» adobe_flash_player.exe
Overview
Analysis
File Details
Downloads (85)

adobe_flash_player.exe

flash setup

OOO ELEKTRO-KOD

The application adobe_flash_player.exe by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from testupgrade.nowuptime.download and multiple other hosts.

File name:

Publisher:

OOO ELEKTRO-KOD (signed and verified)

Product:

flash setup

Version:

1.0.0.0

MD5:

585af155eaf2687260e0baf67eaa36ca

SHA-1:

ae410b3bb0ba04e2a1f8ad4ab1282cfe67cb9ac8

SHA-256:

2591b547116d8f17e2171f18bcaff1b12f0d35a2287562859bd7fe5560eb576c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 11:39:41 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.OOOELEKT.Installer (M)

16.5.16.13

File size:

81.1 KB (83,008 bytes)

Product version:

1.0.0.0

Original file name:

Flash.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\adobe_flash_player.exe

Digital Signature

Signed by:

OOO ELEKTRO-KOD

Authority:

COMODO CA Limited

Valid from:

7/6/2015 1:00:00 AM

Valid to:

7/6/2016 12:59:59 AM

Subject:

CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="ul. Ibragimova, d. 35 str. 2 Pom I Komn 14", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

705F063CA94054E944AA5E217181FF04

File PE Metadata

Compilation timestamp:

5/16/2016 10:53:47 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:iEljrEd9f2J7Yj+aaq5HywxP77bf3maO0BJ0r4Z011zYcHeFZGhi:ZlrC9f2Bxaaq5Db3zTBuMZAUFIhi

Entry address:

0x384E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

6.5 KB (6,656 bytes)

The file adobe_flash_player.exe has been seen being distributed by the following 50 URLs.

http://testupgrade.nowuptime.download/dl.php?gyterh=2IoEeC7_3Qqcv4ZGCdA_8-hpaDsMjH5dIUOAGEfjnpw.&cid=16705767811463525855&conversion_id=14635258579973&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=e1imr68oPwm5B7Xns_2bHqY-ndjDTNCy9NgZfcUNCf8.&lpp=*-*-*

http://lastversion.app4com.online/dl.php?gythgtu=5ajM9B-i7T-4pIEhpN9uspgqXJrQFBm55sP5XLAOLx4.&sid=M_41845285e0f49f219e1463684937&sub=15&ref=wegotmedia.co&tid=JMC1151_XrkQZvrplg-PdRDBXiCPaa&pid=15&site=BaHFGckhqDWOh7vacAlZsULpQobHRrDQM6uckyIIJVQb3w&conversion_id=14636849370852&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=9waiXg3830pP13Xcoa_PfihFBAcCTuLGbCkLGhgQwsE.&lpp=*-*-*

http://newsoftready.readynewsoft.download/dl.php?rtghj=i3tCnE120uiRPGos8JmbRCR_GKOWydR8OoYMObPkBtY.&cid=10915&sid=10221d194cc61d1b8f2580e9fcd877&conversion_id=14636182496598&app_id=63&lp_id=1391&v=tribat&stub_id=305&v_id=b6U-waRU76GJiysDQXS0wWoV3iUU7_HDiK0fdUKFkeU.&lpp=*-*-*

http://soft4update.install4freealways.tech/dl.php?pcl=GGV_Pu71bPhU1fj6-XpWEl_dWmYEEwvaFUfmluMZi4I.&cid=8&sid=[SUB_ID]&conversion_id=14635930988268&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=f_HFl4FFf2GI--qL81dFGVp-jFafTx-lQkDWo_KSqOM.&lpp=*-*-*

http://getsoftnow.check4upgrade.xyz/dl.php?frhgt=qU3Z7XUlfImHuT1FQ4EPPqG1uIwy8JoStrTO-HH4cqA.&cid=1463450615mb50665464332&conversion_id=14634506149359&app_id=4&lp_id=1590&v=tribat&stub_id=305&v_id=U3n6B2FpHpqFD06dT_J0BbBjOJ6COOJN4rhEKLXMNgY.&lpp=*-*-*

