» flashflayer.exe
Overview
Analysis
File Details

flashflayer.exe

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application flashflayer.exe by Alexey Kurilenko has been detected as adware by 20 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

flashflayer.exe

Publisher:

Alexey Kurilenko (signed and verified)

MD5:

6bd666353382f21f1ce7481bdbab87bb

SHA-1:

3eb21ec66a99ba619c392fac36ff33dc88b10c87

SHA-256:

ccd2d73004f024819414d9de3892a8c5cef92629c85c8f069a29ae2e4bfb6b0e

Scanner detections:

20 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/19/2024 9:09:58 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

PUP/Win32.MultiPlug

2014.08.30

Avira AntiVirus

Adware/MultiPlug.aob

7.11.169.248

avast!

Win32:MultiPlug-CI [PUP]

140813-1

AVG

Adware Generic5.BENU

2014.0.4015

Comodo Security

Application.Win32.MultiPlug.YX

19353

Dr.Web

Trojan.Crossrider.28215

9.0.1.05190

ESET NOD32

Win32/AdWare.MultiPlug.BF application

7.0.302.0

IKARUS anti.virus

AdWare.SaveNet

t3scan.1.7.5.0

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.494

Malwarebytes

PUP.Optional.MultiPlug.A

v2014.08.29.05

McAfee

MultiPlug

5600.7023

NANO AntiVirus

Riskware.Win32.MultiPlug.ddsvpv

0.28.2.61861

nProtect

Trojan-Clicker/W32.MultiPlug.665944

14.08.29.01

Panda Antivirus

PUP/TSUploader

14.08.29.05

Reason Heuristics

PUP.AlexeyKurilenko.L

14.8.29.14

Sophos

MultiPlug

4.98

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.3

VIPRE Antivirus

Threat.4150696

32210

Zillya! Antivirus

Adware.MultiPlug.Win32.57

2.0.0.1906

File size:

650.3 KB (665,944 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\flashflayer.exe

Digital Signature

Signed by:

Alexey Kurilenko

Authority:

Unizeto Technologies S.A.

Valid from:

6/17/2014 2:20:17 PM

Valid to:

6/17/2015 2:20:17 PM

Subject:

E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

15D51642691B3EE20985639A8FE865DD

File PE Metadata

Compilation timestamp:

8/6/2014 5:01:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:cZVunYav79cKnZxCAgX2QRkOSllkpGF57Lsth6RpoX/wR4u2h:Ssp9cWZVnQecI7Q+pOEEh

Entry address:

0xC461

Entry point:

E8, 3E, 3C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, 9F, 41, 00, E8, 19, 16, 00, 00, E8, 0B, 3E, 00, 00, 0F, B7, F0, 6A, 02, E8, D1, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C4, 2C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

82.5 KB (84,480 bytes)

Remove flashflayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.