» adobe_flash_player.exe
Overview
Analysis
File Details
Downloads (1)

adobe_flash_player.exe

OOO Kod-Intertainment

The application adobe_flash_player.exe by OOO Kod-Intertainment has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from lastworking.freeupdatewindow.com.

File name:

Publisher:

Astalavista (signed by OOO Kod-Intertainment)

Description:

Download Manager

Version:

1.3.2.1

MD5:

06289f07d1e7285199bb4ca0fc735b0f

SHA-1:

45d2429bc296333788cac12bf8efca58a2ec24e4

SHA-256:

763aaba67561006afd059212640a40067ecc8dd5fd3784b78bc38513e6837479

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/19/2024 9:06:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize.OOOKodIn (M)

16.6.24.6

File size:

111.2 KB (113,824 bytes)

Product version:

1.3.2.1

Original file name:

PreInstaller.NET.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\adobe_flash_player.exe

Digital Signature

Signed by:

OOO Kod-Intertainment

Authority:

COMODO CA Limited

Valid from:

2/5/2016 1:00:00 AM

Valid to:

2/5/2017 12:59:59 AM

Subject:

CN=OOO Kod-Intertainment, O=OOO Kod-Intertainment, STREET="d. 9 str. 1 of. 36, Sukharevski M. per.", L=Moscow, S=Moscow, PostalCode=127051, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00CC0E842B9BEC5B956C956FBCB6FC721B

File PE Metadata

Compilation timestamp:

3/28/2016 2:28:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

48.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:rqpqUvXEOPFHQaqUKP0kf7nSO6XvlyUpVE+6GAdo0FGPOKohmSYue:2pqU/EnckfDSO6XvlyUpVE+6GAdo0FG5

Entry address:

0x19A6E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

95 KB (97,280 bytes)

The file adobe_flash_player.exe has been seen being distributed by the following URL.

http://lastworking.freeupdatewindow.com/dl.php?yuytr=Tn1JItqcMz4vXmXP9W95zXy31KGvBXuSum24o_dQLB0.&cid=JEHkF7Pu0ZQ7_uNAL7YBzGWLr1ik4eJ513F_aOPaw9R-R3XoeA71-79zUuXdl19z4mULuiKoM7thHBnDpO9kXBMhkRXkr19dC4b4kDqK8uuF9k1CLPXdA4rqS2Ojnq5G4FNb7jZ3TaCTo4UvQCQYjsItUXaM8tvGrw667G3l0lkBFVKhJjG-tBoYZijCUw-p_J1d_WTZKm2iaKGNFj4-Z0xLQsAM0_tmEfI1LxnWuVqHa2frvTS5AopsMn4F0ej1yDkWPsQhtESKXQrDqN8g5xdo9q_P3LD6ybGfOWOU2v0K7uTbfqAs10xISkNW1_3OurG4ZL0GkOszYujwHZn0DNknT2oRT7CqEEiBnf9-CSNYjxqDFiWCTWnKFe-g3wEKJdwe8pzVZ2ylgdZaXxF9MJxSpYpHCnUwhSRsNdwER6Qbkgc9SbQvzKKggKHsoGm4ofrvoETxbgYqYbewlkega-9guqgIqNZ3cw&sid=[SUB_ID]&conversion_id=14598339590821&app_id=4&lp_id=1003&v=coin&stub_id=285&v_id=E6umnLyP91h09-4wyXewbpXbBXCRcW3eWue1e8-gYsk.&lpp=*-*-*

Remove adobe_flash_player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.