http://nowuptime.readynewsoft.online/dl.php?fdg=zfhHF5uIJPwUCaQYl1z7-xUZ2Mfj7SDh7iR5biCspo8.&cid=18388433401463573991&conversion_id=14635739966153&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=sbU6YUb4CfekfqvGZcvEwe4G-YrU4NGPKISx2i9Dk3E.&lpp=*-*-*

http://testpc24.ready4maintain.download/dl.php?gthy=0ZK6LYwE9Q89ZaLgS0HdFWuVwpKYydTITyVX2MxrCbo.&cid=10541416471463422977&conversion_id=14634229796132&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=vnbtInJZiXR3OwcRWhbj18AUfNRSc6FH1c_m5_P1nRI.&lpp=*-*-*

http://nowuptime.readynewsoft.online/dl.php?fdg=C0J90ZhzVoiyjBU3bhWsnqgSeXFv2xI8KhUegZpEUX0.&cid=353443411463600391&SUB_ID=971179&conversion_id=14636003931301&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=6wBQO_z_7cIcFIEOfzFeDQJaoY01euMf2F_DUk-91UI.&lpp=*-*-*

http://softnewready.readynewsoft.tech/dl.php?yhjhj=Gi6gmafVORg6oQtjQMW4EPNrzcThFFviApHfLKbN6mc.&cid=13298978711463611690&SUB_ID=983188&conversion_id=14636116916583&app_id=4&lp_id=1663&v=tribat&stub_id=305&v_id=PJi3w7M6wN8hMe02qXgLHZzQTDUYBUu3qM0Cxs3_NZQ.&lpp=*-*-*

http://soft4update.install4freealways.tech/dl.php?pcl=Fgpsb5_0EEq9XI_O0QViPaSKgkibIftbZv3o0I39ENI.&cid=P23P9R4635689035708183647&sub=4225&conversion_id=14635689052147&app_id=63&lp_id=1427&v=tribat&stub_id=305&v_id=Q-Qq2QxjikNO11xW0zJeZ94qqrvD_MUTkz73hfPNAyg.&lpp=*-*-*

http://free4allup.upgradecircle.xyz/dl.php?thjyrt=HiSvyqPAqCGeu7h6NkXhgEy10utlaoxIX2-QvPi-XJs.&cid=194842131252&sid=565629&conversion_id=14636469972181&app_id=4&lp_id=1672&v=tribat&stub_id=305&v_id=-9EWE5oY8GLyABrpVMutLF_FMgMYwLeGFCG-Z0M5BI4.&lpp=*-*-*

http://updatesoftware.nowuptime.tech/dl.php?hyujtr=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=193256584273&sid=276239&conversion_id=14635637600617&app_id=4&lp_id=1674&v=tribat&stub_id=305&v_id=Fxw3sQLyoJlpeno0QL9NLI6Y5JPe63ZSESNFB8vA-Ek.&lpp=w10*-*-*

http://testpc24.nowuptime.download/dl.php?gyterh=MDYFLcmc8ZrwpuJzcGX6a0wVgA6VfAYfBDfeSHwJbdM.&cid=6286_7496418182_R4pn0&conversion_id=14635348803384&app_id=4&lp_id=1618&v=tribat&stub_id=305&v_id=f4STJtDmaJY_g0286R2pSyp6G0HLCErh02zH3aCpfwY.&lpp=*-*-*

http://2nowup.newsoft2install.website/dl.php?hdfgd=BG73UspPEbQYkpX4gXVuF3cPp2GMb_t7fBPtuJ9wctE.&cid=adkm_r9No6TixGkkQulKQwKUkHq-zOW_b6No7CiZvff9Qv5yWE3S76otdsfHdy_LW-U9FsVCEZsj3lQOB90NqbqxlOVmvvU8OJXhVbjBsVP7UkWo86qPe8dat13V4z6sO3R9zN9vlfthBGkduyPtsbZLwbCgxKblWM76hJZyG4-7TeBYk2NJGRCciwU-pQ1oybXo4bc2NJb_Q8PQPbJlUkK4FNdujB87MVkEjWfaT9OTtt8dffKaPbz-VRpG_0SJMVRf6jXTGzge-JwhCZztT7_SJcNz5zdYRFXj6Kwy4ceAkbjXmgpAP5bthnJsa_j2Zf-Lq_TtyMr-9wmM3hsdjHmruCvNaoTYXRTECi7plE4NqqOOklnfxJBnkDuNntjLPuv4MRBxZ1xBCz4ppvCOXl1gJr8rUHeGNSn0p-WN_pdo92Xuvxgv6niTPKDOXxVUiZU5Tj5rWB41hQacsVvOppfYYIPbyP8BnHA_VQJp1DqwtOc5LAw&sid=73748432&qs1=559&conversion_id=14636756546740&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=n6iLVfkiO-9SU4wB5NeqJ4Y3keoAhxBceCqcZ7G9rr8.&lpp=*-*-*

