» installer_adobe_flash_player_english.exe
Overview
Analysis
File Details
Downloads (2)

installer_adobe_flash_player_english.exe

Code Techno

The application installer_adobe_flash_player_english.exe by Code Techno has been detected as a potentially unwanted program by 30 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from clkdeals.com and multiple other hosts.

File name:

Publisher:

Code Techno (signed and verified)

MD5:

24e809a1853581010303473fd5043b90

SHA-1:

42cb3d80786247666e24fc6865a64de77bf5ff18

SHA-256:

aeb0491382011dbee08eb6f5d15e09635aa30c3c907ddfa5b37c04c25f1eb743

Scanner detections:

30 / 68

Status:

Potentially unwanted

Analysis date:

11/25/2024 7:22:53 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Downloader.UY

576

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Downware

2015.05.05

avast!

Win32:DownloadAdmin-N [PUP]

2014.9-150708

AVG

Generic

2016.0.3054

Bitdefender

Application.Downloader.UY

1.0.20.945

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Downloadadmin

0.98/21511

Comodo Security

ApplicUnwnt

22004

Dr.Web

Adware.Downware.2220

9.0.1.0189

ESET NOD32

Win32/DownloadAdmin.H potentially unwanted (variant)

9.11576

Fortinet FortiGate

Riskware/DownloadAdmin

7/8/2015

F-Prot

W32/S-b3398882

v6.4.7.1.166

F-Secure

Application.Downloader.UY

11.2015-08-07_4

G Data

Application.Downloader.UY

15.7.25

K7 AntiVirus

Unwanted-Program

13.203.15799

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.1767

McAfee

Artemis!24E809A18535

5600.6710

MicroWorld eScan

Application.Downloader.UY

16.0.0.567

NANO AntiVirus

Riskware.Win32.Downware.djahkt

0.30.24.1357

Panda Antivirus

Trj/CI.A

15.07.08.01

Quick Heal

Downloader.Agent.r6 (Not a Virus)

7.15.14.00

Reason Heuristics

PUP.CodeTechno.Installer (M)

15.7.8.9

Sophos

Generic PUA EC

4.98

Total Defense

Win32/Tnega.IQCCUAC

37.1.62.1

Trend Micro House Call

TROJ_GEN.F0C2C00LP14

7.2.189

Trend Micro

TROJ_GEN.F0C2C00LP14

10.465.08

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39950

Zillya! Antivirus

Downloader.Agent.Win32.230169

2.0.0.2166

File size:

821.9 KB (841,664 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\installer_adobe_flash_player_english.exe

Digital Signature

Signed by:

Code Techno

Authority:

VeriSign, Inc.

Valid from:

2/25/2014 9:00:00 PM

Valid to:

2/25/2017 8:59:59 PM

Subject:

CN=Code Techno, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Code Techno, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

57F2A4C1987266C5627CFFB542729A0B

File PE Metadata

Compilation timestamp:

7/15/2014 1:29:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:txpJfslZtuaVd9lpmhwQbift489IVGD4xJFl6Xqb5Kbmkg8Sa:fp9sVuaVdvgVbmgGDijyikg5a

Entry address:

0x3345

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2E, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1F, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0D, 24, 00, 00... 
[+]

Entropy:

7.4896

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file installer_adobe_flash_player_english.exe has been seen being distributed by the following 2 URLs.

http://clkdeals.com/adServe/adClick?ai=e78pZMpPz6SHQ2niPo5cnubY132PmrvxXglqXsrFgYKueecIPIxHlOSvv2V DeLZ34W30IkBhsI LfCh8cm1jQCUwQNkvjwaMLU/6TDlQ24T18EGDl enhgTRnBU/eaULBgfX9IttK1kYVulUVyEzrKl GRlxVYjfOu9f gVv56IXFJP4X0KI0kq86MXxY QicX3lQ4QqQCBIYPxSwLZ2g3E6NB5H O6iDKoo RobFs0jP2C8rEoyn/ c6MlRr6u9IvoS7ZzPLU8DgowQ0i0fnGmE4o5aYF8kQiUrDwKf8OXw=&ui=ZvEl/rne7lkfbUHyj/Vir/bWwvziNp/.../ZDDa&src=BANNER

http://freempr13.jotredololo.com/.../download?p=REVENUE&trckid=008252331016649771416

Remove installer_adobe_flash_player_english.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.