home

adobeshockwaveplayersetup-19264053-none.exe

File.org

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application adobeshockwaveplayersetup-19264053-none.exe by File.org has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Adobe Shockwave Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
File.org  (signed and verified)

MD5:
1ea775eabf7834daade4d437b1a1e621

SHA-1:
473c9ce4a61236ddd4c8996754e4e5509cbc6594

SHA-256:
6b4092b2fac88632f88d0200e186629fc23f3c60c46f6c52065404469695f07a

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 9:51:02 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen9
7.11.155.148

Dr.Web
Adware.Downware.4757
9.0.1.0184

ESET NOD32
Win32/InstallCore.PC
9.9964

Fortinet FortiGate
Riskware/InstallCore
7/3/2015

K7 AntiVirus
Unwanted-Program
13.180.12449

McAfee
Artemis!1EA775EABF78
5600.6715

Qihoo 360 Security
Win32/Virus.Adware.f22
1.0.0.1015

Reason Heuristics
PUP.Fileorg.Installer (M)
15.7.3.23

Sophos
Install Core Click run software
4.98

Trend Micro House Call
TROJ_GEN.F47V0609
7.2.184

Vba32 AntiVirus
Downware.InstallCore
3.12.26.0

File size:
670.8 KB (686,936 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\adobeshockwaveplayersetup-19264053-none.exe

Digital Signature
Signed by:
File.org

Authority:
COMODO CA Limited

Valid from:
4/24/2014 8:00:00 PM

Valid to:
4/25/2015 7:59:59 PM

Subject:
CN=File.org, O=File.org, STREET=Bysoestrade 2B st., L=Holbaek, S=N/A, PostalCode=4300, C=DK

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D23668FD70A6AD497F37619358D967

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:TYvpWINlY/czBM/vArIudGX2YamtH8GbQIn7BcHFDVtXWqP2hgGORFCVaQ:TYvoINuW2wdGGYFtcGFnytXWqnL/jQ

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8879

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file adobeshockwaveplayersetup-19264053-none.exe has been seen being distributed by the following URL.

http://file.org/.../dl.php?fid=19264053&p=None&a=upd&v=20120228

Remove adobeshockwaveplayersetup-19264053-none.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.