installer_adobe_flash_player_arabe.exe

The executable installer_adobe_flash_player_arabe.exe has been detected as malware by 40 anti-virus scanners. The file has been seen being downloaded from d.kgroot.com and multiple other hosts.
MD5:
e4823e56ab3f91336eb85d304f83006f

SHA-1:
f0b908597027c75ef6f80c9e6eb1f664812d60c9

SHA-256:
af9bf0611e2d6da694ad5665172cec600c671c2eff10e0b5c0290e653409c254

Scanner detections:
40 / 68

Status:
Malware

Analysis date:
12/27/2024 12:36:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.8698094
613

Agnitum Outpost
Trojan.KillFiles
7.1.1

AhnLab V3 Security
Trojan/Win32.Gen
2014.10.24

Avira AntiVirus
W32/Delf
7.11.180.228

avast!
Win32:Delf-TJJ [Trj]
2014.9-150601

AVG
Delf
2016.0.3091

Baidu Antivirus
Trojan.Win32.KillFiles
4.0.3.1561

Bitdefender
Trojan.Generic.8698094
1.0.20.760

Bkav FE
W32.OnGameERALXAAC.Trojan
1.3.0.4959

Clam AntiVirus
Win.Trojan.Delf-1715
0.98/21411

Comodo Security
TrojWare.Win32.Agent.QJF
19887

Dr.Web
Win32.HLLC.Shortcut.origin
9.0.1.0152

Emsisoft Anti-Malware
Trojan.Generic.8698094
8.15.06.01.07

ESET NOD32
Win32/Delf.QJF
9.10611

Fortinet FortiGate
W32/Renamer.BQT!tr
6/1/2015

F-Prot
W32/Delf.CH.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.8698094
11.2015-01-06_2

G Data
Trojan.Generic.8698094
15.6.24

IKARUS anti.virus
Trojan-Dropper.Delf
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.184.13741

Kaspersky
Trojan.Win32.KillFiles
14.0.0.1951

Malwarebytes
Trojan.Agent.Ok
v2015.06.01.07

McAfee
Generic-FAEK!E4823E56AB3F
5600.6747

Microsoft Security Essentials
Trojan:Win32/Soriam.A
1.11104

MicroWorld eScan
Trojan.Generic.8698094
16.0.0.456

NANO AntiVirus
Trojan.Win32.KillFiles.bbxzum
0.28.2.62841

Norman
Renamer.M
11.20150601

nProtect
Worm/W32.FileInfector.533504
14.10.23.01

Qihoo 360 Security
Win32/Trojan.c0d
1.0.0.1015

Quick Heal
W32.Soriam.A
6.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.128FC499!311411865
23.00.65.15530

Sophos
W32/Renamer-K
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Delf
9839

Total Defense
Win32/Tapi.C
37.0.11245

Trend Micro House Call
TROJ_AGENT_011979.TOMB
7.2.152

Trend Micro
TROJ_AGENT_011979.TOMB
10.465.01

Vba32 AntiVirus
Trojan.KillFiles
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34194

ViRobot
Trojan.Win32.A.KillFiles.533504.AU
2011.4.7.4223

Zillya! Antivirus
Trojan.KillFiles.Win32.1581
2.0.0.1966

File size:
521 KB (533,504 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer_adobe_flash_player_arabe.exe

File PE Metadata
Compilation timestamp:
8/19/2011 8:46:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:QL8ozML5h8Sxm1IzGUG+v2+7g7QYvwf4gzv4gg+:aAf8Sxm1ISUZv2+CLvwBj0+

Entry address:
0x71814

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, C0, 0C, 47, 00, E8, 43, 5A, F9, FF, 8B, 1D, 30, 43, 47, 00, 8B, 03, E8, C2, 6F, FE, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, B2, 01, E8, F7, 8C, FE, FF, 8B, 0D, 5C, 42, 47, 00, 8B, 03, 8B, 15, 8C, 09, 47, 00, E8, B8, 6F, FE, FF, 8B, 0D, 68, 43, 47, 00, 8B, 03, 8B, 15, 48, 04, 47, 00, E8, A5, 6F, FE, FF, 8B, 03, E8, 1E, 70, FE, FF, 5B, E8, C0, 38, F9, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5944

