home

adobe_flash_player.exe

The executable adobe_flash_player.exe has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.wholefolderuniverse.com and multiple other hosts.
Version:
1.0.0.0

MD5:
126ec093612089c2a0d314d28465d01f

SHA-1:
50ca2a326fcf626eef0d6f16f4d2bdef85c12ef3

SHA-256:
70f9207bf582251555e1b5cc1b572dc90c38807b4ccc1621204dd29e7b87e19d

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
5/9/2024 12:48:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Jaik.8042
549

Arcabit
Trojan.Jaik.D1F6A
1.0.0.425

avast!
Win32:Malware-gen
2014.9-150804

Baidu Antivirus
Trojan.Win32.Ransom
4.0.3.1584

Bitdefender
Gen:Variant.Jaik.8042
1.0.20.1080

Emsisoft Anti-Malware
Gen:Variant.Jaik.8042
8.15.08.04.07

G Data
Gen:Variant.Jaik.8042
15.8.25

Kaspersky
Trojan-Ransom.Win32.Mor
14.0.0.1631

MicroWorld eScan
Gen:Variant.Jaik.8042
16.0.0.648

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
42144

File size:
458.5 KB (469,504 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\adobe_flash_player.exe

File PE Metadata
Compilation timestamp:
7/14/2015 6:02:22 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:al2tgs5LN+PuAOAiL9i7a8J+rcRFp4FTBMbZMsh:aQtgshN+PJ+wRFeFTGFMsh

Entry address:
0x51534

Entry point:
55, 8B, EC, B9, 22, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 60, CA, 44, 00, E8, 68, 87, FB, FF, 33, C0, 55, 68, 4A, 1C, 45, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, 22, 1C, 45, 00, 64, FF, 30, 64, 89, 20, B2, 01, A1, E8, 24, 43, 00, E8, A8, C7, FE, FF, 8B, D8, 8D, 55, EC, B8, 68, 1C, 45, 00, E8, B5, B1, FF, FF, 8B, 55, EC, 8B, C3, 8B, 08, FF, 51, 38, 8D, 55, E8, B8, 58, 1D, 45, 00, E8, 9E, B1, FF, FF, 8B, 55, E8, 8B, C3, 8B, 08, FF, 51, 38, 8D, 55, E4, B8, 34, 1E, 45, 00, E8, 87, B1, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
324.5 KB (332,288 bytes)

The file adobe_flash_player.exe has been seen being distributed by the following 2 URLs.

http://cdn.wholefolderuniverse.com/c?x=dcejTSpRQ1GadB7y3QpKsAJC6Ff7b4QHh Fwg65x Aw=&c=mrRmRbkGo9I3dCYPZeThL1rrNsJnc/IUahgQG3j/C6D0q8f1BGMbB9dR0EB LSJv9GWRT1eAvKpKAMLoiZTqcoyLfUms1lKeQjkeE1juA77K4cHhkuBSmoqOt0STA g1&fallback_url=http://cdn.coinisrepository.com&downloadAs=adobe_flash_player.exe

https://storage.googleapis.com/adobe-flash/.../Adobe_Flash_Player.exe

Remove adobe_flash_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.