home

adobe_flash_setup.exe

flash setup

OOO ELEKTRO-KOD

The application adobe_flash_setup.exe by OOO ELEKTRO-KOD has been detected as a potentially unwanted program by 2 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from nowsetup.freesearch4u.xyz and multiple other hosts.
Publisher:
OOO ELEKTRO-KOD  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
37001dc0582a5947223cc14802c79566

SHA-1:
1061996bceac26ff31e8334ad3c420872a3b4b0f

SHA-256:
31281a6c201e2a60138e7babfc1c3818ce614a85407fa171051b7776a053ec1a

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/20/2024 1:07:59 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.InstallCore.1954
9.0.1.05190

Reason Heuristics
PUP.OOOELEKT.Installer (M)
16.4.23.13

File size:
187.1 KB (191,568 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\My documents\downloads\adobe_flash_setup.exe

Digital Signature
Signed by:
OOO ELEKTRO-KOD

Authority:
COMODO CA Limited

Valid from:
6/8/2015 12:00:00 AM

Valid to:
6/7/2016 11:59:59 PM

Subject:
CN=OOO ELEKTRO-KOD, O=OOO ELEKTRO-KOD, STREET="109428,GOROD MOSKVA,,,,ULITsA IBRAGIMOVA,35, 2,I KOMN.14,", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D1727DFA82A3E28C73A633A65CE817E4

File PE Metadata
Compilation timestamp:
4/17/2016 12:08:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:ev2+JpflYXI6/bRtMUeTkHHRAzQ4IbLHhxy/jJdurUh1T/WLwA6Fiq:evjJpflYX9b4QUQ7hxyLur+YMFL

Entry address:
0xC39E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, E0, 01...
 
[+]

Entropy:
6.3831

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41 KB (41,984 bytes)

The file adobe_flash_setup.exe has been seen being distributed by the following 50 URLs.

http://nowsetup.freesearch4u.xyz/dl.php?sfsfh=6_9TsBDefaYWzThCKByL2fn6NnIWvXofYBCoo5l4ZGE.&subid=VjJ8MzA2MjJ8MjUxOTc3fDQwMTE5MXwxNDYxNTMwMzgzfGJkYWIwODM1LWQwNGUtNDExYS1jMTI2LTc5MzhmZDc3OTY4NHw3Ny4yMDEuMTc1LjEzN3x8MXw4NWMyN2VlZTU2YTQ5NDRmMmVkNTAxODZjMzg0MDhiZQ==&conversion_id=14615303904104&app_id=129&lp_id=1311&v=tribat&stub_id=305&v_id=aRlx0jfDseUkKNh8He3lM0EJ_tcU6OF8A4uABgFu8Oo.&lpp=*-*-*

http://safe.soft2download.website/dl.php?gwzter=E8AeT_i_eNx1fVDaFVIiw5vdn2LPPK_lhvVy7iBWfEw.&cid=MzAwNyMxMjEwMiM5NzIjMjA2NjZ8MjgyMzU2fEFFfDN8MXx8WlhCdFlXUnpYM2RwWkhSbypNekF3flkyZyp-ZEhvKk5TNDF-WTJ4cFkycyp-ZEdGeVNXUSpaWEJ0WVdSekxXVmpaV1pqT1dRd05qWmxNelpoT0RrMFlXTXlPVGM1WlRrMU9EUXpNR1UwTFRNd01IZ3lOVEF-WlhCdFlXUnpYMmhsYVdkb2RBKk1qVXd-Y21WeGRXVnpkRkpsWmcqYUhSMGNEb3ZMM2QzZHk0MGMyaGhjbVZrTG1OdmJTOW5aWFF2YVRSV2FqQnZjM1JpWVM5SVpXRmtSbWx5YzNSUVRWQmZVSEpoWTNScFkyVlFUVkJGZUdGdExtaDBiV3d-ZEEqTVRRMk1UWXdNall4TnpRNU1nfmRnKk1RfmNtVnhkV1Z6ZEZWeWJBKmFIUjBjRG92TDJWd2IyMWhaSE15TGpSemFHRnlaV1F1WTI5dEwyRmtjejkyUFRFbWEyVjVQV0UzT1RGaE1XVmpPREZqTXpGa1l6bGlNR1l6Tnprd05EazFZakJsWkRBMkpuUmhja2xrUFdWd2IyMHRZVGM1TVdFeFpXTTRNV016TVdSak9XSXdaak0zT1RBME9UVmlNR1ZrTURZbVkwbGtjejBtWVdSelEyRnRjR0ZwWjI1TFpYazlNVFEyTVRZd01qWXhOVFE0TkNaamFEMG1ZMnhwWTJzOUpuUjZQVFV1TlNaMFBURTBOakUyTURJMk1UWTNOVGttY21WeGRXVnpkRlZ5YkQxb2RIUndKVE5CSlRKR0pUSkdkM2QzTGpSemFHRnlaV1F1WTI5dEpUSkdaMlYwSlRKR2FUUldhakJ2YzNSaVlTVXlSa2hsWVdSR2FYSnpkRkJOVUY