http://nowcheck.ready4newsoft.online/dl.php?gtyreh=44qzaB45lQGnw9sT1vTWQ1UsYo5-Lqz2FRZIQMEZkuk.&cid=eu3le53admtdddfmdcya&subid=2279&conversion_id=14634028459142&app_id=4&lp_id=1666&v=tribat&stub_id=305&v_id=Ann-MXugl7Z8xDcIfT96ASWrHdh0l5J_Lb_w1z25PtE.&lpp=*-*-*

http://2nowup.newsoft2install.website/dl.php?hdfgd=44qzaB45lQGnw9sT1vTWQ1UsYo5-Lqz2FRZIQMEZkuk.&cid=eu128oqei0egfdqecs0j&subid=2279&conversion_id=14636405588624&app_id=4&lp_id=1674&v=tribat&stub_id=305&v_id=KxfoWIk4QC2z-sS0hTWVZKJ9gaAn540nMbxjEXYDnWc.&lpp=*-*-*

http://softwareupdate.nowuptime.download/dl.php?gyterh=5ajM9B-i7T-4pIEhpN9uspgqXJrQFBm55sP5XLAOLx4.&sid=M_41636066b921aea7f81463521818&sub=15&ref=wegotmedia.co&tid=JFC903_QBMjZEhbYd-PdRDBXiCPaa&pid=15&site=BaHFGckhqDWOh7vacAlZsULpQobHRrDQM6uckyIIJVQb3w&conversion_id=14635218143587&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=-pLgV5-Hg7sy3GAx6lCEZa6rT9C8kMjSL72FuHQMPdA.&lpp=*-*-*

http://2nowup.newsoft2install.website/dl.php?hdfgd=S_jTzbaCeqY-7A67ZDBHFSrO_sjyRBx58EOys_NsZ9I.&cid=xdDHrDV05YPIp9gAnvKmE_evh94gnoXTje_u74C6GTmdG0PEhQQQCJChcTS028TowmL4xDzX2Q4OUvOdpajRgFGo573Yj_JQPrgbR_Jj7W2MPCH9fWXG&qs1=&conversion_id=14636116195707&app_id=4&lp_id=1509&v=tribat&stub_id=305&v_id=4tnhKqCy2ijfWg1rkQWDI7YbwiI85kwrte19hmi8hj0.&lpp=*-*-*

http://readysoft.install4freealways.website/dl.php?hage=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=178498682271&sid=63230&conversion_id=14635087574798&app_id=4&lp_id=1671&v=tribat&stub_id=305&v_id=syKFrQehN5opgEm-_s1TKxbHUBMDMKP7XmUvuBh2UFk.&lpp=w10*-*-*

http://12updatenew.nowuptime.top/dl.php?gyhrju=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=194236104042&sid=107537&conversion_id=14635323624915&app_id=4&lp_id=1681&v=tribat&stub_id=305&v_id=5UkIpxnLeZqyzOfuNv1EhuaX1qRqKIZTcFsm8le4IJ0.&lpp=w10*-*-*

http://now.noteupgrade.xyz/dl.php?hyutrj=GGV_Pu71bPhU1fj6-XpWEl_dWmYEEwvaFUfmluMZi4I.&cid=8&sid=[SUB_ID]&conversion_id=14636878299911&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=0W06S7NKrTZl3i7y7L0kB2ta-PbKTIskJ-_tobwKcdQ.&lpp=*-*-*

http://soft4update.install4freealways.tech/dl.php?pcl=GGV_Pu71bPhU1fj6-XpWEl_dWmYEEwvaFUfmluMZi4I.&cid=8&sid=[SUB_ID]&conversion_id=14635261360073&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=zP8JLo-sWTTk2f8wQLOSoka5INnnbh4jJDfmCAa2fXU.&lpp=No match

