home

flashplayer.exe

Moralschriftstellers1

World coin

The executable flashplayer.exe has been detected as malware by 4 anti-virus scanners. The file has been seen being downloaded from 745.sf3jzws.jieshbasteln-gestalten.org.
Publisher:
World coin

Product:
Moralschriftstellers1

Version:
8.08.0006

MD5:
1aefdaedd02eecd7dbb5b3f5350f8eaa

SHA-1:
2003764488b1f5ccb5f7808037cc742dcf1159e8

SHA-256:
71ef0ab25b1e97739123dc36451b4c83d8d079e1735d3005f85d2782aa6734d3

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
5/4/2024 8:09:49 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160204-3

Emsisoft Anti-Malware
Gen:Variant.Symmi.60248
10.0.0.5366

ESET NOD32
Win32/Kovter.D trojan
7.0.302.0

Norman
Gen:Variant.Symmi.60248
03.02.2016 07:38:05

File size:
388 KB (397,356 bytes)

Product version:
8.08.0006

Original file name:
Asal.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flashplayer.exe

File PE Metadata
Compilation timestamp:
2/5/2016 8:43:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:cbp9dEE4PyR9N8TwHtJgFB1yputiVCIAGzbxK3DQ8n7Xn7HQYiz:cbp9aPyX6GcFjyQNIXbxM8FYs

Entry address:
0x12C0

Entry point:
68, 3C, 0A, 44, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 40, 54, DD, A8, 06, 2D, 1F, 4F, BB, 0E, 61, E6, 2B, 2C, 7A, 50, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, F3, FD, 02, 46, 61, 63, 68, 67, 65, 72, 65, 63, 68, 74, 65, 72, 65, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 05, 5A, 59, F3, 5C, A2, 3E, 22, 44, 87, 92, 31, 89, EC, C3, 1B, 1C, F4, 77, 3C, 7F, 44, 43, 34, 4B, 91, B1, 8F, 05, 0A, AD, 3A, D9, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.2418

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
352 KB (360,448 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

http://745.sf3jzws.jieshbasteln-gestalten.org/5361659236615/5361659236615/.../FlashPlayer.exe

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.