http://safe.soft2download.website/dl.php?gwzter=0ZK6LYwE9Q89ZaLgS0HdFWuVwpKYydTITyVX2MxrCbo.&cid=14094297571461602589&conversion_id=14616025917141&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=pQY9SySJYYkiFbwzfNlFb_CpMQvOlPH9Tq8PrW8WlBo.&lpp=*-*-*

http://safe.soft2download.website/dl.php?zhrj=JEZUCP9ythHm1KfOKYRUzQJerVL6zvgzPdolGyU62F0.&cid=174747968837&conversion_id=14614425746212&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=hz7o1_fa7eW__fU6v-YGZqdh1CabJxBvFQWvpfaoWJQ.&lpp=*-*-*

http://newupdate.softupdate4free.tech/dl.php?ade=F7Xnn4IxP_1pTeLyr7joswYyi-qU1anoOE1G9M0Q760.&cid=VjJ8Mzc2NDA2M3wyODM4NDl8MzYwNTc2fDE0NjE1MzExNjJ8ZjlmYWJkN2ItYzZiMi00YzNmLWNjZTktYzQwMjE0YmNkNDllfDkzLjQwLjE5Ny4xMTN8fDF8MzYwMTNiYTRkYjYxMDY3NzE4ZWMxNWM1MGMzNzIwMGE=&sub=2008&conversion_id=14615311643170&app_id=4&lp_id=1518&v=tribat&stub_id=305&v_id=Cm-jJNXF9stIciTYuQ3c_suZa7mr5HAf_816mJXgmeI.&lpp=w10*-*-*

http://safe.soft2download.website/dl.php?gwzter=2IoEeC7_3Qqcv4ZGCdA_8-hpaDsMjH5dIUOAGEfjnpw.&cid=25370298331461602202&conversion_id=14616022099412&app_id=4&lp_id=1594&v=tribat&stub_id=305&v_id=ybnMui0TBzcw3wgMm3n_4vRTcxdlaNUnVKO810QvPXU.&lpp=*-*-*

http://update.soft2download.xyz/dl.php?dsfsf=BJWqvfdDsM3VVNs94zyiNvV0FsGZrdTJG2UwUp5pnpI.&cid=VjJ8MzA2MjJ8MjgzOTIwfDExOTY5M3wxNDYxNDE5OTIxfDRiNDhhOTgxLWJhZWQtNDQ4YS1jNGFkLTY4NzlmNTUzZTAxMnwyMDIuMTczLjEyNC43OHx8NHw4ZTJhYzY0MzM4ZDM3Njc0ZmQwMWY5YjgxNDZlZWZjZQ==&sub=2006&conversion_id=14614199312253&app_id=4&lp_id=1515&v=tribat&stub_id=305&v_id=_MbGruG1Jg4MjX-dgOd9LOm0nzBsFNOSahEM3lRbznU.&lpp=*-*-*

http://newalways.whensoftworks.download/dl.php?grew=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8MjIxMHwyNzI4NTh8MjcyNDU3fDE0NjE0MTk4NjV8MDE0NTBiYzktNDU3My00NDNiLWM0YjgtM2MxOGUyYmIwZWY0fDEwNS4xMDguNDQuMTMwfHwzfDdiODZkYTQxZDYyOTAwMDVkNzdkYWNjMDQ3YjY0MjNi&conversion_id=14614198785045&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=2NdtmdyL-nLaEm_bQd0XZa16wIoYci0fQHRgxJ73alc.&lpp=No match

http://update.soft2download.website/dl.php?gnsjrd=0ZK6LYwE9Q89ZaLgS0HdFWuVwpKYydTITyVX2MxrCbo.&cid=844720881461561091&conversion_id=14615610993288&app_id=4&lp_id=1594&v=tribat&stub_id=305&v_id=EX-36wELEfGDBw7Wavv7D5Aqegucf_XkvC33FvkoRJ0.&lpp=*-*-*

