home

Flash.exe

flash setup

Digital Zones

The file Flash.exe by Digital Zones has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from preparevideo.newupdater4u.site and multiple other hosts.
Publisher:
Digital Zones  (signed and verified)

Product:
flash setup

Version:
1.0.0.0

MD5:
caf41097ee2638bfb3d339d328635c24

SHA-1:
304e45f94f2da81474be751867131652b7e02400

SHA-256:
5ff3e71fefec963bd77dcbcdb90bc1b89ff6f3b86cb89b07dfa640f871310d8f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 6:10:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DigitalZ.Installer (M)
16.6.21.10

File size:
150.6 KB (154,192 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Flash.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\7981.tmp

Digital Signature
Signed by:
Digital Zones

Authority:
COMODO CA Limited

Valid from:
3/27/2016 7:00:00 PM

Valid to:
3/28/2017 6:59:59 PM

Subject:
CN=Digital Zones, OU=Digital Zone, O=Digital Zones, STREET="ul. Akademika Koroleva, d. 9 korp. 5", L=Moscow, S=Moscow, PostalCode=129515, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
07775D7C7B8C20E915DD534EA4F8DB84

File PE Metadata
Compilation timestamp:
6/21/2016 3:19:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:8vrM2JRCCaX55yF97w2QulsLGPGGGGHGGG/nGGGGGGlD43GGGGTbGbyGGGcGGaGi:95c97ZZsGPGGGGHGGG/nGGGGGGlD43G3

Entry address:
0x37EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, A8, 00, 00, 80, 10, 00, 00, 00, C0, 00, 00, 80, 18, 00, 00, 00, D8, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0D, 00, 02, 00, 00, 00, F0, 00, 00, 80, 03, 00, 00, 00, 08, 01, 00, 80, 04, 00, 00, 00, 20, 01, 00, 80, 05, 00, 00, 00, 38, 01, 00, 80, 06, 00, 00, 00, 50, 01, 00, 80, 07, 00, 00, 00, 68, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6 KB (6,144 bytes)

The file Flash.exe has been seen being distributed by the following 50 URLs.

http://preparevideo.newupdater4u.site/dl.php?gfdsg=RmukkuNC2r8uJlSVUpNwF4mmWT4ez4F4NnW8Lg1mtXs.&cid=11158198341466627401&conversion_id=14666274065685&app_id=4&lp_id=1561&v=tribat&stub_id=305&v_id=CcwL6ZfP8SyJxeruGsZYRND75VAuuwwnfxg5DGEDYDg.&lpp=*-*-*

http://upgradeget.testupgrade.top/dl.php?gfsdhdf=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180671567146&sid=10802&conversion_id=14665548131673&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=DM8-nX3bpI2u0OfDYIwaCvatpy2VjL4mcigRdX_A0kE.&lpp=*-*-*

http://upgrade12check.newestversion.xyz/dl.php?fad=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180751426026&sid=2700&conversion_id=14665702272975&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=gk8PUL8ECNBezdmoa5x6_beV3Wm7tB6H9L7NNHx7r8U.&lpp=*-*-*

http://upgradeget.testupgrade.top/dl.php?gfsdhdf=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180699507825&sid=10802&conversion_id=14665595242814&app_id=4&lp_id=1713&v=tribat&stub_id=305&v_id=GWGboiXBvjf2ZbuKveO9ML1bdL2yx0Cx5f_f97_fFIc.&lpp=*-*-*

http://set4update4u.updating4ever.xyz/dl.php?pcl=tUGAVtGJrl84y97hxkqquvdtgwqwuXyQLY4vRU5okvs.&cid=32288481751466552777&conversion_id=14665527797365&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=hRTUQbGRlT2iUlcb40C2K4A0WKO-CIvJhHxSbZdBSc4.&lpp=*-*-*