http://alwaysnew.newsoft2install.website/dl.php?sfega=9Iew1aL_t8TO8-yJ2i4KbqnNa5I5mEDs_XUGlH-hKWY.&cid=5b72zEREi0jiyuOLcsiVw0Hy4wE6bi6eOcQutk2byAgEqSfozK8PL3Ln3oLGCloAKZ5eI7mNoxnR69tvanBXCFKZ78f_Xe-Yw9Ta96fSLI9U_zO5LE&qs1=&conversion_id=14636606703897&app_id=4&lp_id=1509&v=tribat&stub_id=305&v_id=uBbahQXONym8M_pCGJTjX19jq2O21217kdRpSKYIxpc.&lpp=*-*-*

http://upgrade12check.install4freealways.online/dl.php?mncs=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=192705923443&sid=90446&conversion_id=14634529233761&app_id=4&lp_id=1681&v=tribat&stub_id=305&v_id=4AMX39BFhQiToBbzUIgzb4O9fseNICcR1BqwmOsVnNI.&lpp=w10*-*-*

http://24upgradecheck.install4freealways.online/dl.php?mncs=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=178044490051&sid=332522&conversion_id=14634211216174&app_id=4&lp_id=1681&v=tribat&stub_id=305&v_id=uJc9Zc5KFQ_UcGudmLoUm0pQWHKs5B3-4MvbiQSdZVs.&lpp=w10*-*-*

http://soft4update.install4freealways.tech/dl.php?pcl=L8Qvh1T1ybclQwAJiWpKlFbQ_ZrSjNjvMrKdzF1G2Sg.&cid=P23P10R4635290065199763940&sub=4175&conversion_id=14635290072481&app_id=4&lp_id=1518&v=tribat&stub_id=305&v_id=RyHCEkYxSnwF9xJsO3n6lY0KDUAx1f7dEAcoTBuexec.&lpp=w10*-*-*

http://updatesoftware.nowuptime.tech/dl.php?hyujtr=HiSvyqPAqCGeu7h6NkXhgEy10utlaoxIX2-QvPi-XJs.&cid=194382783002&sid=366832&conversion_id=14635643595694&app_id=4&lp_id=1681&v=tribat&stub_id=305&v_id=jcyyHf0tXnDFoYT15FTm-nmOsosRgAHwnTQdve0VPtQ.&lpp=w10*-*-*

http://alwaysnew.newsoft2install.website/dl.php?dfgg=wksUAETo6OofhirdeZDp_6fX-OatEflanyp5UuoiaBU.&cid=MTI3MjI0NnxzdHJlYW10b3JyZW50LnR2fFVTQXx8MTMxNzcwMjB8fHwxOTAzMzU4fDEwNy4xMzkuMjQ1LjU5fDQ5NHwzMXx8NDF8MnwzfDB8MHx8fDF8MHwxNjAweDkwMHx8MTN8fDF8MHxzdHJlYW10b3JyZW50LnR2fDB8MHwwfDUwMGY5NjhkMDJhNjIwNDFlMzBjNjQ0MTIzYTlhNzAz&sub=streamtorrent.tv&conversion_id=14636326326927&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=bkBDzFjsk0mOX9cpH3eEhzBvG0-yVi5Ib4inYoftHPo.&lpp=*-*-*

http://update2now.readynewsoft.top/dl.php?gthyer=Ng4WtNxhGPEQZdqC1dWAshWscO8dCXLx14dzm1z-R-E.&cid=193410552053&sid=90446&conversion_id=14635911223731&app_id=4&lp_id=1674&v=tribat&stub_id=305&v_id=76klvEx7xu4L0vn794e21aloooaZFa5goeJhKlo36Hk.&lpp=*-*-*

http://soft4update.install4freealways.tech/dl.php?pcl=L8Qvh1T1ybclQwAJiWpKlFbQ_ZrSjNjvMrKdzF1G2Sg.&cid=P23P13R4636229464874153926&sub=4175&conversion_id=14636229473154&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=wf-tcEazX3sWTcaaPeXf-dtDd2Z1-cRvQSLsbPYSYvg.&lpp=*-*-*

Latest 30 of 85 download URLs

Remove adobe_flash_player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.