home

FlashGuncelle.exe

Adobe

The application FlashGuncelle.exe has been detected as a potentially unwanted program by 32 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.agentofex.com.
Publisher:
Adobe

Product:
Adobe

Version:
17

MD5:
7b6ee6d31023d42c02b294c832558ce3

SHA-1:
5a4486f5e8788d1595a437ac97e3badcdf8861b8

SHA-256:
4ce11f4bba9e2f8ae7557c6648ce27badcf0609b2f425cd682bc0039e61151ca

Scanner detections:
32 / 68

Status:
Potentially unwanted

Analysis date:
5/17/2024 3:05:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.77106
234

Agnitum Outpost
Trojan.Bepush
7.1.1

AhnLab V3 Security
Win-Trojan/FCN.140610
2016.01.02

Avira AntiVirus
TR/Zusy.77106.8
8.3.2.4

Arcabit
Trojan.Zusy.D12D32
1.0.0.637

avast!
Win32:Agent-ASJZ [Trj]
2014.9-160614

AVG
Luhe.Fiha.A
2017.0.2712

Baidu Antivirus
Adware.Win32.Agent
4.0.3.16614

Bitdefender
Gen:Variant.Zusy.77106
1.0.20.830

Comodo Security
UnclassifiedMalware
23896

Dr.Web
Trojan.DownLoader10.59063
9.0.1.0166

Emsisoft Anti-Malware
Gen:Variant.Zusy.77106
8.16.06.14.11

ESET NOD32
MSIL/Bepush (variant)
10.12804

Fortinet FortiGate
W32/Blocker.DIJY!tr
6/14/2016

F-Secure
Trojan-Downloader:W32/Kilim.T
11.2016-14-06_3

G Data
Gen:Variant.Zusy.77106
16.6.25

IKARUS anti.virus
Trojan.JS.FBExt
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18296

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.55

Malwarebytes
Trojan.Agent.MSIL
v2016.06.14.11

McAfee
Artemis!7B6EE6D31023
5600.6368

Microsoft Security Essentials
TrojanDropper:MSIL/Bepush.B
1.1.12400.0

MicroWorld eScan
Gen:Variant.Zusy.77106
17.0.0.498

NANO AntiVirus
Trojan.Win32.Blocker.ctpstx
1.0.14.5380

Panda Antivirus
Generic Malware
16.06.14.11

Quick Heal
TrojanDropper.Bepush.r3
6.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.35BH14
7.2.166

Trend Micro
TROJ_SPNR.35BH14
10.465.14

VIPRE Antivirus
Trojan.Win32.Generic
46212

ViRobot
Trojan.Win32.S.Agent.196096.BA[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Blocker.Win32.27133
2.0.0.2591

File size:
191.5 KB (196,096 bytes)

Product version:
17

Copyright:
Adobe

Trademarks:
Adobe

Original file name:
FlashGuncelle.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\flashguncelle.exe

File PE Metadata
Compilation timestamp:
1/6/2014 6:55:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:7qmgvcMfdSuzyhds7ujno9qYGS/SP/T7o3yHO819bJeOzx4wK7cyprCveaK6sLS:3rcdpzCdsCE9qC/M/T7/OIKON4d5gve2

Entry address:
0x2D856

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6882

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
174.5 KB (178,688 bytes)

The file FlashGuncelle.exe has been seen being distributed by the following URL.

http://www.agentofex.com/dl.php

Remove FlashGuncelle.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.