home

flashplayer17_install_update.exe

SAPO

The executable flashplayer17_install_update.exe has been detected as malware by 28 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from docs.google.com.
Publisher:
SAPO  (signed and verified)

Version:
17.0.0.188

MD5:
6896b19e6e635fb5ef128d92be595541

SHA-1:
9e1c5b486e2a9436c20ae9a56cecc92b4aa3904f

SHA-256:
b87b7ce4e4d19a32b7b04d1dd3865d3a09ae51e5c5e3e6ca350b8340b471be32

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
5/16/2025 11:14:16 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2478518
385

Agnitum Outpost
Trojan.DL.Banload
7.1.1

Avira AntiVirus
TR/Dldr.Agent.442512.1
8.3.2.2

Arcabit
Trojan.Generic.D25D1B6
1.0.0.585

avast!
MSIL:Downloader-NY [Trj]
2014.9-160116

AVG
Downloader.MSIL
2017.0.2863

Baidu Antivirus
Trojan.MSIL.Banload
4.0.3.16116

Bitdefender
Trojan.GenericKD.2478518
1.0.20.80

Bkav FE
W32.Clod3e6.Trojan
1.3.0.7383

Emsisoft Anti-Malware
Trojan.GenericKD.2478518
8.16.01.16.03

ESET NOD32
MSIL/TrojanDownloader.Banload.DW (variant)
10.12468

Fortinet FortiGate
W32/Banload.BTC!tr.dldr
1/16/2016

F-Secure
Trojan.GenericKD.2478518
11.2016-16-01_7

G Data
Trojan.GenericKD.2478518
16.1.25

IKARUS anti.virus
Trojan-Downloader.MSIL.Banload
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.17655

Kaspersky
Trojan-Downloader.MSIL.Banload
14.0.0.809

McAfee
RDN/Generic Downloader.x
5600.6519

Microsoft Security Essentials
TrojanDownloader:MSIL/Banload
1.1.12205.0

MicroWorld eScan
Trojan.GenericKD.2478518
17.0.0.48

NANO AntiVirus
Trojan.Win32.Banload.dttgqi
0.30.26.3947

nProtect
Trojan.GenericKD.2478518
15.10.26.01

Panda Antivirus
Trj/Chgt.O
16.01.16.03

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Quick Heal
TrojanDownloader.MSIL.r3
1.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R02ZC0VFJ15
10.465.16

VIPRE Antivirus
Trojan.Win32.Generic
44830

File size:
432.1 KB (442,512 bytes)

Product version:
17.0.0.188

Original file name:
ZIPLoader.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\flashplayer17_install_update.exe

Digital Signature
Signed by:
SAPO

Authority:
SAPO

Valid from:
6/5/2015 2:08:35 PM

Valid to:
6/5/2016 2:08:35 PM

Subject:
E=cmd@sapo.pt, CN=SAPO.PT, OU=SAPO Division of Protocol, O=SAPO, L=Opalo, S=Jobila, C=AS

Issuer:
E=cmd@sapo.pt, CN=SAPO.PT, OU=SAPO Division of Protocol, O=SAPO, L=Opalo, S=Jobila, C=AS

Serial number:
00A7AB2CD21ECC7345

File PE Metadata
Compilation timestamp:
6/7/2015 12:45:20 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:ECDpHPRhpk9aZyhVcFOzsVpcc9kZb5ZYk2WcSCSLeyYcEeI/KQ73WmiiD9xJgSUs:jp29rcFOgX9kZVrMJgLmbTzv

Entry address:
0x44F0A

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
268 KB (274,432 bytes)

The file flashplayer17_install_update.exe has been seen being distributed by the following URL.

https://docs.google.com/uc?id=0B_NWrvhUFHQzeDVhWnFTam1zUVU&export=download

Remove flashplayer17_install_update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.