http://newsoftready.onlinesearching.download/dl.php?fds=1ereJk3NHQ7y1fSiC174L3LbnJLmvWtZsxfHTKhBgOE.&cid=V6WeiAjx3dZdIFhIBHiSGCl7id2PcaBHnbIF36TSscBh3ngUegM2r4XGZHcsnftPAoY9-uG_-xs-V9e_ZlK0NIBnD1SrDJXsDHmdiHDHFFk2QloT_gtpoR968J_sU7k10QLhRacTYJaEoroNUO4D98kmJgIIkISlUQkBpAzrWj_OtwF_LeJP90lZ5zFs0Myu-ruiDcUeENyUiDjkcI6i9q0d9gSHhY6tHdbPDtLinSjFnYb2O1vtx1IltV1UrmgUMvCq3ih8nMFiaWEeVgWcVq0Hydxpr1jJbNxGYfHKhTHdg7uMfPGLzX0bIv4IZfu8K0EMGaBIhIWgzLfpngtbj2PKNOYPF_RefhAdH8gBTiFJN2xJzMUIiL1JcBhL1MdRLnwU9TIwvguLdxEajLdjLLdikMu29MLvczUEgFMfZG_zUVBIoGX7GWTrCKQ_CZ-iuM9uaUwIuWciX5KAnkVuSFgp7NleYHYVgrj-x_auVpVmCm0&conversion_id=14665416520660&app_id=63&lp_id=522&v=tribat&stub_id=305&v_id=VfAHJAOFj6C7YCh4fRBHPU2XmY80laIKeQD9v2-uOPY.&lpp=*-*-*

http://newsoftready.onlinesearching.download/dl.php?fds=1ereJk3NHQ7y1fSiC174L3LbnJLmvWtZsxfHTKhBgOE.&cid=8Nb1JjjgsdNBLIkR2Yp_QWK_H-285RT2AgTaFSVpm81Llx6derq-bmnSnA_Z4ehhGFMvzmuNmlLzbeFsPvzXThqsuuMmYre2EfWwpX6SLVB-0Wuo-UUr3Zec22lacNHhT3iZ1nIIPTtETTzBXCUU35m_B7LyTIk4jDH4myZF2hEusBPH2_r_qZOw-vSC58CxvCYzVw1o1_Dfj_5hBQXPJ3SD48i-LU4UplytKqC8NU77dDarimLMbGAYqvcrQaEy_kr0Zed9AOCuGkywR290i1oxTjzYNCYYnlC280veFjMmblIuD9CKAZlw6ZHf8YQHdsTasI432XHvpV5KiJ0W-tkI7cp18M_t94VhyfPXq_Q7TJ6KuAu9aqGzaExmaqtz2s0kxWc521bz0ZBZ_SEtDkopo_GIoPXeLc6QUCELPmsWdRNp-h7YPZAP4RN833ncuuBL8SSLOFoFIi9or5v7qwGF3OYwtmMhV7YKnKJY1cafFVIrmEw&conversion_id=14665576305352&app_id=63&lp_id=1538&v=tribat&stub_id=305&v_id=0Q6XOs5uoch4dleDP6Khzy_TqQtv-9W6lNS8sk7_oro.&lpp=*-*-*

http://newsoftready.nowupgrade247.online/dl.php?fdsa=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180993424258&sid=436376&conversion_id=14666156137147&app_id=4&lp_id=1713&v=tribat&stub_id=305&v_id=5WRWPqJJelU0BS9eWjEoDOv5xtIefiHjgApAGrlLbeY.&lpp=*-*-*

http://upgradeget.testupgrade.top/dl.php?gfsdhdf=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180619681967&sid=90446&conversion_id=14665458301772&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=UT2bPqwlf2BowfwhjXO9jg-3rWLHlIiaF5tsOSS3QQQ.&lpp=No match

http://upgradeget.testupgrade.top/dl.php?gfsdhdf=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180665803007&sid=10802&conversion_id=14665543209470&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=WinuPFb7Kep2HY3FGZv8nWmUTBw3SpTwbxNF8YKeGz8.&lpp=*-*-*

http://upgradeget.testupgrade.top/dl.php?gfsdhdf=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180598289517&sid=620059&conversion_id=14665422835566&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=58xhl8_NOqpVWhfRncdYFpF1wehl438SOsJcnhcGVhI.&lpp=No match

http://check4upgrade.newupdater4u.club/dl.php?grte=44qzaB45lQGnw9sT1vTWQ1UsYo5-Lqz2FRZIQMEZkuk.&cid=us4vpbnckdcfrb88argo&subid=2279&conversion_id=14665138019869&app_id=4&lp_id=1666&v=tribat&stub_id=305&v_id=Re29PSOqved5MfBKdzpNCgjyE0rwWtTsxtWcTxmbWJc.&lpp=*-*-*

