home

final_update_1.0010_pl.exe

Frappsy Autoupdater

Flex Media Limited

The application final_update_1.0010_pl.exe by Flex Media Limited has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
Flex Media Limited  (signed and verified)

Product:
Frappsy Autoupdater

Version:
1.0.0.0

MD5:
650bd4a91ca9d2ce46d7622bdc322a46

SHA-1:
b8924ac8f5c25afa4533a81d3aa33cbfa20e8ba8

SHA-256:
a8d41eda20372b266c4ecf4949d9b58aece1096f163cec66a021c62674ca9f97

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/19/2024 10:35:28 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/BitCoinMiner.CN
7.11.200.132

avast!
Win32:BitCoinMiner-FA [PUP]
2014.9-150717

ESET NOD32
Win32/BitCoinMiner.CK (variant)
9.10995

Kaspersky
not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner
14.0.0.1720

McAfee
Artemis!650BD4A91CA9
5600.6701

Qihoo 360 Security
Win32/Trojan.Multi.a56
1.0.0.1015

Sophos
Generic PUA LI
4.98

File size:
2.2 MB (2,260,232 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2012 Flex Media Limited

Original file name:
SmallApps.Updater.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\youtubedownloader\youtubedownloader.exe_url_vuv5tysxmif52lf232tmbowhe1erhfi4\1.0.0.0\final_update_1.0010_pl.exe

Digital Signature
Signed by:
Flex Media Limited

Authority:
COMODO CA Limited

Valid from:
1/8/2013 1:00:00 AM

Valid to:
1/9/2014 12:59:59 AM

Subject:
CN=Flex Media Limited, O=Flex Media Limited, STREET=Bristol & West House, STREET=Post Office Road, L=Bournemouth, S=Dorset, PostalCode=BH1 1BL, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
77DD6DFDECB8C8C8E901E7AE4023D76E

File PE Metadata
Compilation timestamp:
1/2/2014 10:01:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:dNZNGtYOONpdsdnofZS4NwiLUiH/pEs0TRHi/:VdsuR4FiH/pEs0TRM

Entry address:
0x2284CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.1 MB (2,254,336 bytes)

Remove final_update_1.0010_pl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.