home

flashplayer.exe

MIDIA TECHNOLOGIES LLC

The application flashplayer.exe by MIDIA TECHNOLOGIES has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from www.protectmedia.net.
Publisher:
MIDIA TECHNOLOGIES LLC  (signed and verified)

MD5:
b7ae060d8251452c46a9b0786db65fb7

SHA-1:
569b68878e45b5fc2f3a726307a04a159777d475

SHA-256:
30e0b0e9d5495f90992e05bd5c019eb408442ec30127799c09cc55c473f5259d

Scanner detections:
11 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 7:10:45 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Downloader.Gen2
7.11.189.150

avast!
Malware-gen
141119-1

AVG
Generic
2015.0.3275

Comodo Security
Application.Win32.Midia.F
20241

G Data
Win32.Adware.Midia
14.11.24

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2868

Malwarebytes
Trojan.BHO
v2014.11.30.09

NANO AntiVirus
Trojan.Nsis.Genome.djhbgi
0.28.6.63726

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.MIDIATECHNOLOGIES.L
14.11.30.8

VIPRE Antivirus
Threat.4150696
35224

File size:
52.2 KB (53,464 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Midia Downloader (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\flashplayer.exe

Digital Signature
Signed by:
MIDIA TECHNOLOGIES LLC

Authority:
Starfield Technologies, Inc.

Valid from:
11/18/2014 6:40:37 PM

Valid to:
4/11/2015 3:45:06 PM

Subject:
CN=MIDIA TECHNOLOGIES LLC, O=MIDIA TECHNOLOGIES LLC, L=Lewes, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
277BC515AE69B6

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:tMGnYmtcLDs/saQRy7rnzrKHgccoGv8uS08p44vGmjXO3XJ05y/KK8wS+VLX2/Hz:toLDYsacy7mHMowHjXJ05y/K/3/nF0i

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

http://www.protectmedia.net/ids/.../getFile?lnk=Rmxhc2hQbGF5ZXJ8aHR0cDovL2dldC5hZG9iZS5jb20vYnIvZmxhc2hwbGF5ZXIv&dec=1

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.