http://newsoftready.onlinesearching.download/dl.php?fds=Lp7VeWAEDf9s57jtwii4oIINVuWb84pCCfZ74or9u2I.&cid=CaPLvmsZrXrXk-ufN5gRg0B0no7L4wMUWJJdop4Wrk7qOGM8hDd77AGJLymBCNNX_nH04-upxTAZrWU3GQmzzU3yPsGbfynyfrpYUUZ7t5mZ2G5TCdaYSsPeaKrm50ufcTZ5dj5G0Q5-iRFOZEr7IIWmq3EryIEgoA0g_g5-j5KzoEsMRpGnOP03aef5F1J0QyUoyL42j5uuNRzr0FC1smsLuqi89a7ndJxMHpGQf3yAwxJWNFKjeJMqg1LPgUh3O7wsB6EuVuhbYuDN93nQ5CSc-DePWAWp8TcB_5Oh8OCcjcG9m51pIJN-PdynSlEi2W0D291fikngPmQ1PrrXZeYYXjvjKx7YWi9ot56MVKTsEasIbjnGyVe7zwAaQl26hE_HvPQRUsUW_KG4eOdI0_itLULBHPQc95NpIUbYkLvibz5B9pPqbZuEJKhLPPWB5o8JSPutTwF7EfeFAiaRAAISacqOTTswRAG1bdqh&conversion_id=14665169748287&app_id=4&lp_id=1666&v=tribat&stub_id=305&v_id=45L9v2258o2whvbVbpAUG3N_revEMW8SPwsv-aAugH8.&lpp=*-*-*

http://newupdate.updatesoftaarenow.online/dl.php?pcl=y4RQqWj83orTbuSI9Ydy21DEnefHYn2eUrGxkHknkRc.&cid=[MTA0fDE0MXxVS3wzfDF8fHx8]&conversion_id=14666195927399&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=hlHLgKZyRfR1wDuSVhlqrHkCC8EtyH9kXZAwA8bGEV4.&lpp=w*-*-*

http://newsoftready.nowupgrade247.online/dl.php?fdsa=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=181040617195&sid=469585&conversion_id=14666233489000&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=600urlEemZm38Gv1fxthAOI86haF5GN2ECXL69G4zIs.&lpp=*-*-*

http://check4upgrade.newupdater4u.club/dl.php?grte=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8MzI0Mnw0Njg2OTZ8MzI3MDU1fDE0NjY1Mzg0OTJ8MGE5MjcxYzYtMjgzZC00NDM2LWM0ODctNmFjZTNmODUwNWU0fDc5LjE4MS4xOTIuMTg1fHwzfDExNTQzOWY1YjY1NTdiNzk0ZmQ0ODk1NjY5ZWEwMTgz&conversion_id=14665385028308&app_id=4&lp_id=1526&v=tribat&stub_id=305&v_id=SqJyEW31nHsml7vk2YdzvTOB_kNKZnqjRGeHrnTvwSY.&lpp=No match

http://check4upgrade.newsoftreadyalways.site/dl.php?dsaf=yFlRftOoIOZ9YdclVxrjdIRoyZdWkQZJLYHtoSV1bCw.&cid=wEJBKPGE627CB5NT0IP9UJEE&conversion_id=14665737611121&app_id=4&lp_id=1408&v=tribat&stub_id=305&v_id=QeEOI2JPLmlb2R6u71BtbssYqiBfv5KrSFbmP23ObVs.&lpp=No match

http://upgradeget.testupgrade.top/dl.php?gfsdhdf=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180723436958&sid=45025&conversion_id=14665641322848&app_id=4&lp_id=1713&v=tribat&stub_id=305&v_id=bj0QAwgLATXHcSmG7UdbBuvzjILiGXJfJYnVjOfcsNc.&lpp=*-*-*

http://upgrade12check.newestversion.xyz/dl.php?fad=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180773777795&sid=10802&conversion_id=14665746504920&app_id=4&lp_id=1713&v=tribat&stub_id=305&v_id=HH9ubSyURrs8y4HCB-AkKiJ2Rmy_6gjUJJiEsmQGzss.&lpp=*-*-*

http://set4update4u.updating4ever.xyz/dl.php?pcl=HjYIEnhfdSfpFSZpCj0k_KswTOJpmNh7C79eozBjYIw.&cid=12818340581466576604&conversion_id=14665766082416&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=gEHs4V0MNJ7_4PKqW49BVi7ekv841dYZEZ1IRllzNmw.&lpp=*-*-*

http://upgradeget.testupgrade.top/dl.php?gfsdhdf=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180728426178&sid=320429&uuid=86d19e4c-be26-432e-b397-00a80230d334&conversion_id=14665651268170&app_id=4&lp_id=1713&v=tribat&stub_id=305&v_id=xBLk5FHogLTDFwEf5Juf_-nyw5q2EExkiBH52EVVQ5Q.&lpp=*-*-*

