home

flashplayer14_install_win_pi.exe

Adobe Flash Player

Innovative Systems LLC

The application flashplayer14_install_win_pi.exe by Innovative Systems has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from flashplayer.joydownload.com and multiple other hosts.
Publisher:
Innovative Systems LLC  (signed and verified)

Product:
Adobe Flash Player

Version:
1.0.0.0

MD5:
e86c78054136752154920c370f0dc330

SHA-1:
d6d5fc2cb46aa3d08ee838ea281d2c5187b14db6

SHA-256:
7632715c1db491cf7d42f42fce846fcc52ef73e393d33bc0676d93e4d196e87b

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/26/2024 2:56:07 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Agent
2014.07.30

avast!
Win32:Malware-gen
2014.9-140730

AVG
Downloader
2015.0.3397

Clam AntiVirus
Win.Trojan.Opencandy
0.98/21411

Dr.Web
Adware.Downware.5295
9.0.1.0211

ESET NOD32
Win32/OpenCandy (variant)
8.10033

G Data
Win32.Trojan.Agent.2MAPJL
14.7.24

herdProtect (fuzzy)
variant of realplayer-download-8186-.exe (Adware)
2014.9.10.11

IKARUS anti.virus
PUA.JoyDownloader
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.OpenCandy
v2014.07.30.07

McAfee
Artemis!D31E502C1D3F
5600.7053

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.InnovativeSystems.CC
14.7.30.19

Sophos
Generic PUA NG
4.98

Trend Micro House Call
Suspicious_GEN.F47V0623
7.2.211

VIPRE Antivirus
Trojan.Win32.Generic
30884

File size:
433.9 KB (444,264 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer14_install_win_pi.exe

Digital Signature
Signed by:
Innovative Systems LLC

Authority:
VeriSign, Inc.

Valid from:
5/19/2014 3:00:00 AM

Valid to:
5/20/2015 2:59:59 AM

Subject:
CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska oblast, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
450EACFE8D673E82864CE46BC1A92FCA

File PE Metadata
Compilation timestamp:
5/20/2013 2:52:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:FaC3anCUbj1bSCqjgAmX3VFV5C1+JIzPPZCUZ:j3iCUfLBX3VdJIzPPL

Entry address:
0x31B1

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 90, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, FB, 2A, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, E9, 2A, 00, 00...
 
[+]

Entropy:
7.7987

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file flashplayer14_install_win_pi.exe has been seen being distributed by the following 28 URLs.

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhr4coOQp h152L0sC8rlY9RagT1Y/j2PHmugA0MIGjPEe tCrQ3x7piw9SWRAaS9T2 VRLlszi1jf/DrNvYk2VLs55ziVFIRiD Vmtnn4Aj/SnwSDXFEf8EiJuwfmJFab1ddkZMd/6rChU4IZChZkI82emxAC1mcoTy2/.../K3RguuGtDxhljgS7lNdHGT6iX1nhqMPuxgRmNHTOqj9cnYCRZWCjHEvcjPp2awf41yPQD0c=

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXBwj zXP7oQkEsml0kPjq1E1v4YdzZp7dvriWi8yE3iYccJgTtabr2LSXgkRcAcj/dUrzlCr50yb1q1pDEW1mD9GzyD0T9qi3j2raJ7oWJ2DYJoJFf2gsBECf7VlEyzZ1GvnLkDyvMUrcfwsXrJWhEerJxJR8FIeiuCC4gP43cLVgoiqv2RHl5LNCww Z2BGqwoFjLnO1nR5i etDuNiVO1IK3G M2nh0R7or6n1O7ZKl/hW//V91Wt826SDrjsJuC3HV0db0AT4I3K30hsOChHQhqzRy23c8RW2y4RFjhqMPuxgslN3fMv24X39KQOnCiVwWZmvE8YwP6xyDFD0c=

http://flashplayer.1-104327-220260.5402dbe6bf97b.jdcdn.net/get_file/DT_zXyWQL9LAdjAR7JOMeg/1409477110/1/12/1/.../flashplayer14_install_win_pi.exe

