» flash2_click_to_safe_install_________________ma2_9836_176681_ff.exe
Overview
Analysis
File Details

flash2_click_to_safe_install_________________ma2_9836_176681_ff.exe

Start Install

The application flash2_click_to_safe_install_________________ma2_9836_176681_ff.exe by Start Install has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

Publisher:

Start Install (signed and verified)

MD5:

06996b91ef05f2013aeed64d7fe34f7b

SHA-1:

2c8815108efea0d5783084fa62bb0ad64d443ed8

SHA-256:

747006bf08399b2510237be1afc1c15808736bda138363be4c5ad31a08fd908e

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/18/2024 11:51:06 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-140723

AVG

Generic

2015.0.3404

ESET NOD32

Win32/InstallMonetizer.BB

8.10123

G Data

Win32.Trojan.Agent.KCJW94

14.7.24

Malwarebytes

PUP.Optional.InstallMonetizer

v2014.07.23.07

McAfee

Artemis!C27F5983DF78

5600.7060

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.StartInstall.?

14.7.23.19

Trend Micro House Call

Suspicious_GEN.F47V0718

7.2.204

VIPRE Antivirus

Trojan.Win32.Generic

31414

File size:

493.8 KB (505,672 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\flash2_click_to_safe_install_________________ma2_9836_176681_ff.exe

Digital Signature

Signed by:

Start Install

Authority:

COMODO CA Limited

Valid from:

1/27/2014 12:00:00 AM

Valid to:

1/27/2015 11:59:59 PM

Subject:

CN=Start Install, O=Start Install, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA/Santa Clara, PostalCode=95138, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4A35F3F064DE91E511E0079B2961EAAF

File PE Metadata

Compilation timestamp:

12/5/2009 10:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:sG61ump5UkallMCBXyIBtp8dbJd5A4AzybJd5A8U:sGvuUkalWCZQdbJd5A4AzybJd5A8U

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.7517

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove flash2_click_to_safe_install_________________ma2_9836_176681_ff.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.