http://set4update4u.updating4ever.xyz/dl.php?pcl=Y1f0IbIgjaJ-o9SyIGSPFh_xdeEgngiXfhaasFMRayc.&cid=16120852581466559674&conversion_id=14665596757270&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=eP1vcGkCtiCD0a6ye0DkQ46jNWJNN0ro6AUzlYkjr8I.&lpp=*-*-*

http://preparevideo.newupdater4u.site/dl.php?gfdsg=7Rjm8PC3nA8NBpEj5V89TnE1LGEm2QqGGZU_EVKycas.&cid=18329906801466631254&conversion_id=14666312606855&app_id=4&lp_id=1543&v=tribat&stub_id=305&v_id=LXfkoz-j2C3RvZNkDynOEs78KMF_WtbqmBUD1kH2d_8.&lpp=*-*-*

http://check4upgrade.newupdater4u.club/dl.php?grte=ygNaedMdxdlRZ3X0_thUVxhrlW-bmOvkR9g913Vxt3o.&cid=1020fecffb25fbc732634f3d17b3ec&sid=1012&conversion_id=14665173685092&app_id=4&lp_id=1542&v=tribat&stub_id=305&v_id=fOPM9Masp5jDlCQ6zLk18dUedjGwnvtnA7TBFhc4r0M.&lpp=*-*-*

http://upgradeinstall24.set4updateonline.xyz/dl.php?pcl=9Iew1aL_t8TO8-yJ2i4KbqnNa5I5mEDs_XUGlH-hKWY.&cid=FzcweBuAAfXpQ6GTeyt0vVetm-ri2kk55A2XrxRwI9Bm21v35JileVPGnpgokJprvNHR6N8lBuJvt9q7u25EowJw_-DBBeUbKA5TtN8GHQXm0P9gH7wGMU&qs1=&conversion_id=14666259184214&app_id=4&lp_id=1541&v=tribat&stub_id=305&v_id=goUgZZYO8f3FMxBzr1ckUBVGZzPk5DYR4A2H-vF7ovc.&lpp=*-*-*

https://doc-14-a0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/acqcm3upuadaf0t144ghktpsol7nk41f/1466539200000/03577061132503210669/.../0B4_VtWSuRIAeX1N5ZWVFbDMtMEE?e=download

http://check4upgrade.newupdater4u.club/dl.php?grte=ixCD18FVNFrzvqXPojRYqImzd7RCg-m6oRQWVazMq3E.&subid=VjJ8NDg0NHw0NDM5ODF8MzI3MDU1fDE0NjY1MjI1MDh8ZjI3ZTZiNDQtYTg5ZS00NDcwLWM0MzUtMzEyOWM2NDI2N2I0fDc5LjE4MC4yMy4xNjB8fDF8NWU0MmViYTkxNGYwNjA2MjBkYzAzZWQ1NWNkMTYxYWE=&conversion_id=14665225228568&app_id=4&lp_id=1379&v=tribat&stub_id=305&v_id=40VwplHVAOSCCiBv4vdbA_06XkDZg8PzsvNcC2dek5c.&lpp=w10*-*-*

http://upgrade12check.newestversion.xyz/dl.php?fad=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180741300917&sid=10802&conversion_id=14665687902781&app_id=4&lp_id=1713&v=tribat&stub_id=305&v_id=clRn7Fsb1OzhecPXD75EodvJkxAfxBp41CGDxVhfeUw.&lpp=*-*-*

http://upgradeget.testupgrade.top/dl.php?gfsdhdf=qThOFu-ZogJR5BPy4wAWiblETJBmXOOb2PnKgHwtfJY.&cid=180589951476&sid=10802&conversion_id=14665403578426&app_id=4&lp_id=1713&v=tribat&stub_id=305&v_id=jZj36dPbl8uBbhkIwSIWiY5LEr2iHZY25oVsJ-o-NPY.&lpp=*-*-*

http://preparevideo.newupdater4u.site/dl.php?gfdsg=y4RQqWj83orTbuSI9Ydy21DEnefHYn2eUrGxkHknkRc.&cid=[MTA0fDE0MXxVS3wzfDF8fHx8]&conversion_id=14666281400595&app_id=4&lp_id=1602&v=tribat&stub_id=305&v_id=2pSFqcfMX7g6-0Z8F0ooQb59L9vu7OCL1ez0Eo_8I1M.&lpp=No match

Latest 30 of 101 download URLs

Remove Flash.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.