home

adobe_flash.exe

The application adobe_flash.exe has been detected as a potentially unwanted program by 35 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from scottishhillracing.co.uk.
MD5:
70d0a1b577dde513a0dfae09722d3ddd

SHA-1:
5aa2699b478bf28e190aebca814eaf56d1521c85

SHA-256:
20ea983e4c9d9a3143179384b7c099b931f4bcfa8779d96c763ef4175548583a

Scanner detections:
35 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
5/16/2024 7:48:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.32808
270

AegisLab AV Signature
Backdoor.W32.Androm.basx!c
2.1.4+

AhnLab V3 Security
Backdoor/Win32.Androm
2016.04.20

Avira AntiVirus
DR/Delphi.A.1734
8.3.3.4

Arcabit
Trojan.Symmi.D8028
1.0.0.672

avast!
Win32:Rootkit-gen [Rtk]
2014.9-160510

AVG
Generic9_c
2017.0.2748

Baidu Antivirus
Backdoor.Win32.Androm
4.0.3.16510

Bitdefender
Gen:Variant.Symmi.32808
1.0.20.655

Bkav FE
W32.GenericSwisynR.Trojan
1.3.0.7744

Comodo Security
UnclassifiedMalware
24838

Dr.Web
Adware.InstallCore.53
9.0.1.0131

Emsisoft Anti-Malware
Gen:Variant.Symmi.32808
8.16.05.10.10

ESET NOD32
Win32/Filecoder.BH
10.13358

F-Secure
Gen:Variant.Symmi.32808
11.2016-10-05_3

G Data
Gen:Variant.Symmi.32808
16.5.25

IKARUS anti.virus
Backdoor.Win32.Hupigon
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.222.19349

Kaspersky
Backdoor.Win32.Androm
14.0.0.233

Malwarebytes
Trojan.Winlock
v2016.05.10.10

McAfee
RDN/Spybot.bfr!h
5600.6404

Microsoft Security Essentials
Ransom:Win32/Dircrypt
1.1.12603.0

MicroWorld eScan
Gen:Variant.Symmi.32808
17.0.0.393

NANO AntiVirus
Trojan.Win32.Encoder.cssznj
1.0.30.8000

nProtect
Backdoor/W32.Androm.183808.B
16.04.19.01

Panda Antivirus
Trj/Genetic.gen
16.05.10.10

Qihoo 360 Security
Win32/Backdoor.d3b
1.0.0.1120

Quick Heal
Trojan.Dircrypt.ra
5.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16508

Sophos
Troj/Ransom-ADA
4.98

Trend Micro House Call
TROJ_DIRCRYPT.AE
7.2.131

Trend Micro
TROJ_DIRCRYPT.AE
10.465.10

VIPRE Antivirus
Trojan.Win32.Generic
48750

ViRobot
Backdoor.Win32.A.Androm.183808.B[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.Androm.Win32.4235
2.0.0.2798

File size:
179.5 KB (183,808 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\adobe_flash.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:MWs/e3bu+neujbsEtTN/5NDuqCo7n3c5KT8pBr3eaidSMU6+U:0m3Xj7xNxNSi3cIT8feVzD

Entry address:
0x60001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 00, 06, 00, 83, BD, 7D, 04, 00, 00, 00, 89, 9D, 7D, 04, 00, 00, 0F, 85, C0, 03, 00, 00, 8D, 85, 89, 04, 00, 00, 50, FF, 95, 09, 0F, 00, 00, 89, 85, 81, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, 05, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74...
 
[+]

Packer / compiler:
ASPack v2.12

Code size:
248.5 KB (254,464 bytes)

The file adobe_flash.exe has been seen being distributed by the following URL.

http://scottishhillracing.co.uk/.../adobe_flash.exe

Remove adobe_flash.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.