» adobe_flash_player.exe
Overview
Analysis
File Details
Downloads (2)

adobe_flash_player.exe

Internet Explorer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable adobe_flash_player.exe, “Autoextrator de arquivo de gabinete Win32 ” has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from storage.googleapis.com and multiple other hosts.

File name:

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Internet Explorer

Description:

Autoextrator de arquivo de gabinete Win32

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:

2211c81510c8a3d42c053af5bf8ba63d

SHA-1:

b95c5b5e995f9c34111f5165d534a9f5db426118

SHA-256:

d5ee926821a9a58ddf33da78a22eed6ac94c611528e6617f321683c5a3f9c3d4

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/26/2024 6:22:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2765364

478

AhnLab V3 Security

Trojan/Win64.Agent

2015.09.10

Avira AntiVirus

TR/Spy.Banker.1517568.1

8.3.2.2

Fortinet FortiGate

PossibleThreat.SB!tr.dldr

10/15/2015

IKARUS anti.virus

Trojan-Banker.Win32.BestaFera

t3scan.1.9.5.0

Kaspersky

Trojan-Banker.Win32.BestaFera

14.0.0.1274

McAfee

Artemis!D636A53A1AFF

5600.6612

MicroWorld eScan

Trojan.GenericKD.2765364

16.0.0.864

Panda Antivirus

Generic Suspicious

15.10.15.04

Qihoo 360 Security

HEUR/QVM41.2.Malware.Gen

1.0.0.1015

File size:

927 KB (949,248 bytes)

Product version:

11.00.9600.16428

Original file name:

WEXTRACT.EXE .MUI

File type:

Executable application (Win32 EXE)

Language:

Brazilian Portuguese

Common path:

C:\users\{user}\downloads\adobe_flash_player.exe

File PE Metadata

Compilation timestamp:

10/14/2013 2:50:27 AM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:jQSx5K8EQu5aUxv/QpPeG7LZbv4UkFnFM8Hg71sTU2Bvts:jQyEQ9+v/oPeG79kJxwS7+

Entry address:

0x67CC

Entry point:

E8, 07, 0B, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 58, 68, 68, 75, 40, 00, E8, BD, 0B, 00, 00, 33, DB, 89, 5D, E0, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, 70, A1, 40, 00, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 8B, F3, BA, EC, 88, 40, 00, 8B, CF, 33, C0, F0, 0F, B1, 0A, 85, C0, 74, 07, 3B, C7, 75, 16, 33, F6, 46, 83, 3D, F0, 88, 40, 00, 01, 75, 17, 6A, 1F, E8, 30, 09, 00, 00, 59, EB, 43, 68, E8, 03, 00, 00, FF, 15, 6C, A1, 40, 00, EB, C8, 39, 1D... 
[+]

Code size:

25.5 KB (26,112 bytes)

The file adobe_flash_player.exe has been seen being distributed by the following 2 URLs.

https://storage.googleapis.com/.../Adobe_Flash_Player.exe

Remove adobe_flash_player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.