home

adobe_flash_player-27099807.exe

Quesadilla Interactive

The application adobe_flash_player-27099807.exe by Quesadilla Interactive has been detected as a potentially unwanted program by 13 anti-malware scanners. The file has been seen being downloaded from intva31.parkplaceschema.info.
Publisher:
Quesadilla Interactive  (signed and verified)

MD5:
1480315acfeb09f9c1c913652a7f3568

SHA-1:
4ad0b820deb0211141bfc4deef2f187da08ed689

SHA-256:
3506bea5cb0a905b287a4a8cb6e2322900f6905bab1cc5165aedaef687326f89

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
5/22/2024 12:50:07 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160518-2

AVG
Win32/Floxif
2015.0.4604

Dr.Web
Trojan.Vittalia.9336
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
16.06.25

ESET NOD32
Win32/Floxif.H virus
8.0.319.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!1480315ACFEB
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.2587.0

Norman
Win32.Floxif.A
28.05.2016 13:03:37

Reason Heuristics
PUP.Quesadil (M)
16.6.25.9

File size:
203.1 KB (207,943 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_player-27099807.exe

Digital Signature
Signed by:
Quesadilla Interactive

Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2016 10:17:38 PM

Valid to:
3/8/2017 10:17:38 PM

Subject:
CN=Quesadilla Interactive, O=Quesadilla Interactive, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
017689D7557551E3

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
6144:6qfpXahBhJCLMbrh7BV+UdvrEFp7hKrCT:6qfW3+8h7BjvrEH7YCT

Entry address:
0x14C0

Entry point:
E9, 39, 4C, 00, 00, E4, 31, 41, 00, 01, 00, 00, 00, E8, 9E, A6, 00, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, E4, 31, 41, 00, 00, 00, 00, 00, E8, 7E, A6, 00, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 56, 53, 83, EC, 10, 8B, 1D, 84, 51, 41, 00, C7, 04, 24, 00, E0, 40, 00, FF, D3, 89, C6, 83, EC, 04, B8, 00, 00, 00, 00, 85, F6, 74, 29, C7, 04, 24, 00, E0, 40, 00, FF, 15, A0, 51, 41, 00, 83, EC, 04, A3, 90, 35, 41, 00, C7, 44, 24, 04, 13, E0...
 
[+]

Entropy:
6.8829

Packer / compiler:
Xtreme-Protector v1.05

Code size:
46 KB (47,104 bytes)

The file adobe_flash_player-27099807.exe has been seen being distributed by the following URL.

http://intva31.parkplaceschema.info/dl-pure/1202331/.../?bc=1202331&checksum=27099807&ephemeral=1&filename=adobe_flash_player.exe&cb=2111350234&hashstring=asasdasdaS&usefilename=true&executableroutePath=1202481&stub=true

Remove adobe_flash_player-27099807.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.