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv E8/yG6sGMxwdoEP0b1Y/j2OXmulRwYayHZCeL ErQzw79pxMaYBQiavCX7BlSu4S tgLbbrNPKkGFZqtY6gF9QEi/zGDU2nsUj7Cn4WmGfQK5Xi83iPSVHMe0gJFsFNaXlV3p7e8zJNBBhhqDkGDRxIcayjbx8SyvmoFGMlv5tDoDrLJPtNzEAjojoX/.../MBylnXTFD0c=

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXBwj qXP7oQkEsnl0kPjijGxr1cteQv E8/.../DWOo9AObjvQvDpS3YsCsb3Na39O2XuMlnxcHudG zQSpJ 83yz6tQMVc782pFSW48MnQxn1pMvRRTsc3OnUx87vzDxE4hBe7lNdCGT63WVGn9tj2zEwvPXjWum4Uz9KQOnCiVwWZmvE8YwP6xyDFD0c=

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjynERr0Zdjat h152f0sCw22dBNJ0bterruNDC2w15KdDrYCeLkErM90btixMSbBx6avCX7BlS04S tgKzbr9Kbm2BBs9Vp10dJF3yhACx0lMcq/CzoUSCTRrZOnpi9Y2JFerJxJRsFIa3zVmh0O8TNLAl71fX2GWUveo/g0O8nBSqwtlDdyqYwUYC2M8itbXtOiZ3sXrFkw0xcuMr8iTehMOkxxnD6bIgEsKj7Gme8 8SCkW8qZbxRGscvMjwpt i1WkM/.../NVO5gGPFD0c=

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXBwj qXP7oQkEsnl0kPjijGxr1cteQv A8/.../5sZvm1QRmNHTOqj9cnYCRZWCjHEvcjPp2aAD33CjRD0c=

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhv4coWK4fE9rm/8qHpzyckFbk3kYqm8ZieuyxdSNGmeGumjG7cw0bIjzsCXFVnZv3a6WVT84XG j/XYqtrZlmNKqtY6h19QAi/7Xyx 18kq/CHoDD/IA QclJaoYnUGbNZrcVtLYvOrOT0mJqGOfwV3xPT2GWUve4/gkrRhHGLjuFvE3/VtBJivJJvtLy0NloT/.../rAAfhoZjkxQklLHmHsmgez4aQInnrT0bXmr0mN1avkmLFD0c=

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXBwj qXP7oQkEsnl0kPjijGxr1cteQv A8/yOn9np5iNEIJ1Xlarv OXOuyxdSNGmeTbb7TOB10bIjzsWXFQ6V/z3zT0z2uHGt36yS7oWJ2CYJ/Yc7wF9DVXy1XGIk15tponqzDyGLS/9Wys3zc3MVY/o4LhIdMr38FXB7ctyYf0d3nqqnGCUncpekjbx2Vinm4xOa3v5oa8vjM4b/.../5sZvm1QRmNHTOqj9cnYCRZWCjHEvcjPp3bAHz3SbfD0c=

http://flashplayer.1-104327-220260.53d7977395d98.jdcdn.net/get_file/47h7TvUOcBZMFC_ZNvORnQ/1406641539/1/12/1/.../flashplayer14_install_win_pi.exe

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqnGh7ycteQv A8/yan9np5ktEPJgTta7Hufyro0l8bOGWGCeinHLY1xKtrh8yfDR7Vuz3zT0z2smm mf6SpNrSgzoS9Yc7wF9AXmSmCCx 18ko/iHoDjraAOANgYKjayUMK7MzLhIdZfOmFSI/.../JHiHyz7uNKamS4qdeAfFMdleSNy bflHB4O10jzk4wYT0OmX1Oc48P6kkdwLHmHsmgez4aQInnrT0bXmr0mN1avkmLFD0c=

