SAFlashPlayer.exe

Shockwave Flash

Macromedia, Inc.

The file SAFlashPlayer.exe, “Macromedia Flash Player 6.0 r21” has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from download2058.mediafire.com and multiple other hosts.
Publisher:
Macromedia, Inc.

Product:
Shockwave Flash

Description:
Macromedia Flash Player 6.0 r21

Version:
6,0,21,0

MD5:
03ecc87485508d81932bebce1722d555

SHA-1:
74a28a4d96370d8e0272b7944274009c2d1324f6

SHA-256:
5d5582082a16267659856275307f2dd9857a24c8d7a2f95ea7cd9874d9172ea6

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/23/2024 11:34:56 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:WrongInf-E [Susp]
2014.9-141011

Bkav FE
W32.HfsAutoB
1.3.0.4959

K7 AntiVirus
Trojan
13.176.11482

Malwarebytes
Spyware.Passwords.XGen
v2014.10.11.01

McAfee
Artemis!03ECC8748550
5600.6980

NANO AntiVirus
Virus.Win32.Sality.bgiylc
0.28.0.58491

Trend Micro House Call
TROJ_GEN.F47V0131
7.2.284

File size:
8.9 MB (9,292,003 bytes)

Product version:
6,0,21,0

Copyright:
Copyright © 1996-2002 Macromedia, Inc.

Trademarks:
Macromedia Flash Player

Original file name:
SAFlashPlayer.exe

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\trz3a5c.tmp

File PE Metadata
Compilation timestamp:
3/6/2002 6:35:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:5Bc+jMhWDnboRdvM4JLGx/CZnJEo3LmtFYZy/:5ZjkRxM4FQ/sJdmLH/

Entry address:
0x670A0

Entry point:
83, EC, 44, 56, FF, 15, 24, 81, 49, 00, 8B, F0, 8A, 06, 3C, 22, 75, 1C, 8A, 46, 01, 46, 3C, 22, 74, 0C, 84, C0, 74, 08, 8A, 46, 01, 46, 3C, 22, 75, F4, 80, 3E, 22, 75, 0F, 46, EB, 0C, 3C, 20, 7E, 08, 8A, 46, 01, 46, 3C, 20, 7F, F8, 8A, 06, 84, C0, 74, 0C, 3C, 20, 7F, 08, 8A, 46, 01, 46, 84, C0, 75, F4, 8D, 44, 24, 04, C7, 44, 24, 30, 00, 00, 00, 00, 50, FF, 15, D4, 81, 49, 00, F6, 44, 24, 30, 01, 74, 0B, 8B, 44, 24, 34, 25, FF, FF, 00, 00, EB, 05, B8, 0A, 00, 00, 00, 50, 56, 6A, 00, 6A, 00, FF, 15, 20, 81...
 
[+]

Packer / compiler:
Macromedia Windows Flash Projector/Player v6.0

Code size:
604 KB (618,496 bytes)

The file SAFlashPlayer.exe has been seen being distributed by the following 11 URLs.

http://download2058.mediafire.com/79aw8wj4i8tg/.../?????? ???????.EXE

http://download934.mediafire.com/1vqq64wqkiug/.../?????? ???????.EXE

http://download817.mediafire.com/jjcfx3wkcaeg/.../?????? ???????.EXE

http://download1327.mediafire.com/evr7d9v6s7rg/.../?????? ???????.EXE

Remove SAFlashPlayer.exe - Powered by Reason Core Security