» kill_flash.exe
Overview
Analysis
File Details
Programs (9)
Downloads (11)

kill_flash.exe

Adobe Flash Player Installer/Uninstaller

Adobe Systems Incorporated

This is installed with multiple programs including Adobe Flash Player 20 NPAPI and Adobe Flash Player 20 ActiveX. The file has been seen being downloaded from temp.immortals-co.net and multiple other hosts.

File name:

kill_flash.exe

Publisher:

Adobe Systems Incorporated (signed and verified)

Product:

Adobe® Flash® Player Installer/Uninstaller

Description:

Adobe® Flash® Player Installer/Uninstaller 20.0 r0

Version:

20,0,0,267

MD5:

07599770cdca3646ee96978dbbbde29c

SHA-1:

305bc0bfa5d680402c8ad3dd52a6ab4b4995caf6

SHA-256:

7776319a0aee75fe57d2163e680d8f5713b8206b50277a437bafcecb21a17f28

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/15/2024 5:42:53 AM UTC (today)

File size:

1.1 MB (1,163,968 bytes)

Product version:

20,0,0,267

Trademarks:

Adobe® Flash® Player

Original file name:

FlashUtil.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\kill_flash.exe

Digital Signature

Signed by:

Adobe Systems Incorporated

Authority:

Symantec Corporation

Valid from:

5/13/2015 6:00:00 PM

Valid to:

5/7/2017 5:59:59 PM

Subject:

CN=Adobe Systems Incorporated, OU=Flash Player, O=Adobe Systems Incorporated, L=San Jose, S=California, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

4EA1E89E15EA4FFA937984D88F545FBA

File PE Metadata

Compilation timestamp:

12/23/2015 4:35:30 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:j8bhUAd/ZJidrUxcAAAAAAAAAAAAAAAXAbAAAAAAAAAAAAAAAAAAAAAbAAAgAxAE:j8FUAd/ZJiuxhObBGQZBcJ3m3GBkkoh

Entry address:

0x1E6EC

Entry point:

E8, 0B, 61, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 0C, F6, 46, 0C, 40, 57, 75, 79, 56, E8, D9, 04, 00, 00, 59, BA, F0, 95, 43, 00, 83, F8, FF, 74, 1B, 83, F8, FE, 74, 16, 8B, C8, 83, E1, 1F, 8B, F8, C1, FF, 05, C1, E1, 06, 03, 0C, BD, 20, AE, 43, 00, EB, 02, 8B, CA, F6, 41, 24, 7F, 75, 26, 83, F8, FF, 74, 19, 83, F8, FE, 74, 14, 8B, C8, 83, E0, 1F, C1, F9, 05, C1, E0, 06, 03, 04, 8D, 20, AE, 43, 00, EB, 02, 8B, C2, F6, 40, 24, 80, 74, 1F, E8, 65, 23, 00, 00, 33, FF, 57, 57, 57, 57, 57... 
[+]

Entropy:

7.0376

Code size:

178.5 KB (182,784 bytes)

The file kill_flash.exe has been discovered within the following programs.

Adobe Flash Player 20 ActiveX by Adobe Systems Incorporated

www.adobe.com

3% remove it

Adobe Flash Player 20 NPAPI by Adobe Systems Incorporated

7% remove it

Adobe Flash Player 21 ActiveX by Adobe Systems Incorporated

8% remove it

Adobe Flash Player 21 NPAPI by Adobe Systems Incorporated

10% remove it

Adobe Flash Player 21 PPAPI by Adobe Systems Incorporated

7% remove it

Adobe Flash Player 22 ActiveX by Adobe Systems Incorporated

10% remove it

Adobe Flash Player 22 NPAPI by Adobe Systems Incorporated

11% remove it

Adobe Flash Player 22 PPAPI by Adobe Systems Incorporated

5% remove it

Adobe Flash Player 23 PPAPI by Adobe Systems Incorporated

11% remove it

The file kill_flash.exe has been seen being distributed by the following 11 URLs.

http://temp.immortals-co.net/uninstall_flash_player.exe

http://world-of-classic.com/.../uninstall_flash_player.exe

http://www.h-e.at/.../uninstall_12flash15_player.exe

http://www.logitheque.com/.../eba737a5.dl

http://fpdownload.macromedia.com/get/flashplayer/current/.../uninstall_flash_player.exe

https://download.macromedia.com/get/flashplayer/current/.../uninstall_flash_player.exe

http://www.programosy.pl/.../pobierz,adobe-flash-player-uninstaller,2.html

http://www.mychirotouch.com/public/.../uninstall_flash_player.exe

http://www.love2pvp.com/uninstall_flash_player.exe

http://download.macromedia.com/get/flashplayer/current/.../uninstall_flash_player.exe

https://fpdownload.macromedia.com/get/flashplayer/current/.../uninstall_flash_player.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.