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXBwj qXP7oQkEsnl0kPjijGxr1cteQv E8/yG6sGMxwdoEP0b1Y/j2PXmunxdKOSCGHOO1X xpl Ynh9SWRAaS9T2 VRLlszi1jf/DrNvYk2VLs55ziVZIRi/ Xix 18kr9Dn7WHGSA7ZfwtWibmMVY A4LhNMOan9RCwgJJqbZAkpz6vnGDQnfIXg2q4/.../MBylnXTFD0c=

http://flashplayer.joydownload.com/get_file/wUia6yjQOMzI2m6zUbjxEAgnkxQ8PjitCkyrI5yP5KpzrznsqSt4ytoEPxG7Ofikfy/tiQEaIGjPEeqtCvNul6trh8ybDR6T/S/6Ckblszi1j//D ICExHFA4p8zgV9QAir2SWY1yJJgq2n7XgzAHv8YmZu9WHBeNtZydgZae/.../9Gk2UrzLaB3nT6nAd1Wrc24SWup6sWCkW8qYbxRRIQ5On0kounkFxxrnEDvi4kRUT7qRQfwqYjmww83NT8=

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXBwj qXP7oQkEsnl0kPjijGxr1cteQv A8/zyn9np5iNEMJ1Xmaqn3fHm ykYcdnGHWOOmEqc20bIjzsSXFVPS7SS7BkH9qjzm1aGO6ZrKmiBBp58i1QoeACPlGDU2nsAj7Cn WnGSA7ZYwtW3bmtSerJxJRsNOb2hCis8II6Sd1J3zqDgfX97O8GjjbFaSTDk3RqWgqokUYC2M8itZWMfhpWvFrAunhZW54n9h0qsN k1y33vRo0B/.../YfFM1oe20o8 ihFwg0xlbplYhWGHXrBwnzq5jtwAokPnmHsmkez5 KZGCjBkvbguh9awLy0yHFD0c=

http://flashplayer.1-104327-220260.53d5b874e3ae7.jdcdn.net/get_file/pyQgYuafQ6az-5_qa6-K8Q/1406518916/1/12/1/.../flashplayer14_install_win_pi.exe

http://flashplayer.joydownload.com/get_file/wUia6yjQOMzI2nSzUbjxCggkkkU3PSqsWxLxas6Q7Lck5jz0o2MxwdoOJ1WzMfi8YyL1hRYEIGjPEeimEqdhn gjnIbBVkXEvT3zT0zzsmnp0qmEvNKbm2BJq4dm3wQBDDb7W3cg1sItkXKkGSfIHOAzj56/.../dsK8ZDJW3MuvXbBwjRZW5473n1n4aql3kD6tQMVb5NXuCzmw8cSCkXUqZrJDQ4Q0MH0itunkFxxrnEDvi4kRUT7qRQfwqYjmww83NT8=

http://flashplayer.1-104327-220260.54037b64aa1ac.jdcdn.net/get_file/tTZ8N8DtBE_XGd_uF7NQ_w/1409517940/1/12/1/.../flashplayer14_install_win_pi.exe

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv E8/yG6sGMxwdoEP0b1Y/j2PHmuhg0MIGjPEe tCrc1w7tmxNSWRAaS9T27VRLlsyK1iv6SpN3SgzUS/cAiiBZIV3StGGgpxYBxvnerEzbbQbgzkZmic2ZbNNZ1dkZgc/bpAzIqasWNLBgonvi9RjQuO4/w2/80DHux8VDOnPV UMv MJ7/JjQeg9O2XuMlnhcHu9SszgC4Mvs8wm60CIxX7c2pAyC9oZrTkCoqdbdDQYc/Pm0o8 ihFwg0xlbplYhWGHXrBwnzqp/.../B8YxDy0SHFD0c=

