home

adobe_flash.exe

The executable adobe_flash.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from bunyabilla.com.
MD5:
0e5e8f6edd2c1496614bb6a71ba3f256

SHA-1:
5dcb1b6febd2a26525eb0e03c3656cf61fb79f5d

SHA-256:
43f608f8965e49f27c355ece5d080edfb377372360ef93881d6be4d87e186950

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/19/2024 9:31:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.34205
1151

Agnitum Outpost
Trojan.Blocker
7.1.1

AhnLab V3 Security
Trojan/Win32.Blocker
2013.12.11

Avira AntiVirus
DR/Delphi.Gen
7.11.122.10

avast!
Win32:Malware-gen
2014.9-131126

AVG
Generic34
2014.0.3539

Baidu Antivirus
Trojan.Win32.Ransomlock
4.0.3.131126

Bitdefender
Gen:Variant.Symmi.34205
1.0.20.1180

Bkav FE
HW32.CDB
1.3.0.4613

Comodo Security
TrojWare.Win32.Nimnul.AXQ
17498

Dr.Web
Trojan.Encoder.283
9.0.1.0236

Emsisoft Anti-Malware
Gen:Variant.Symmi.34205
8.13.08.24.01

ESET NOD32
Win32/Injector.ALMI (variant)
7.9190

Fortinet FortiGate
W32/Blocker.CCOM!tr
8/24/2013

F-Secure
Gen:Variant.Symmi.34205
11.2013-24-08_7

G Data
Gen:Variant.Symmi.34205
13.8.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10623

Kaspersky
Trojan-Ransom.Win32.Blocker
14.0.0.3773

Malwarebytes
Trojan.Ransom.Dirty
v2013.08.24.01

McAfee
RDN/Ransom!dm
5600.7177

Microsoft Security Essentials
Trojan:Win32/Dircrypt.A
1.165.247.01

MicroWorld eScan
Gen:Variant.Symmi.34205
14.0.0.708

NANO AntiVirus
Trojan.Win32.Encoder.cqmpxr
0.28.0.57029

Norman
Dircrypt.B
11.20130824

nProtect
Trojan/W32.Blocker.260608.F
13.12.24.01

Panda Antivirus
Trj/CI.A
13.08.24.01

Quick Heal
Trojan.Dircrypt
11.13.12.00

Reason Heuristics
Unnamed.Threat.89
14.3.1.0

Rising Antivirus
PE:Trojan.Win32.Generic.15A60284!363201156
23.00.65.131227

Sophos
Troj/Ransom-ADA
4.96

Trend Micro House Call
TROJ_SPNR.15IA13
7.2.236

Trend Micro
TROJ_SPNR.15IA13
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
24754

ViRobot
Spyware.Ransom.Blocker.260608
2011.4.7.4223

XVirus List
Win.Detected
2.3.31

File size:
254.5 KB (260,608 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\adobe_flash.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:c33jV9yfAMIjaUUMlo/mVxT+tRu7qlhy8xswJYQ:gMDIjapg1PT1IFJ

Entry address:
0x5E001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, E0, 05, 00, 83, BD, 7D, 04, 00, 00, 00, 89, 9D, 7D, 04, 00, 00, 0F, 85, C0, 03, 00, 00, 8D, 85, 89, 04, 00, 00, 50, FF, 95, 09, 0F, 00, 00, 89, 85, 81, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, 05, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74...
 
[+]

Entropy:
7.8451

Packer / compiler:
ASPack v2.12

Code size:
55.5 KB (56,832 bytes)

The file adobe_flash.exe has been seen being distributed by the following URL.

http://bunyabilla.com/images/.../adobe_flash.exe

Remove adobe_flash.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.