home

flashplayer.exe

durchwachten

Rohitab Batra

The executable flashplayer.exe has been detected as malware by 7 anti-virus scanners.
Publisher:
Romzabara  (signed by Rohitab Batra)

Product:
durchwachten

Description:
Romzabara

Version:
4.05.0008

MD5:
5c1130c75a33b818945bf7784948d68c

SHA-1:
253b66516dfae8276e9a8d174c92a676477879d2

SHA-256:
b314cd42a4dce36fd78d97991bf4866901fd25494a20b81645b9f0e8cd318987

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/24/2024 5:07:50 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader19.35810
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.15832630
11.5.0.6191

ESET NOD32
Win32/Kovter.C trojan
8.0.319.0

F-Secure
Trojan.Generic.15832630
5.15.96

Kaspersky
Trojan.Win32.Kovter
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.219.1356.0

Norman
Trojan.Generic.15832630
02.04.2016 17:35:19

File size:
394.4 KB (403,898 bytes)

Product version:
4.05.0008

Original file name:
Romzabara.exe

File type:
Executable application (Win32 EXE)

Language:
Czech (Czech Republic)

Common path:
C:\users\{user}\downloads\flashplayer.exe

Digital Signature
Signed by:
Rohitab Batra

Authority:
VeriSign, Inc.

Valid from:
6/4/2012 12:00:00 AM

Valid to:
6/4/2013 11:59:59 PM

Subject:
CN=Rohitab Batra, OU=Individual Developer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=No Organization Affiliation, L=NORTH ATTLEBORO, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D91664862B0BC8A748A1AE4928A4B13

File PE Metadata
Compilation timestamp:
2/25/2016 9:41:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:0YbjWvNKhwczUqmVlMzXF0pLa1msbGXe0vHvEWeCBa+L9gijyQ1Lp/ZZ1f5:0PNKjzUDSXmkRGX5vHvReEgiWs9/X1f5

Entry address:
0x28DC

Entry point:
68, 90, 9B, 44, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, C3, 8F, D6, 51, B8, 10, 55, 4F, A7, 19, D9, 47, C1, 88, AC, 69, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 40, 59, 6B, 03, 6B, 61, 6E, 61, 6C, 69, 67, 65, 00, 08, 41, 00, 20, 08, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, 89, 8D, EA, 8F, 1B, 20, 4C, 4F, B8, 03, E4, 11, 6E, 7C, 67, 6A, 9D, 0C, 6B, CC, 1D, 60, 99, 42, 9D, 6C, C6, 9E, E7, 6F, A7, BA, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.2692

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
368 KB (376,832 bytes)

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.