» FlashPlayer.exe
Overview
Analysis
File Details

FlashPlayer.exe

Online Games Downloader

Cheng Du VTools Information Technology

The application FlashPlayer.exe by Cheng Du VTools Information Technology has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

FlashPlayer.exe

Publisher:

VTools (signed by Cheng Du VTools Information Technology)

Product:

Online Games Downloader

Description:

Flash Player

Version:

2.0

MD5:

38438373ad73593dda307dc9eb66acb1

SHA-1:

6db0877b6fa0faeef094b1f6882fcb816c634aee

SHA-256:

aa8c9c1a17aae2b41f2d3f1f0c45fa6d06817ce663f877915795a0420255deff

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 8:19:13 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ChengDuVToolsInformationTechnology.L

14.8.29.2

File size:

663.9 KB (679,792 bytes)

Product version:

2.0

Trademarks:

VTools

Original file name:

FlashPlayer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\online games downloader\flashplayer.exe

Digital Signature

Signed by:

Cheng Du VTools Information Technology

Authority:

VeriSign, Inc.

Valid from:

12/11/2011 3:00:00 AM

Valid to:

1/26/2014 2:59:59 AM

Subject:

CN=Cheng Du VTools Information Technology, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Cheng Du VTools Information Technology, L=ChengDu, S=SiChuan, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1B5D68E0AFA12E8F1159C668DD228431

File PE Metadata

Compilation timestamp:

11/12/2010 10:54:05 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:pLmFVqAjdM/NgOvoGMvhUfEOo9V0M7dOvLNA8eVX5YDbxuzXnVSxqJME5Jrm:pLOM/6f2O9VZ7dOvRA8eVX5qCjME/m

Entry address:

0x2802E

Entry point:

E8, 38, 56, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, A0, F6, 44, 00, 75, 02, F3, C3, E9, BA, 56, 00, 00, 8B, FF, 51, C7, 01, CC, 14, 44, 00, E8, B2, 57, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 81, 0F, FE, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, F3, 57, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, CE, 16, 00, 00, 53... 
[+]

Entropy:

5.1041

Code size:

240 KB (245,760 bytes)

Remove FlashPlayer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.