home

flash.exe

The executable flash.exe has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from agslvq.ad-vid-webs.com.
MD5:
041e7f5609e0d9289482e1306a4fa5e3

SHA-1:
70b6afb0054ca6f307bff299002b7895557ce5ee

SHA-256:
de3da7dbaa786c4978068bfe4b4fc7bfeae25f4276797c7a5ceb90b2bf1c45a8

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
6/27/2025 3:06:23 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160326-0

AVG
Win32/Sality
2015.0.4355

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Agent.ChromeExtension
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!D8F12C859387
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.2324.0

Norman
Trojan.Agent.ChromeExtension.A
02.04.2016 17:35:19

File size:
582.7 KB (596,688 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\downloads\flash.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:cEnzPMqKgPLuWIg+zuWe7QuWb03CbQQealjNWuWmybXw:NzPygPLuJ5ul7QuCsCb4aPWu6Xw

Entry address:
0x30FA

Entry point:
3D, 05, 50, 63, 9C, 8B, F6, 2D, 43, 25, 88, E5, F3, 10, D6, 0A, EB, B5, CE, 81, E3, F0, D5, 2B, E0, 2A, EA, F6, C2, 93, 89, C9, 8B, C7, 86, FB, 85, FA, 69, F8, F6, 06, C3, 61, 72, 06, 69, DB, 68, 4D, A8, FC, BF, ED, A2, FF, 31, F6, C3, B6, 46, E8, 34, 00, 00, 00, 8B, DB, 0F, BE, C9, 31, EF, 0F, B6, ED, 38, DE, 69, C9, 2F, A8, 84, 70, 11, ED, 52, 0F, BF, E9, 2C, 92, 09, F2, 5F, F7, C6, 27, 66, BE, 66, 88, FC, 8D, 15, 4F, C0, 82, E9, 2B, F7, BA, BD, 25, 6C, 0A, 87, D2, 5A, 88, E4, F2, 0F, BF, C1, 0F, BF, D9...
 
[+]

Code size:
23.5 KB (24,064 bytes)

The file flash.exe has been seen being distributed by the following URL.

http://agslvq.ad-vid-webs.com/.../xz.php?ii=YTQxMkM3NzJtNDc4TDg5M044MzNYODUz&id=22&a=43885&l=xh

Remove flash.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.