» flash_player.exe
Overview
Analysis
File Details

flash_player.exe

Flash Downloader

ARES BILGI TEKN.OFISSIST.YAZIL.REKL.INS.SAN.VE TIC.LTD.STI.

The application flash_player.exe, “Adobe Flash Downloader” by ARES BILGI TEKN.OFISSIST.YAZIL.REKL.INS.SAN.VE TIC.LTD.STI has been detected as a potentially unwanted program by 8 anti-malware scanners.

File name:

flash_player.exe

Publisher:

Adobe Inc (signed by ARES BILGI TEKN.OFISSIST.YAZIL.REKL.INS.SAN.VE TIC.LTD.STI.)

Product:

Flash Downloader

Description:

Adobe Flash Downloader

Version:

2.01

MD5:

7bffe83a7f9a55517a4fafc30a8a87cf

SHA-1:

7b50ac5bbd21b945df128c2606402ef68533dc30

SHA-256:

27098e847a818730997c6350ff45685c3a7928ab0ea7210826a6e830ed4d5902

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 10:16:16 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.FKM.Gen

7.11.61.234

avast!

Win32:StartPage-APJ

160518-2

Dr.Web

Adware.Downware.939

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.339910

16.07.09

ESET NOD32

Win32/Downloader.VB.B potentially unwanted application

8.0.319.0

Microsoft Security Essentials

Threat.Undefined

1.225.469.0

Norman

Gen:Variant.Kazy.339910

19.05.2016 01:04:49

VIPRE Antivirus

Threat.4150696

29708

File size:

552.6 KB (565,888 bytes)

Product version:

2.01

2012 Ironion

Trademarks:

2012 Ironion

Original file name:

flash.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\flash_player.exe

Digital Signature

Signed by:

ARES BILGI TEKN.OFISSIST.YAZIL.REKL.INS.SAN.VE TIC.LTD.STI.

Authority:

Thawte, Inc.

Valid from:

2/11/2013 2:00:00 AM

Valid to:

2/12/2014 1:59:59 AM

Subject:

CN=ARES BILGI TEKN.OFISSIST.YAZIL.REKL.INS.SAN.VE TIC.LTD.STI., O=ARES BILGI TEKN.OFISSIST.YAZIL.REKL.INS.SAN.VE TIC.LTD.STI., L=Bursa, S=Bursa, C=TR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2265C416F34DF155C7269A9231F6EB91

File PE Metadata

Compilation timestamp:

2/12/2013 9:24:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:mWk4WkhFwY7wiVj24LujkcSI+Cy3GZviTEBYDglv5UxN8Tg73/p:pkbkh3pHLtcSV/3GZvOEBYUly8k73R

Entry address:

0x1734

Entry point:

68, D4, E9, 47, 00, E8, EE, FF, FF, FF, 00, 00, 60, 00, 00, 00, 30, 00, 00, 00, 58, 00, 00, 00, 40, 00, 00, 00, 53, DD, 14, D1, 6D, 9C, 81, 46, A0, C6, DD, AB, 2F, 69, 7E, D9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 64, 65, 78, 20, 20, 20, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 33, 0D, 0A, 20, 20, 20, 20, 46, 6C, 61, 73, 68, 20, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65, 72, 00, 20, 20, 20, 20, 20, 20, 20, 00, 20, 20, 20, 34, 38, 30, 0D, 00, 00, 00, 00, A8, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 02, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

532 KB (544,768 bytes)

Remove flash_player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.