home

flash_player.exe

Tqipp†ph Cadl Emcox

The executable flash_player.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.mediafire.com.
Publisher:
Logitech*  (Invalid match)

Product:
Tqipp†ph Cadl Emcox

Version:
50.05.5005

MD5:
f9c550bc412655e9c35ffc08eee49685

SHA-1:
b7853c7d88a7c82af3a32a96da1507bf9a989370

SHA-256:
8eb9e34c8a87200326186a17b35068ddb4e7a33a23d93487879c67d75dc78634

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
4/25/2024 9:15:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2837596
381

Agnitum Outpost
Trojan.DL.Dofoil
7.1.1

AhnLab V3 Security
Malware/Gen.Generic
2015.12.17

Avira AntiVirus
TR/Agent.106496.780
8.3.2.4

Arcabit
Trojan.Generic.D2B4C5C
1.0.0.629

avast!
Win32:Malware-gen
2014.9-160120

AVG
Pakes2_c
2017.0.2859

Baidu Antivirus
Trojan.Win32.Generik
4.0.3.16120

Bitdefender
Trojan.GenericKD.2837596
1.0.20.100

Dr.Web
Trojan.VbCrypt.250
9.0.1.020

Emsisoft Anti-Malware
Trojan.GenericKD.2837596
8.16.01.20.08

ESET NOD32
Win32/Injector.CLPZ (variant)
10.12732

Fortinet FortiGate
W32/Dofoil.BUJI!tr
1/20/2016

F-Secure
Trojan.GenericKD.2837596
11.2016-20-01_4

G Data
Trojan.GenericKD.2837596
16.1.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18130

Kaspersky
Trojan-Downloader.Win32.Dofoil
14.0.0.788

Malwarebytes
Trojan.Banker
v2016.01.20.08

McAfee
GenericR-EWF!F9C550BC4126
5600.6515

Microsoft Security Essentials
TrojanDownloader:Win32/Dofoil.T
1.1.12300.0

MicroWorld eScan
Trojan.GenericKD.2837596
17.0.0.60

NANO AntiVirus
Trojan.Win32.Injector.dyjerd
1.0.10.5081

nProtect
Trojan.GenericKD.2837596
15.12.16.01

Panda Antivirus
Trj/CI.A
16.01.20.08

Qihoo 360 Security
Win32/Trojan.Downloader.d78
1.0.0.1077

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16118

Trend Micro
TROJ_GEN.R072C0DK215
10.465.20

Vba32 AntiVirus
TrojanDownloader.Dofoil
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45884

ViRobot
Worm.Win32.A.Ngrbot.356352.A[h]
2014.3.20.0

Zillya! Antivirus
Downloader.Dofoil.Win32.3427
2.0.0.2565

File size:
104 KB (106,496 bytes)

Product version:
50.05.5005

Original file name:
XecDanJihjFegipiuiop.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flash_player.exe

File PE Metadata
Compilation timestamp:
5/10/2011 7:31:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:vkM0mu88WWWIHhhKf7aZe+IVJovKSUYurh6OH/c0nAkUuZ4EB11K:vV0v8WA+0vTodkn00nAkUjI

Entry address:
0x1834

Entry point:
68, F4, 19, 40, 00, E8, F0, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 39, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 4A, 8D, EB, 6E, 3C, 9E, EA, 4A, 99, 01, 1B, D0, EF, 6B, EA, A3, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 68, 00, 00, 00, 43, 6F, 73, 74, 7A, 61, 71, 79, 65, 7A, 21, 21, FC, 00, 39, 31, 00, 2D, 36, 36, 43, 33, 2D, 34, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 06, 00, 00, 00, 7E, 0F, C3, 5C, 1E, D5, 1E, 40, AE, 63, 44, 06, AB, 7D, 9B, 44, 01, 00, 00, 00, A0, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
60 KB (61,440 bytes)

The file flash_player.exe has been seen being distributed by the following URL.

http://www.mediafire.com/download/.../flash_player.exe

Remove flash_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.