home

flashplayer.exe

Clamaritamen

Oracle America, Inc.

Publisher:
Clamaritamen Technologies Inc.  (signed by Oracle America, Inc.)

Product:
Clamaritamen

Version:
2.05.0003

MD5:
5a952c97cd0f207e504250ee1c6078de

SHA-1:
5fb4cedcb12563e017498d7977ec2adb10ad01b6

SHA-256:
a8ff84bfcfa856f5c070acc09178f339e5f01bb3e297fcc9aace857cbcf5a5f0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/2/2024 2:46:57 AM UTC  (today)

File size:
358.1 KB (366,729 bytes)

Product version:
2.05.0003

Original file name:
Clamaritamen.exe

File type:
Executable application (Win32 EXE)

Language:
Bulgarian (Bulgaria)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flashplayer.exe

Digital Signature
Signed by:
Oracle America, Inc.

Authority:
Symantec Corporation

Valid from:
4/14/2015 12:00:00 AM

Valid to:
4/13/2018 11:59:59 PM

Subject:
CN="Oracle America, Inc.", OU=Code Signing Bureau, O="Oracle America, Inc.", L=Redwood Shores, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
12F0277E0F233B39F9419B06E8CDE352

File PE Metadata
Compilation timestamp:
1/24/2016 1:01:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:tgJXNvkF+ShSm88nzL5e55H5S4Vqfq7rvARo:tIXNq+ylDnzIJS4Vqfq7r7

Entry address:
0x11F4

Entry point:
68, E0, FB, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 66, 63, 74, EB, 94, 94, F4, 49, 8E, EA, 07, 81, 7E, 70, 58, 13, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, AB, B4, FB, 76, AE, B5, 4B, 61, 72, 6F, 73, 73, 65, 72, 69, 65, 73, 63, 68, 77, 69, 6E, 67, 75, 6E, 67, 38, 00, 85, BB, 00, 00, 00, 00, FF, CC, 31, 00, 03, 8C, 89, E5, 41, FE, D5, 22, 4F, 93, 63, 92, BE, 27, 6A, C1, 86, B4, 15, F6, DF, A2, 67, 65, 42, 98, 03, 49, DE, 16, FF, 82, D7, 3A, 4F, AD...
 
[+]

Entropy:
7.2471

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
320 KB (327,680 bytes)

The file flashplayer.exe has been seen being distributed by the following URL.

http://327.tdpdpt93g.rahqusanjesh3.org/5971646172453/5971646172453/.../FlashPlayer.exe

Scan flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.