c0290e653409c254

Scanner detections:

40 / 68

Status:

Malware

Analysis date:

11/24/2024 1:43:24 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.8698094

613

Agnitum Outpost

Trojan.KillFiles

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2014.10.24

Avira AntiVirus

W32/Delf

7.11.180.228

avast!

Win32:Delf-TJJ [Trj]

2014.9-150601

AVG

Delf

2016.0.3091

Baidu Antivirus

Trojan.Win32.KillFiles

4.0.3.1561

Bitdefender

Trojan.Generic.8698094

1.0.20.760

Bkav FE

W32.OnGameERALXAAC.Trojan

1.3.0.4959

Clam AntiVirus

Win.Trojan.Delf-1715

0.98/21411

Comodo Security

TrojWare.Win32.Agent.QJF

19887

Dr.Web

Win32.HLLC.Shortcut.origin

9.0.1.0152

Emsisoft Anti-Malware

Trojan.Generic.8698094

8.15.06.01.07

ESET NOD32

Win32/Delf.QJF

9.10611

Fortinet FortiGate

W32/Renamer.BQT!tr

6/1/2015

F-Prot

W32/Delf.CH.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.8698094

11.2015-01-06_2

G Data

Trojan.Generic.8698094

15.6.24

IKARUS anti.virus

Trojan-Dropper.Delf

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.184.13741

Kaspersky

Trojan.Win32.KillFiles

14.0.0.1951

Malwarebytes

Trojan.Agent.Ok

v2015.06.01.07

McAfee

Generic-FAEK!E4823E56AB3F

5600.6747

Microsoft Security Essentials

Trojan:Win32/Soriam.A

1.11104

MicroWorld eScan

Trojan.Generic.8698094

16.0.0.456

NANO AntiVirus

Trojan.Win32.KillFiles.bbxzum

0.28.2.62841

Norman

Renamer.M

11.20150601

nProtect

Worm/W32.FileInfector.533504

14.10.23.01

Qihoo 360 Security

Win32/Trojan.c0d

1.0.0.1015

Quick Heal

W32.Soriam.A

6.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.128FC499!311411865

23.00.65.15530

Sophos

W32/Renamer-K

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Delf

9839

Total Defense

Win32/Tapi.C

37.0.11245

Trend Micro House Call

TROJ_AGENT_011979.TOMB

7.2.152

Trend Micro

TROJ_AGENT_011979.TOMB

10.465.01

Vba32 AntiVirus

Trojan.KillFiles

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

34194

ViRobot

Trojan.Win32.A.KillFiles.533504.AU

2011.4.7.4223

Zillya! Antivirus

Trojan.KillFiles.Win32.1581

2.0.0.1966

File size:

521 KB (533,504 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\installer_adobe_flash_player_arabe.exe

File PE Metadata

Compilation timestamp:

8/19/2011 8:46:25 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:QL8ozML5h8Sxm1IzGUG+v2+7g7QYvwf4gzv4gg+:aAf8Sxm1ISUZv2+CLvwBj0+

Entry address:

0x71814

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, C0, 0C, 47, 00, E8, 43, 5A, F9, FF, 8B, 1D, 30, 43, 47, 00, 8B, 03, E8, C2, 6F, FE, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, B2, 01, E8, F7, 8C, FE, FF, 8B, 0D, 5C, 42, 47, 00, 8B, 03, 8B, 15, 8C, 09, 47, 00, E8, B8, 6F, FE, FF, 8B, 0D, 68, 43, 47, 00, 8B, 03, 8B, 15, 48, 04, 47, 00, E8, A5, 6F, FE, FF, 8B, 03, E8, 1E, 70, FE, FF, 5B, E8, C0, 38, F9, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5944

Developed / compiled with:

Microsoft Visual C++

Code size:

450.5 KB (461,312 bytes)

The file installer_adobe_flash_player_arabe.exe has been seen being distributed by the following 12 URLs.