http://safe.soft2download.website/dl.php?gwzter=zfhHF5uIJPwUCaQYl1z7-xUZ2Mfj7SDh7iR5biCspo8.&cid=9736416451461602169&conversion_id=14616021811250&app_id=4&lp_id=1594&v=tribat&stub_id=305&v_id=4dwT90Hrqv_xnbak9ZeKCzM3zmlYQTD0lVX0y1S_xLg.&lpp=*-*-*

http://newupdate.softupdate4free.website/dl.php?sjsz=V6ggtPSfPBnjgGPLPRg1F8RvkCX3npdk8pUvwP5LaCY.&cid=33194192721461533964&conversion_id=14615339727356&app_id=4&lp_id=1594&v=tribat&stub_id=305&v_id=APKSrU756pjAdVhHmYZcJRxIiTJMyN9HINDI8t3ihIs.&lpp=*-*-*

http://update.soft2download.website/dl.php?revert=V6ggtPSfPBnjgGPLPRg1F8RvkCX3npdk8pUvwP5LaCY.&cid=15055828151461530810&conversion_id=14615308485070&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=AtmilUTWHRJpH7l_2Wxzf5eOwtdBxgVQ8cPXX6Fa2Ds.&lpp=No match

http://safe.soft2download.website/dl.php?gwzter=sMBycfqvPa_0a0ERkVjxMC-GoM0nWgBAhHPkmhCmIq0.&cid=15363427171461601888&conversion_id=14616018897762&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=9ftXADsmGCxwGvLfHH-v1blQoaIEOuD8FRAjd-ABUro.&lpp=*-*-*

http://safe.soft2download.website/dl.php?gwzter=ZVDFIoOsWnhVuPXYduCWR0GR5RS6waXiaGhIyH7yuxE.&cid=31976553941461602554&conversion_id=14616025971225&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=rkq60EgvQI5HbnHTEQ0zA5GzInQz7yXLA63LbtcQX5o.&lpp=No match

http://safe.soft2download.website/dl.php?gwzter=3gyYySmOGJCgnf420qkn-OeEVGZVRlkn9f3J8QO71iA.&cid=17415475741461601817&conversion_id=14616018269420&app_id=4&lp_id=1594&v=tribat&stub_id=305&v_id=715R62TIGBwTgMgPaaSNFv-YxN7dJYJgUMfbHj3ZRCE.&lpp=*-*-*

http://newsoftready.newsearch2update.top/dl.php?vfgse=PVRRifnJ9E2m-OjcEUGk3djT51mXacklv4k_sXopRq0.&sub=235803&cid=4890909929&conversion_id=14614423550335&app_id=129&lp_id=1461&v=tribat&stub_id=305&v_id=VD5rKiO12uvsWomcXmibdVTF4MfpHNt5e10_OXwSusw.&lpp=w10*-*-*

http://get24update.applicationtechnica.tech/dl.php?dsaf=mwK9xqzoV7CJFZFuMzUljhhSqRfSzOS0OjpXu8EpXWQ.&cid=MTA1MXw1MjEyfElOfDN8MXx8Y3pKeipTa3hET1RneFgyTTFNMU15WVRGcmJWTXRVR00wUmtKWVIzWlFXa018fA&conversion_id=14615599461313&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=SvXsKxWISlVWww2q63pvtAX98CKvSo33O1gWFyn1JKQ.&lpp=No match

http://update.soft2download.website/dl.php?gnsjrd=o9oae0_3w2bkmsGxlkmFVh-ZSlkxfh6Z11cEl9e7GlU.&cid=175057819947&conversion_id=14615603161708&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=ZlzjrP7bIhwnBRllMc1W_W-jqVt9POK9MyfvzE-lwY4.&lpp=*-*-*

http://softupdate.software-company.online/dl.php?pcl=2IoEeC7_3Qqcv4ZGCdA_8-hpaDsMjH5dIUOAGEfjnpw.&cid=18920506631461419499&conversion_id=14614195209813&app_id=4&lp_id=1600&v=tribat&stub_id=305&v_id=iUgdQXqYGpA53VmaE9zDeZzrz-K5uy3LGtMmYCmSKwQ.&lpp=No match

http://checkupdate.whensoftworks.tech/dl.php?fgsdh=44qzaB45lQGnw9sT1vTWQ1UsYo5-Lqz2FRZIQMEZkuk.&cid=in1sgdhbb22etfycsem2&subid=2279&conversion_id=14616026128068&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=O2eMAav5AjShmufIADPoDGyR5DkHf4LzQLEzy1TbINY.&lpp=*-*-*

