home

final_update_1.0012_en.exe

Frappsy Autoupdater

Flex Media Limited

The application final_update_1.0012_en.exe by Flex Media Limited has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
Flex Media Limited  (signed and verified)

Product:
Frappsy Autoupdater

Version:
1.0.0.0

MD5:
3856f42ced34ee0fce4a969e7c4785ad

SHA-1:
3bea7a8fd1c3fb902de53240c0690929621b0a02

SHA-256:
37befa66d1e57d302956025db12668b3fe74a42c0c8ead357725400e32243fbb

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/25/2024 4:15:50 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/BitCoinMiner.Gen
8.3.3.4

avast!
Multi:BitCoinMiner-A [Tool]
2014.9-160430

ESET NOD32
Win32/BitCoinMiner.BP potentially unsafe (variant)
10.13398

G Data
Win32.Trojan.Agent.QLUM4O
16.4.25

IKARUS anti.virus
Trojan.BitCoinMiner
t3scan.2.0.9.0

Kaspersky
not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner
14.0.0.281

McAfee
Artemis!3856F42CED34
5600.6413

NANO AntiVirus
Riskware.Win32.BitCoinMiner.dbglba
1.0.30.8136

Qihoo 360 Security
Win32/Virus.RiskTool.749
1.0.0.1120

Rising Antivirus
Trojan.Bayrob!1.A3CB (Cloud)
23.00.65.16428

File size:
2.2 MB (2,260,232 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2012 Flex Media Limited

Original file name:
SmallApps.Updater.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\youtubedownloader\youtubedownloader.exe_url_150mxaqqls0ynls1o5e55xjrcraborwy\1.0.0.0\final_update_1.0012_en.exe

Digital Signature
Signed by:
Flex Media Limited

Authority:
COMODO CA Limited

Valid from:
1/8/2013 8:00:00 AM

Valid to:
1/9/2014 7:59:59 AM

Subject:
CN=Flex Media Limited, O=Flex Media Limited, STREET=Bristol & West House, STREET=Post Office Road, L=Bournemouth, S=Dorset, PostalCode=BH1 1BL, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
77DD6DFDECB8C8C8E901E7AE4023D76E

File PE Metadata
Compilation timestamp:
1/8/2014 6:22:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:INZNtt+nN3dsdnofZS4NwiLUiH/pEs0TRHit:bdsuR4FiH/pEs0TRW

Entry address:
0x2284CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9744

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.1 MB (2,254,336 bytes)

Remove final_update_1.0012_en.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.