http://d.kgroot.com/android_root.exe

https://dw.uptodown.com/dwn/H1FmvuzlsatHnKv-ixNXOqCmWl92ad-JbW0ofMySoTWwiUahS2v_PjH_yx3PaO0TNbU8PaSwWVncjyUKFMSsWnyRGtOlSNf6vDFqhiM9aqYePEJI1DAk4Kr3oJ66q0B3/8jS1bTxNciBSLIbsKei9DPyaqd8uhoc_lPunLP37mXS7-lGFq0-VkbtAgVmhNblhI1vxmy_8twLUO0uW4fsZSotKcEjdErStA1mBhX8Wbpd5s1a38xrmHzFv990ToGkL/CeDqFLIgbYr5oVcLcg60TIDNrQvXUt-a3e1R3WqjlTHAP-hiJktM1ca99FcWWMzeWtaUzZQAoe2D6LuHqMTfrRCT-uswwEx3dc01zeI4cQqZCi22m5V45WEbmzLoWUpM/.../

http://fs40.filehippo.com/7129/.../nLite-1.4.9.2.setup.exe

http://download.avs4you.com/.../AVSAudioConverter.exe

http://www.presentfuncontent.com/wvvjiNRiPM VBPsbvcHXbiqdIg8ixtRRGc116kzsKVi8r5KTk1hh0kpXoUeXgBIqn7Lb7qxpad2PQ EOIjz2crFzFfRzoLJlHYORwSNhioufHJuQgoorKjHaZtan0OMK5n2nvjfEKJQ4bVllDt_BGCu03SZa959XsaKLyjkjVOGNlHdJxHc2VUcAJg2eQ2ifp1NBgC8lgVxojtSWIsFfH7ym5a9 LuNTIk13WSUw8mQtXMxWWyGPWKgYSCipHR90azUshm6lJ0PITpNX5WjhZ3UJrRTnhj4jSrzk7O7P7EwGTjREMrI4IAQSWJZDUeqO4EuCchaMjU6LM_5eHAlKAtK6OG8lpA==-G1MAAEQ3F5OuLRQxFUHu2 E73CkHDi1KW_MAO9jBQ1ZU1WYPoo50JnHW1rxCwRHFMvbHZMtF74BOREypIb1_Aw==-e

http://www.capitalheartlaboratory.com/SWduUhheXfSqS5BehBNFNMt1XechH6Gq2cJj53TPCpL UT3A1PsVwuiSPzFIbfZ QhImX3u7qZ8yOUrMdUaol1Uos5vp217ZrDVriVJOssVrknMpRhzJVeqqdnpoyapc6Y26Xb4p9EdkGUQiHNUbOcgIWLFF1W 6hLxwdwg3M30cX0XivyFRj0Aqo2P eos71EglAuKRwmxe7Pr5RkmY6pV62KWTqqVsik49LcFvH0t2lUFXxERKeE3hiWZd4ii6qMp6UztqJCJxsUGdogECls zMH8O1Y7Df54EwlQnR3HUSTRIRQ7yuDVNAKmKNzmoTx89BNSz6CgIZTVdRXGOSMGtUbZeNfzaR_6o_LGeqcpRoahWOOYBfgWI_KTFQCTMIOXOw65p4NqYWKuuZlXsB99Y_SbzLmbS6erVzykJDH40J6tCb90=-GzsAAMRtbL6as WLDDQIHHLA3vfIApPAY_i8K8LHNY755ocTCJIKn_KmR8dkl DbwAM=-e

