home

flashplayer14.exe

The executable flashplayer14.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from storage.googleapis.com and multiple other hosts.
MD5:
bccbebbb7dcccf39a71d44cc8e7633d0

SHA-1:
5d6b5c802988e30bf48c750729eb675a8f54f2db

SHA-256:
3e6ad3f7b2635bed0a0c840ed8ab321407d07d4eab3cf5ea3cd6d1c376a5a398

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
4/25/2024 11:32:28 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/FBook.hshs
3.6.1.96

avast!
Win32:Dropper-gen [Drp]
2014.9-150403

Comodo Security
UnclassifiedMalware
21623

Dr.Web
Python.Downloader.7
9.0.1.093

Emsisoft Anti-Malware
Trojan.Python.FBook
8.15.04.03.10

ESET NOD32
Python/FBook
9.11417

Fortinet FortiGate
Python/FBook.B!tr
4/3/2015

F-Prot
W32/Trojan5.LXG
v6.4.7.1.166

IKARUS anti.virus
Trojan.Python.Fbook
t3scan.1.8.9.0

Kaspersky
Trojan-Downloader.Python.Agent
14.0.0.2248

McAfee
Artemis!BCCBEBBB7DCC
5600.6807

Panda Antivirus
Generic Suspicious
15.04.03.10

Sophos
Troj/Mdrop-GPL
4.98

Trend Micro House Call
Suspicious_GEN.F47V0330
7.2.93

File size:
6.1 MB (6,371,457 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flashplayer14.exe

File PE Metadata
Compilation timestamp:
3/23/2013 6:26:55 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:vDcca9KJi4htCKwgTbsysEvEQWARzlgV0EscAbbpSzZTfu:7cca9KJi4hkKZTbsnXAmNsMzZf

Entry address:
0xB223

Entry point:
E8, 2C, 8E, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, 53, 57, 33, FF, 8B, 44, 24, 10, 0B, C0, 7D, 14, 47, 8B, 54, 24, 0C, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 10, 89, 54, 24, 0C, 8B, 44, 24, 18, 0B, C0, 7D, 13, 8B, 54, 24, 14, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 18, 89, 54, 24, 14, 0B, C0, 75, 1B, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, 44, 24, 0C, F7, F1, 8B, C2, 33, D2, 4F, 79, 4E, EB, 53, 8B, D8, 8B, 4C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75...
 
[+]

Code size:
105.5 KB (108,032 bytes)

The file flashplayer14.exe has been seen being distributed by the following 3 URLs.

http://storage.googleapis.com/.../FlashPlayer14.exe

https://s3-us-west-2.amazonaws.com/.../FlashPlayer14.exe

http://storage.googleapis.com/.../FlashPlayer14.exe

Remove flashplayer14.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.