» installer_adobe_flash_player_english.exe
Overview
Analysis
File Details
Downloads (1)

installer_adobe_flash_player_english.exe

The application installer_adobe_flash_player_english.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from freempr8.gettingsoft.com.

File name:

MD5:

2000086c72920ae273ea9f80c7f9dd9b

SHA-1:

ad4ed8bbf1418e2e3c76abcc08a66eb0e2b74759

SHA-256:

7654c9b637bd5e3f43e8be43e90c11d580aa0621451dffc5a26ffea87b7f7217

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 9:27:52 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.DownloadAdmin.Bundler

16.2.8.16

File size:

869.1 KB (889,928 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:tTvuCxHxICuix4LRoXWzBGz1cmv75PqQb8pwLrEzO:tr3HxI+x7mzIzGaPq0b8a

Entry address:

0x9C40

Entry point:

69, D2, 0D, E0, 1C, D6, 2C, E3, F6, C2, 25, 89, F6, 22, C7, 88, C4, FE, CA, B2, 2B, 88, E2, 81, FB, 90, 03, 00, 00, BA, BD, EF, 08, EA, 2B, F5, 85, C2, 77, 04, B1, 2E, 84, E5, 8A, C7, E8, 3C, 00, 00, 00, 33, DB, B2, 32, B9, 57, A7, E8, E7, 87, F5, 85, F3, 81, C3, DA, 05, 00, 00, B8, B2, CF, 2E, 40, 81, EB, D9, 05, 00, 00, C7, C6, F8, B4, 00, 3E, 1A, F5, 89, F0, FE, C9, F2, F6, C5, A9, 89, F7, 81, FB, 02, 02, 00, 00, 0F, 8C, C6, FF, FF, FF, 5A, B9, BE, 45, 18, 89, 8B, FA, 0F, AF, DB, 0F, B6, D8, 8B, C8, 0F... 
[+]

Entropy:

7.9052 (probably packed)

Code size:

37 KB (37,888 bytes)

The file installer_adobe_flash_player_english.exe has been seen being distributed by the following URL.

http://freempr8.gettingsoft.com/.../download?p=ADCASH&trckid=20652141831415454233

Remove installer_adobe_flash_player_english.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.