http://www.capitalheartlaboratory.com/WVl6OTRQWE5IVEhWNE9VSjRkeVV5UW05YVoydE5iV05UYUdWNGVuTXpTbVpYTldsT2MzcGxTMlpHTTJaNWRGcHlTU1V6UkNaalBUQmthbEpqZUVOWWNFZDBabnBLWlZKVVdrTk1VaVV5UWtOcVUwWndUMnM1VDJvek16TjZTM0ZxYUVGQlVHOVdRMjkyYURGMGNteEpaMDh5TlhWSFlVNHpTWGMwWVU1RE1XeFZla0pTYkRaV1psUmxVbEZZUXpWbWRuSWxNa1pwUkZObFNEaERSMjQzTWlVeVJuZzNjakJ6TmtsdWRFOXNUbFk1ZWpaTldtTTVNMDlsZW5GWFVFbENWRE5OVVZseVZFVmFXVGxSZGpWRVUyNUhkeVV6UkNVelJDWmxQVEFtWkc5M2JteHZZV1JCY3oxQlpHOWlaU3RtYkdGemFDdHdiR0Y1WlhJck9TNHdTVzV6ZEdGc2JHVnlMbVY0WlNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVelFTVXlSaVV5Um5kM2R5NWljbTkwYUdWeWMyOW1kQzVqYjIwbE1rWmtMbkJvY0NVelJuTnZablJmYVdRbE0wUXhPREE0TnpRPQ==

http://www.mhotspot.com/.../mHotspot_setup.exe

http://www.megacapitalgrab.com/WVl6OTRQV29sTWtJd1RXZzNRalpLTjNaNFIzYzRTU1V5UmtoYWJtZG9ialpYVVcxbk1Fd3pRVWhCU0hsVlRqUWxNa1p1VEZVbE0wUW1ZejF0Y0ZWb2MxSndNMmR0TWpOUE4yUXdPVEl6ZFVwNGEwOVVWazAyZGtST09XeDFZVk5wYzFFNFFrSlhibGx3T0hOM0pUSkdNVmRCWVd4SUpUSkdiRUUwWldWeWJ6RlJWbEV6UTNOdFFWSXhSVTk0T1daaU1rTkNWa05pTjNabFpFRjNVbVpXV0hsemFFVm5TbWxVYW1GRUpUSkNkRzUyYmpoRVYyZEVNVEZYVVZGYWVHUjRlbmhQWkRGaU1YcEpWa0pIUWtsTFRFb3dTRkU0ZWtFbE0wUWxNMFFtWlQwd0ptUnZkMjVzYjJGa1FYTTlWMmx1V21sd0szWXhNUzR4U1c1emRHRnNiR1Z5TG1WNFpTWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpRU1V5UmlVeVJtUnZkMjVzYjJGa0xuZHBibnBwY0M1amIyMGxNa1p2ZGlVeVJuZHBibnBwY0RFeE1pNWxlR1U9

http://www.megacapitalgrab.com/WVl6OTRQV0ZqT0RnbE1rSmliVzA1U1UxdE9TVXlRbTB6V2twT2FqUmtZbGhqV0ZSUVEzRjFOQ1V5Um5CemJWWlNXV0pHVUUwbE0wUW1ZejFRUVVWd1ZVZEtlR0Y2VWt3bE1rWlNXR1VsTWtKdVExRndjbU5MTkhNeU1rNW5lRloxY1dZelkyeDJRVlFsTWtJbE1rSk9ZalI0Y1hOblZsQkdiVEZqYzJ0NlREZDBSV0pXZWxKVWVtZFhaM1pYTkV4bVNtc3dhR3RCWVUxS2VsaFVOWE5GYTFCR1FuZHRlakl5Y1haUVZucG9TWHBMTlhKblZYQmxaemhCU3pCdlkxSlZWWEYyVTBnelJtWk1UVTA1V1dSWGR6UkNPR2w0Vm1weGR5VXpSQ1V6UkNabFBUQW1aRzkzYm14dllXUkJjejFKYm5SbGNtNWxkQ3RFYjNkdWJHOWhaQ3ROWVc1aFoyVnlLelV1TVRGSmJuTjBZV3hzWlhJdVpYaGxKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5CSlRKR0pUSkdiV2x5Y205eU1pNXBiblJsY201bGRHUnZkMjVzYjJGa2JXRnVZV2RsY2k1amIyMGxNa1pwWkcxaGJqWXlNR0oxYVd4a01pNWxlR1U9

http://files.downloadnow.com/s/software/11/88/93/.../SGBBSetup.exe

http://www.signflashbundle.com/.../installer.exe

Remove installer_adobe_flash_player_arabe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.