» flash_install.exe
Overview
Analysis
File Details
Downloads (2)

flash_install.exe

PDASKA

The executable flash_install.exe has been detected as malware by 21 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from wopi.icomp.ufam.edu.br and multiple other hosts.

File name:

flash_install.exe

Product:

PDASKA

Version:

1.2.2.1

MD5:

90e4c75bd422a027622394e1c5626b42

SHA-1:

2bd755184717e4dc074a447095aee5ceefa598f5

SHA-256:

db993099ddd0a890af5c118d140a3eac1eed250eced1b87e64b0cab6f7a5390b

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

5/19/2024 2:21:38 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.14610753

595

Avira AntiVirus

TR/Rogue.55808.34

8.3.1.6

Arcabit

Trojan.Generic.DDEF141

1.0.0.425

avast!

Win32:Dropper-gen [Drp]

2014.9-150529

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.15619

Bitdefender

Trojan.Generic.14610753

1.0.20.850

Emsisoft Anti-Malware

Trojan.Generic.14610753

8.15.06.19.04

Fortinet FortiGate

W32/MSIL.DAR!tr

6/19/2015

F-Secure

Trojan.Generic.14610753

11.2015-19-06_6

G Data

Trojan.Generic.14610753

15.6.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.204.16134

McAfee

RDN/Generic.tfr!eo

5600.6729

MicroWorld eScan

Trojan.Generic.14610753

16.0.0.510

nProtect

Trojan.Generic.14610753

15.06.03.01

Panda Antivirus

Trj/CI.A

15.06.19.04

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Sophos

Troj/MSIL-DAR

4.98

Trend Micro House Call

TROJ_BANLOAD.YWNIR

7.2.170

Trend Micro

TROJ_BANLOAD.YWNIR

10.465.19

VIPRE Antivirus

Trojan.Win32.Generic

40824

File size:

54.5 KB (55,808 bytes)

Product version:

1.2.2.1

Original file name:

PDASKA.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

5/27/2015 7:29:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:I/Ks0wB+1zcv/yKdcpF2PL85tlp6ZJ9PtntT:I/Ks0g+1zHwDwlpUJvn1

Entry address:

0xEB8E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, A4, 6A, D7, 56, B7, C7, E8, DB, 70, 20, 24, EE, CE... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

51 KB (52,224 bytes)

The file flash_install.exe has been seen being distributed by the following 2 URLs.

http://wopi.icomp.ufam.edu.br/.../flash_install.exe

http://gsm.unesp.br/Software/.../flash_install.exe

Remove flash_install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.