» adobe_flash_player-78233303.exe
Overview
Analysis
File Details
Downloads (21)
Network (1)

adobe_flash_player-78233303.exe

All Team Interactive

The application adobe_flash_player-78233303.exe by All Team Interactive has been detected as a potentially unwanted program by 6 anti-malware scanners. The file has been seen being downloaded from intva31.castlerockcyberspace.info and multiple other hosts.

File name:

Publisher:

All Team Interactive (signed and verified)

MD5:

cadf0b61382488ea899d70e59884d6d5

SHA-1:

6b6adccaa920ec6d11d706aca954cead4379f47b

SHA-256:

b9f1dffdc773979488286108e05829373c0c3f6f17e85d942a1e148d0a5da8e6

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

5/15/2024 1:40:35 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-160709

Dr.Web

Trojan.Vittalia.12509

9.0.1.05190

IKARUS anti.virus

PUA.DownloadAdmin

t3scan.2.1.6.0

Kaspersky

not-a-virus:Downloader.Win32.DownloAdmin

14.0.0.-66

Qihoo 360 Security

QVM20.1.Malware.Gen

1.0.0.1120

Reason Heuristics

PUP.Vittallia.AllTeamI (M)

16.7.11.8

File size:

493.3 KB (505,120 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\adobe_flash_player-78233303.exe

Digital Signature

Signed by:

All Team Interactive

Authority:

GoDaddy.com, Inc.

Valid from:

5/20/2016 1:20:39 AM

Valid to:

5/20/2017 1:20:39 AM

Subject:

CN=All Team Interactive, O=All Team Interactive, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00FF26C9A9BE826C7C

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

3.0

CTPH (ssdeep):

12288:5dALv+Mv3eWYKyR8KaAQ3jcGeh3XqNHTgHyMB7knZnl1/pBfUwbO:5GLv+kuZbR8KaAQ3jcXRatTgSMAlDBfW

Entry address:

0x3D2A0

Entry point:

C6, 05, 50, E2, 43, 00, 00, B9, 00, C0, 47, 00, BA, 04, C0, 47, 00, B8, 50, F8, 46, 00, E8, 65, FF, FF, FF, E8, 70, FF, FF, FF, B8, 30, F8, 46, 00, E8, E6, 3B, FD, FF, C3, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.1754

Code size:

240.7 KB (246,496 bytes)

The file adobe_flash_player-78233303.exe has been seen being distributed by the following 21 URLs.

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78342467&ephemeral=1&filename=adobe_flash_player.exe&cb=-631455191&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78421865&ephemeral=1&filename=adobe_flash_player.exe&cb=-897377182&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78613536&ephemeral=1&filename=adobe_flash_player.exe&cb=-423111511&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.arrowheadsoup.info/dl-pure/1203367/.../?bc=1203367&checksum=79926618&ephemeral=1&filename=adobe_flash_player.exe&cb=1760897221&hashstring=45Gfwjid7sCB&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78483377&ephemeral=1&filename=adobe_flash_player.exe&cb=1521478211&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78415854&ephemeral=1&filename=adobe_flash_player.exe&cb=-1438544921&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78590894&ephemeral=1&filename=adobe_flash_player.exe&cb=-1550113183&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78485225&ephemeral=1&filename=adobe_flash_player.exe&cb=-563213577&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78430603&ephemeral=1&filename=adobe_flash_player.exe&cb=873000554&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78543210&ephemeral=1&filename=adobe_flash_player.exe&cb=1614049369&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78294419&ephemeral=1&filename=adobe_flash_player.exe&cb=976771610&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78309944&ephemeral=1&filename=adobe_flash_player.exe&cb=273746198&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78631789&ephemeral=1&filename=adobe_flash_player.exe&cb=1228543601&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78517022&ephemeral=1&filename=adobe_flash_player.exe&cb=87158530&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78638296&ephemeral=1&filename=adobe_flash_player.exe&cb=-344641954&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78593313&ephemeral=1&filename=adobe_flash_player.exe&cb=289873373&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78506691&ephemeral=1&filename=adobe_flash_player.exe&cb=-2071337900&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78480977&ephemeral=1&filename=adobe_flash_player.exe&cb=-1465219440&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78475934&ephemeral=1&filename=adobe_flash_player.exe&cb=598807348&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78383052&ephemeral=1&filename=adobe_flash_player.exe&cb=-1684559321&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

http://intva31.castlerockcyberspace.info/dl-pure/1203367/.../?bc=1203367&checksum=78603753&ephemeral=1&filename=adobe_flash_player.exe&cb=1626590911&hashstring=9PfgoQRWtFP6&usefilename=true&executableroutePath=1203981&stub=true

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-6-18-250.compute-1.amazonaws.com (52.6.18.250:80)

Remove adobe_flash_player-78233303.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.