home

flashplayer.exe

Bürgerrecht

Rohitab Batra

The executable flashplayer.exe has been detected as malware by 5 anti-virus scanners.
Publisher:
Romzabara  (signed by Rohitab Batra)

Product:
Bürgerrecht

Description:
Romzabara

Version:
4.05

MD5:
ad6eef229c09223a4191ba0486fe4183

SHA-1:
587414b8abe8501ef906b6ef947d8e3eb289c58f

SHA-256:
b8cd43feefba5ea880e0e01202d40599fc08e6099da91e6bd0da26868eb8e7d3

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/26/2024 9:32:03 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader19.35772
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Graftor.273022
10.0.0.5735

ESET NOD32
Win32/Injector.CTDL trojan
8.0.319.0

Kaspersky
Trojan.Win32.Kovter
15.0.0.562

Norman
Gen:Variant.Graftor.273022
19.02.2016 10:08:15

File size:
406.4 KB (416,178 bytes)

Product version:
4.05

Original file name:
Romzabara.exe

File type:
Executable application (Win32 EXE)

Language:
Czech (Czech Republic)

Common path:
C:\users\{user}\downloads\flashplayer.exe

Digital Signature
Signed by:
Rohitab Batra

Authority:
VeriSign, Inc.

Valid from:
6/4/2012 12:00:00 AM

Valid to:
6/4/2013 11:59:59 PM

Subject:
CN=Rohitab Batra, OU=Individual Developer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=No Organization Affiliation, L=NORTH ATTLEBORO, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D91664862B0BC8A748A1AE4928A4B13

File PE Metadata
Compilation timestamp:
2/25/2016 1:41:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ct/C6nGiD835kTGS6wb3z9rdBPWrb6va+PC2UYCVxnu5Ksx2m+iuj:ctTnDDx76wbD9rkCa+Chlo5h4m+i2

Entry address:
0x28C8

Entry point:
68, 0C, CE, 44, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 0F, DB, B5, 9B, D7, 8F, 38, 4F, 95, B9, D5, B5, E2, B6, FC, 83, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 48, 00, A0, 79, 48, 00, 44, 6F, 70, 70, 65, 6C, 67, 65, 66, E4, DF, 65, 6E, 35, 00, 01, 00, 00, 00, 00, FF, CC, 31, 00, 03, 18, 38, 42, C4, 8E, A9, FF, 41, A8, DF, BE, 61, D9, AE, 00, AC, 0C, 42, 04, B0, 3F, F5, 9B, 4F, 8E, CD, CA, 5B, C1, 8C, E8, 43, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.2420

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
380 KB (389,120 bytes)

Remove flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.