» installer_adobe_flash_player_english.exe
Overview
Analysis
File Details
Downloads (3)

installer_adobe_flash_player_english.exe

The application installer_adobe_flash_player_english.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from dv.a-chn4.com and multiple other hosts.

File name:

MD5:

735260ee6ece95ba141f85dfd28aea27

SHA-1:

47e7822bf46a34453b28720aba9801a5f8aeec4c

SHA-256:

766eb2118539a8050b20aad4cc6b621e10217d9fb09b93fc5cb98b908c828361

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

11/24/2024 4:48:55 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.04.14

avast!

Win32:Dropper-gen [Drp]

2014.9-150821

Baidu Antivirus

Trojan.Win32.Addrop

4.0.3.15821

ESET NOD32

Win32/TrojanDropper.Addrop

9.11468

G Data

Win32.Trojan.Agent.2X93XI

15.8.25

K7 AntiVirus

Trojan

13.202.15582

Kaspersky

not-a-virus:Downloader.NSIS.Agent

14.0.0.1550

McAfee

RDN/Generic Dropper!wc

5600.6667

Panda Antivirus

Generic Suspicious

15.08.21.12

Sophos

Generic PUA EH

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Downloader

9679

Trend Micro House Call

TROJ_GEN.R02SC0OBP15

7.2.233

Trend Micro

TROJ_GEN.R02SC0OBP15

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

39328

ViRobot

Adware.Agent.692674[h]

2014.3.20.0

File size:

676.4 KB (692,674 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\installer_adobe_flash_player_english.exe

File PE Metadata

Compilation timestamp:

12/5/2009 11:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:MpqEqH5WS/exwMlIknNkDNTg8rKc6ZhBYJYLNxw+OFSY4NoHIoGl5:Mpsd/fMlIknNkVgSKHB2YRIFSdGrQ

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file installer_adobe_flash_player_english.exe has been seen being distributed by the following 3 URLs.

http://dv.a-chn4.com/installers/axtan_installers/get.php?ua=chrome&ut=d7ef0a6d23bbe317ec7b98e8005a0825&loop=1&r=2890081&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9vbi8yL2ZyZWVzb2Z0c3RvcmVjb20vZW5nbGlzaC9yZXZlbnVlL2Nocm9tZS9hZG9iZV9mbGFzaF9wbGF5ZXIvZC8yNzU4NzZlMzRjZjYwOWRiMTE4ZjNkODRiNzk5YTc5MC9vdXQvbmEvbmEvaW5zdGFsbGVyX2Fkb2JlX2ZsYXNoX3BsYXllcl9FbmdsaXNoLmV4ZQ==&p=RlJFRVNPRlRTVE9SRUNPTQ==&u=L2Rvd25sb2FkMi5mcmVlc29mdHN0b3JlMi5jb20vaW5zdGFsbGVycy9vdXQvMDAyMDQwMDIwNTAwMjA2L3BpaWQtNTRkMzU1ZTI4YmUyMTguMjA0OTAzNjEvb24vMi9mcmVlc29mdHN0b3JlY29tL2VuZ2xpc2gvcmV2ZW51ZS9jaHJvbWUvYWRvYmVfZmxhc2hfcGxheWVyL2QvMjc1ODc2ZTM0Y2Y2MDlkYjExOGYzZDg0Yjc5OWE3OTAvb3V0L25hL25hL2luc3RhbGxlcl9hZG9iZV9mbGFzaF9wbGF5ZXJfRW5nbGlzaC5leGU=&aa=on/2/freesoftstorecom//&LD=92&HJ=89&JC=1&GE=73&NJ=78&AB=47&IA=24&LG=62&DC=28&s=84109871201912510942651558301939340328559640891995161317247340385417273137127326943174809544672114941255978710414722202166634846340566064835987359570896459934578625331715303049906985631

http://dv.a-chn4.com/installers/axtan_installers/get.php?ua=chrome&ut=31976eefd58b7260d2bfec3a4a30a74f&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9vbi8yL2ZyZWVzb2Z0c3RvcmVjb20vZW5nbGlzaC9yZXZlbnVlL2Nocm9tZS9hZG9iZV9mbGFzaF9wbGF5ZXIvZC8yNzU4NzZlMzRjZjYwOWRiMTE4ZjNkODRiNzk5YTc5MC9vdXQvbmEvbmEvaW5zdGFsbGVyX2Fkb2JlX2ZsYXNoX3BsYXllcl9FbmdsaXNoLmV4ZQ==&u=L2Rvd25sb2FkMi5mcmVlc29mdHN0b3JlMi5jb20vaW5zdGFsbGVycy9vdXQvMDAyMDQwMDIwNTAwMjA2L3BpaWQtNTRkMzQ0YjJkNDY4NTYuNTcwOTE0MjAvb24vMi9mcmVlc29mdHN0b3JlY29tL2VuZ2xpc2gvcmV2ZW51ZS9jaHJvbWUvYWRvYmVfZmxhc2hfcGxheWVyL2QvMjc1ODc2ZTM0Y2Y2MDlkYjExOGYzZDg0Yjc5OWE3OTAvb3V0L25hL25hL2luc3RhbGxlcl9hZG9iZV9mbGFzaF9wbGF5ZXJfRW5nbGlzaC5leGU=&r=5157091&loop=1&p=RlJFRVNPRlRTVE9SRUNPTQ==&aa=on/2/freesoftstorecom//&BD=95&BL=89&EJ=37&FK=81&EN=11&ID=31&FM=74&AL=72&MM=37&s=4746839577863102472261254067731116809857643064211537662169932154744720484891212476132458342658032405454933064301925270014370283434089483790221423941052580509952351309778700842246352600

http://dv.a-chn4.com/installers/axtan_installers/get.php?ua=chrome&ut=31a8d4d4d6e19cc23c75ae99560a8aab&u=L2Rvd25sb2FkMi5mcmVlc29mdHN0b3JlMi5jb20vaW5zdGFsbGVycy9vdXQvMDAyMDQwMDIwNTAwMjA2L3BpaWQtNTRkMzUxNTliMDdkOTMuNjg0MDc5NDUvb24vMi9mcmVlc29mdHN0b3JlY29tL2VuZ2xpc2gvcmV2ZW51ZS9jaHJvbWUvYWRvYmVfZmxhc2hfcGxheWVyL2QvMjc1ODc2ZTM0Y2Y2MDlkYjExOGYzZDg0Yjc5OWE3OTAvb3V0L25hL25hL2luc3RhbGxlcl9hZG9iZV9mbGFzaF9wbGF5ZXJfRW5nbGlzaC5leGU=&r=6552338&loop=1&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9vbi8yL2ZyZWVzb2Z0c3RvcmVjb20vZW5nbGlzaC9yZXZlbnVlL2Nocm9tZS9hZG9iZV9mbGFzaF9wbGF5ZXIvZC8yNzU4NzZlMzRjZjYwOWRiMTE4ZjNkODRiNzk5YTc5MC9vdXQvbmEvbmEvaW5zdGFsbGVyX2Fkb2JlX2ZsYXNoX3BsYXllcl9FbmdsaXNoLmV4ZQ==&p=RlJFRVNPRlRTVE9SRUNPTQ==&aa=on/2/freesoftstorecom//&FB=78&IL=89&FA=65&BB=73&AE=60&DM=34&KC=46&MK=29&EI=84&CC=78&s=5291122232561380016234191726013633845079325463565198618781392756031648671217673193054823962148752826783805572981386769156471356549118509056354583260286823059703625475381026475892

Remove installer_adobe_flash_player_english.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.