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjynEB3xYtrbveh152f0sCw22dBNJ0bterruNDC2w15KcjrYCeLkErM90bhgwMWfAB6avCX6BlSo 2m0yP/WpMufyD0f/tJzkV4BXnWtGHgswNEivSH8UHGbQrxezsfzPHQNa7MgbEFbIaSuXHt0O8TNLAl71fX2GWUveo/.../NVO5gGPFD0c=

http://flashplayer.1-104327-220260.53f0a1b1c1a65.jdcdn.net/get_file/maqNq4z-iwZmoVvKzesrwA/1408282561/1/12/1/.../flashplayer14_install_win_pi.exe

http://flashplayer.1-104327-220260.53f0a11403d44.jdcdn.net/get_file/rfTS_Y_IdKFFuW39uG_PcA/1408282403/1/12/1/.../flashplayer14_install_win_pi.exe

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjynEBr6Yt/aveh152P0sD4tl49bb1XsK7H/NWG xFRKOSCGGOO1Xuxj0bIjzsCXFQ6T/y3 DFT8 3G8geeI943KmiBBo58igldQXzWtCDRny4A79WjwXWmLB UCnJimdCUMK7MzLxIdZ/a0FiYuMYuMegkpz6vlEyw3LtmjkrV1Ujjz5xjdl7xmBpivNIa8ZDJW3suvHPsv3BcW55q 1AzqZfN/liflCcxX/.../MBylnXTFD0c=

http://flashplayer.1-104327-220260.53ef4ec5ebc31.jdcdn.net/get_file/mzeAFYe-OcUIxxfdqxnkRQ/1408195797/1/12/1/.../flashplayer14_install_win_pi.exe

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXBwj pXP7oQlssmVx1NTutClirNM7Y9ukw53f/omxxydwcJgTta7HueSro0l8bOGWGCeulGLcxw6trh8ybDR7Et2 hThPlsyK1ivHRptjRlGRCpJ5ziVdIRinkGDU2nsQj7GyjBDfGB/.../7JxG9kNuofKsNkZxBj6fzyVU9zhVW60ddWRXO9UlixsZGnzQwvLHDAuHgfntPQOmDxHBXPg7l1awji1CPFD0c=

http://flashplayer.1-104327-220260.53de5f3407490.jdcdn.net/get_file/CMU-Oia6mSeY9OVBgR3NeA/1407085892/1/12/1/.../flashplayer14_install_win_pi.exe

http://flashplayer.ar.joydownload.com/get_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjynHxj6ZdvRtuh152b0sCgrn8kFbk3hYqn9P3e/wlNKOSCGGOO1Xuxj0bIjzsCXFQ6T/y3 DFT8 3G7geeH94WNg2gIq5YyiUcUCCfkUn4pxYp8vCr NTrHA/gNlJuOcG5ZB/lrMU1HZr38FXB8ctyXf08wh LuECw3eYfg2q4/.../JHkHy288YOb2SYjbaRBQYQvMjwpseKtD044zVbshpQBUXDzDU75opvu1Vl5bzGc DZFlIyRInnrT0LXmrkmPRD7jCvWD0c=

http://flashplayer.1-104327-220260.53f23ac0d5817.jdcdn.net/get_file/jrvIjgc90EFP80mYbxE6cw/1408387280/1/12/1/.../flashplayer14_install_win_pi.exe

http://flashplayer.joydownload.com/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv A8/zyn9np5iNEMJ1Xmaqn3fHm6ykYObT/YTqu1E/Y9wLNyxsKdFQfS9S3yHgKzqnD8gfTbvNjKmiBBp58i1h0CDTTyGDUsnsIt/iz4WWGcQ7RXi83iPSVBMe0gJFsFNaXlVHh/esjONBBhhqLuAGV8LJf5iOc0BSqwsVDd3KY4Fpn esSkfXBc28K/.../MBylnXTFD0c=

Remove flashplayer14_install_win_pi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.