Developed / compiled with:
Microsoft Visual C++

Code size:
450.5 KB (461,312 bytes)

The file installer_adobe_flash_player_arabe.exe has been seen being distributed by the following 12 URLs.

http://d.kgroot.com/android_root.exe

https://dw.uptodown.com/dwn/H1FmvuzlsatHnKv-ixNXOqCmWl92ad-JbW0ofMySoTWwiUahS2v_PjH_yx3PaO0TNbU8PaSwWVncjyUKFMSsWnyRGtOlSNf6vDFqhiM9aqYePEJI1DAk4Kr3oJ66q0B3/8jS1bTxNciBSLIbsKei9DPyaqd8uhoc_lPunLP37mXS7-lGFq0-VkbtAgVmhNblhI1vxmy_8twLUO0uW4fsZSotKcEjdErStA1mBhX8Wbpd5s1a38xrmHzFv990ToGkL/CeDqFLIgbYr5oVcLcg60TIDNrQvXUt-a3e1R3WqjlTHAP-hiJktM1ca99FcWWMzeWtaUzZQAoe2D6LuHqMTfrRCT-uswwEx3dc01zeI4cQqZCi22m5V45WEbmzLoWUpM/.../

http://fs40.filehippo.com/7129/.../nLite-1.4.9.2.setup.exe

http://download.avs4you.com/.../AVSAudioConverter.exe

http://www.presentfuncontent.com/wvvjiNRiPM VBPsbvcHXbiqdIg8ixtRRGc116kzsKVi8r5KTk1hh0kpXoUeXgBIqn7Lb7qxpad2PQ EOIjz2crFzFfRzoLJlHYORwSNhioufHJuQgoorKjHaZtan0OMK5n2nvjfEKJQ4bVllDt_BGCu03SZa959XsaKLyjkjVOGNlHdJxHc2VUcAJg2eQ2ifp1NBgC8lgVxojtSWIsFfH7ym5a9 LuNTIk13WSUw8mQtXMxWWyGPWKgYSCipHR90azUshm6lJ0PITpNX5WjhZ3UJrRTnhj4jSrzk7O7P7EwGTjREMrI4IAQSWJZDUeqO4EuCchaMjU6LM_5eHAlKAtK6OG8lpA==-G1MAAEQ3F5OuLRQxFUHu2 E73CkHDi1KW_MAO9jBQ1ZU1WYPoo50JnHW1rxCwRHFMvbHZMtF74BOREypIb1_Aw==-e

http://www.capitalheartlaboratory.com/SWduUhheXfSqS5BehBNFNMt1XechH6Gq2cJj53TPCpL UT3A1PsVwuiSPzFIbfZ QhImX3u7qZ8yOUrMdUaol1Uos5vp217ZrDVriVJOssVrknMpRhzJVeqqdnpoyapc6Y26Xb4p9EdkGUQiHNUbOcgIWLFF1W 6hLxwdwg3M30cX0XivyFRj0Aqo2P eos71EglAuKRwmxe7Pr5RkmY6pV62KWTqqVsik49LcFvH0t2lUFXxERKeE3hiWZd4ii6qMp6UztqJCJxsUGdogECls zMH8O1Y7Df54EwlQnR3HUSTRIRQ7yuDVNAKmKNzmoTx89BNSz6CgIZTVdRXGOSMGtUbZeNfzaR_6o_LGeqcpRoahWOOYBfgWI_KTFQCTMIOXOw65p4NqYWKuuZlXsB99Y_SbzLmbS6erVzykJDH40J6tCb90=-GzsAAMRtbL6as WLDDQIHHLA3vfIApPAY_i8K8LHNY755ocTCJIKn_KmR8dkl DbwAM=-e

Remove installer_adobe_flash_player_arabe.exe - Powered by Reason Core Security