home

flashplayer11.exe

Downloader

AND LLC

The application flashplayer11.exe by AND has been detected as adware by 24 anti-malware scanners.
Publisher:
AND LLC  (signed and verified)

Product:
Downloader

Version:
1, 0, 0, 0

MD5:
a5a3fdce578f2e312776f2cb58425469

SHA-1:
b33a9c566ec88692a7477d56be27b69dde9f3a68

SHA-256:
11e20e32477b45ca381979216fb6d11cafa445ee37eb1cd227c8ae5b5f6dce77

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
4/19/2024 8:58:06 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.LoadMoney
2013.11.19

Avira AntiVirus
DR/Delphi.Gen
7.11.114.86

AVG
Win32/Cryptor
2016.0.3165

Bitdefender
Gen:Variant.Application.LoadMoney.57
1.0.20.395

Comodo Security
TrojWare.Win32.Kryptik.BMMN
17294

Dr.Web
Trojan.LoadMoney.188
9.0.1.079

Emsisoft Anti-Malware
Gen:Variant.Application.LoadMoney.57
8.15.03.20.07

ESET NOD32
Win32/LoadMoney.AO
9.9065

Fortinet FortiGate
W32/Kryptik.WIE!tr
3/20/2015

F-Prot
W32/Trojan-Gypikon-based.DM2!Ma
v6.4.7.1.166

F-Secure
Gen:Variant.Application.LoadMoney.57
11.2015-20-03_6

G Data
Gen:Variant.Application.LoadMoney.57
15.3.22

IKARUS anti.virus
not-a-virus:Downloader.Win32.LMN
t3scan.2.2.29

K7 AntiVirus
Adware
13.173.10234

Kaspersky
not-a-virus:Downloader.Win32.LMN
14.0.0.2318

Malwarebytes
PUP.Optional.LoadMoney
v2015.03.20.07

McAfee
PUP-FEC!A5A3FDCE578F
5600.6821

MicroWorld eScan
Gen:Variant.Application.LoadMoney.57
16.0.0.237

NANO AntiVirus
Trojan.Win32.LMN.ckfdrl
0.28.0.56316

Panda Antivirus
Trj/Genetic.gen
15.03.20.07

Reason Heuristics
PUP.AND
15.3.20.8

Sophos
Troj/LdMon-D
4.94

SUPERAntiSpyware
Trojan.Agent/Gen-Kazy
9986

VIPRE Antivirus
Trojan.Win32.Kryptik.bnre
23504

File size:
227.9 KB (233,376 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright 2013

Original file name:
Downloader.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\downloads\flashplayer11.exe

Digital Signature
Signed by:
AND LLC

Authority:
COMODO CA Limited

Valid from:
10/10/2013 3:00:00 AM

Valid to:
10/11/2014 2:59:59 AM

Subject:
CN=AND LLC, O=AND LLC, STREET="Marshala Fedorenko street, 7", L=Moscow, S=Moscow, PostalCode=125599, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
77019A082385E4B73F569569C9F87BB8

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:v7AIqystqN0F6bl6osEhuc3N072IBeEBV3+6GuTL2QCfityR+M/C:7A6D7A37/7+6Gu/2vfilR

Entry address:
0x18F1C

Entry point:
83, 3D, A0, 35, 42, 00, 00, 75, 3F, 89, 44, 8D, 41, 00, FF, 25, 30, 8F, 41, 00, AA, 8F, 41, 00, 62, 83, 3D, 42, 30, 42, 00, 00, 7D, 0A, C7, 05, 1E, 30, 42, 00, 31, 03, 01, 00, 89, 35, 2B, 30, 42, 00, B9, 33, 01, 00, 00, 89, F9, 01, 05, 9D, 30, 42, 00, 83, 3D, 28, 32, 42, 00, 00, 74, C6, E8, CF, FD, FF, FF, 89, 1D, 3C, 30, 42, 00, 89, 05, 53, 30, 42, 00, 29, 0D, 17, 30, 42, 00, 89, 35, 43, 30, 42, 00, 8B, 05, 80, 31, 42, 00, 85, C0, 74, AA, C7, 05, 14, 30, 42, 00, 04, 10, 40, 00, C7, 05, 18, 30, 42, 00, 8C...
 
[+]

Code size:
96.5 KB (98,816 bytes)

Remove flashplayer11.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.