http://safe.soft2download.website/dl.php?zhrj=zfhHF5uIJPwUCaQYl1z7-xUZ2Mfj7SDh7iR5biCspo8.&cid=33848403951461440260&conversion_id=14614402633990&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=EhRiWmEcctT4l7ekfRptGUfq85tyiCHeJghNP3GbN-I.&lpp=*-*-*

https://doc-0c-4g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/c14ko1dlgqveck709f2h749ec0tb14pr/1461600000000/11993352680075450857/.../0B2A8EV5JGumrZFp1Mm0wUnRDVVU?e=download

http://update.soft2download.website/dl.php?revert=HBfZBqmjvShSyN8T7B6GF4EWeDXqP2-LqaW3Zz-EIQc.&cid=33077413591461532963&conversion_id=14615329677900&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=DUnrGdNkDpfGlmWkz1WXz9jLvYqQwEjt1vyoMIlh2Hk.&lpp=*-*-*

http://nowinstallupgrade.freesearch4u.xyz/dl.php?gfdvs=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8MTgxOHwyNzI4NTl8NTcyMzJ8MTQ2MTUzMjA5N3wxM2FiODkzOC02OGZmLTRjOWUtY2NlNS0zNTIxYTk1ZGE2MTh8MTU0LjEyMS40LjE5OXx8Mnw3Yjg2ZGE0MWQ2MjkwMDA1ZDc3ZGFjYzA0N2I2NDIzYg==&conversion_id=14615321065175&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=A6azKvCRWk8xPfT5QAoKE7px2MzPASAEicxkEeOaVew.&lpp=*-*-*

http://update.soft2download.website/dl.php?revert=JEZUCP9ythHm1KfOKYRUzQJerVL6zvgzPdolGyU62F0.&cid=186049750292&conversion_id=14615313367918&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=sZWwv079QL7m40-ShnKt0j08Sn_mZZboCX8mmXkdXJ8.&lpp=No match

http://checkupdate.whensoftworks.tech/dl.php?fgsdh=44qzaB45lQGnw9sT1vTWQ1UsYo5-Lqz2FRZIQMEZkuk.&cid=in1bfcxyblefa2gadg5l&subid=2279&conversion_id=14616012531917&app_id=4&lp_id=1401&v=tribat&stub_id=305&v_id=nVBrcH0Hu_Ei3BChd6iX_qWmzils5lfYPEbPhbFBKKs.&lpp=*-*-*

http://safe.soft2download.tech/dl.php?sda=44qzaB45lQGnw9sT1vTWQ1UsYo5-Lqz2FRZIQMEZkuk.&cid=eu1fo3ufreoerdjiu5za&subid=2279&conversion_id=14616025529226&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=VAz-l8PYiHhJA3xKQNd1B41ArJ7f9gaaU7HfInDfEy0.&lpp=*-*-*

http://versionsupport.clickonupdate.top/dl.php?qawe=Iu5sv4NYl_zlgN93nmUm2GAAg-MzAOgMZUlagyP7ABQ.&cid=MTA1MXw1MjA1fEVTfDN8MXx8Y3pKeipTa1ZJTVRFMU1WOXRWM0pUYWpjdU0xUjBMVkJqTkVWQ1dFZDFVRFJufHw&conversion_id=14615315470623&app_id=4&lp_id=1617&v=tribat&stub_id=305&v_id=mOvtP8Af7kvYpiEdOpe0AjWmV0idZFY6gx5R1g31J_U.&lpp=*-*-*

http://newalways.whensoftworks.download/dl.php?grew=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8MzExN3wyNzI4NTh8MzYwNTc2fDE0NjE0MjAxODJ8MGY0MWRkNGMtMTQ3ZC00YTgxLWNhZWYtMGE3ZmRkZTk5ODMzfDE2MC4xNzYuMzAuNTB8fDF8N2I4NmRhNDFkNjI5MDAwNWQ3N2RhY2MwNDdiNjQyM2I=&conversion_id=14614202654743&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=NIZ3YDX9pChSbgcFMAzaUfTCcfHUR-g5dEs516DvaGg.&lpp=w10*-*-*

http://update.soft2download.website/dl.php?revert=qU3Z7XUlfImHuT1FQ4EPPqG1uIwy8JoStrTO-HH4cqA.&cid=1461531362mb56606197657&conversion_id=14615313655461&app_id=4&lp_id=1590&v=tribat&stub_id=305&v_id=QGdO_rM8zaxRqJyNTd8aMXaGP6-MHJ3vPesX1uy3ZjI.&lpp=*-*-*

Latest 30 of 53 download URLs

Remove adobe_flash_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.