» adobe_flash_player.exe
Overview
Analysis
File Details
Downloads (2)

adobe_flash_player.exe

The executable adobe_flash_player.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from storage.googleapis.com and multiple other hosts.

File name:

MD5:

a1c41188dd35abcf64ad0110fa782569

SHA-1:

c9d1b51527b8d3fb48c9624abf2e250aedc5ff34

SHA-256:

51b6ab1ac27a2da5bcef609ea2ab5c700de73054c4e8bc8a6614cfab589d1b3f

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/27/2024 3:50:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2472784

604

Avira AntiVirus

TR/Dldr.Banload.1645568

8.3.1.6

Arcabit

Trojan.Generic.D25BB50

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150611

AVG

Downloader.Banload2

2016.0.3082

Baidu Antivirus

Trojan.Win32.Banload

4.0.3.15611

Bitdefender

Trojan.GenericKD.2472784

1.0.20.810

Emsisoft Anti-Malware

Trojan.GenericKD.2472784

8.15.06.11.01

ESET NOD32

Win32/TrojanDownloader.Banload.VUZ (variant)

9.11766

Fortinet FortiGate

W32/Banload.VUZ!tr.dldr

6/11/2015

F-Secure

Trojan.GenericKD.2472784

11.2015-11-06_5

G Data

Trojan.GenericKD.2472784

15.6.25

IKARUS anti.virus

Trojan-Downloader.Win32.Banload

t3scan.1.9.5.0

K7 AntiVirus

Trojan-Downloader

13.204.16204

Malwarebytes

Trojan.Banker

v2015.06.11.01

McAfee

Artemis!A1C41188DD35

5600.6738

MicroWorld eScan

Trojan.GenericKD.2472784

16.0.0.486

nProtect

Trojan.GenericKD.2472784

15.06.10.02

Trend Micro House Call

Suspicious_GEN.F47V0608

7.2.162

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

41010

File size:

1.6 MB (1,645,568 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\adobe_flash_player.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:0exeAeSWDAZkqxPYNxdhdm9XNp1EAk6YJgvX6dAeWz1U0hxW9k44bIy1E3KITU+N:vx+Nx72Np1E4dvquVzhxNj1KTP3T7

Entry address:

0x152CE8

Entry point:

55, 8B, EC, 83, C4, F0, B8, F0, 26, 55, 00, E8, 90, 3C, EB, FF, 68, 5C, 2D, 55, 00, 6A, 00, 6A, 00, E8, 3E, 3F, EB, FF, E8, D1, 40, EB, FF, 3D, B7, 00, 00, 00, 75, 07, 33, C0, E8, F3, 15, EB, FF, A1, 64, F2, 55, 00, 8B, 00, E8, 07, 51, F1, FF, 8B, 0D, 70, F4, 55, 00, A1, 64, F2, 55, 00, 8B, 00, 8B, 15, 40, 0A, 55, 00, E8, 07, 51, F1, FF, A1, 64, F2, 55, 00, 8B, 00, C6, 40, 5B, 00, A1, 64, F2, 55, 00, 8B, 00, E8, 70, 51, F1, FF, E8, DB, 14, EB, FF, 00, 00, 00, 36, 35, 37, 36, 35, 37, 2D, 66, 67, 68, 68, 66... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.3 MB (1,383,936 bytes)

The file adobe_flash_player.exe has been seen being distributed by the following 2 URLs.

http://storage.googleapis.com/flash-player/.../Adobe_Flash_Player.exe

http://storage.googleapis.com/adobe-flash-player/.../Adobe_Flash_Player.exe

Remove adobe_flash_player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.