home

adobe_flash_player-27099807.exe

Quesadilla Interactive

The application adobe_flash_player-27099807.exe by Quesadilla Interactive has been detected as a potentially unwanted program by 11 anti-malware scanners. The file has been seen being downloaded from intva31.parkplaceschema.info.
Publisher:
Quesadilla Interactive  (signed and verified)

MD5:
e878cbede29bd1d78c53bfe0ce29b393

SHA-1:
695776ace0cf533798f42ea70511756bfca76b6b

SHA-256:
15308aa3e7a64931a5acd88c322e8abdaf55766e0e64ecb10d9a9a1e19953acd

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
5/21/2024 7:01:48 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160518-2

AVG
Win32/Floxif
2015.0.4604

Dr.Web
Trojan.Vittalia.9336
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
11.5.0.6191

ESET NOD32
Win32/Floxif.H virus
8.0.319.0

F-Prot
W32/Floxif.B
4.6.5.141

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!E878CBEDE29B
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.2544.0

Norman
Win32.Floxif.A
28.05.2016 15:32:18

Reason Heuristics
PUP.Quesadil (M)
16.6.25.10

File size:
203.1 KB (207,943 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\adobe_flash_player-27099807.exe

Digital Signature
Signed by:
Quesadilla Interactive

Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2016 10:17:38 PM

Valid to:
3/8/2017 10:17:38 PM

Subject:
CN=Quesadilla Interactive, O=Quesadilla Interactive, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
017689D7557551E3

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
3072:8vqiFmRwhj1CLMb+uRsq/X2lQBV+UdE+rECWp7hKeo:CqiFmRwhJCLMbrh7BV+UdvrEFp7hKeo

Entry address:
0x14C0

Entry point:
E9, 05, 68, 00, 00, E4, 31, 41, 00, 01, 00, 00, 00, E8, 9E, A6, 00, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, E4, 31, 41, 00, 00, 00, 00, 00, E8, 7E, A6, 00, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 56, 53, 83, EC, 10, 8B, 1D, 84, 51, 41, 00, C7, 04, 24, 00, E0, 40, 00, FF, D3, 89, C6, 83, EC, 04, B8, 00, 00, 00, 00, 85, F6, 74, 29, C7, 04, 24, 00, E0, 40, 00, FF, 15, A0, 51, 41, 00, 83, EC, 04, A3, 90, 35, 41, 00, C7, 44, 24, 04, 13, E0...
 
[+]

Entropy:
6.8838

Packer / compiler:
Xtreme-Protector v1.05

Code size:
46 KB (47,104 bytes)

The file adobe_flash_player-27099807.exe has been seen being distributed by the following URL.

http://intva31.parkplaceschema.info/dl-pure/1202331/.../?bc=1202331&checksum=27099807&ephemeral=1&filename=adobe_flash_player.exe&cb=-1639313468&hashstring=asasdasdaS&usefilename=true&executableroutePath=1202481&stub=true

Remove adobe_flash_player-27099807.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.