home

flashplayer__4369_i1015259043_il26.exe

The application flashplayer__4369_i1015259043_il26.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.more-files.com and multiple other hosts.
Version:
1.1.6.20

MD5:
6353a726e2f195e3dd5525a190f23206

SHA-1:
1a9219edd5f9cce5d3e950eb7e4b5da70a2565a2

SHA-256:
ce4da87ca6859e65786d4323084e31d6b78bfc0653b4a2dd3089d359d0d8613b

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:37:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1748163
910

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.07.11

avast!
Win32:Amonetize-CI [PUP]
2014.9-140809

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.1489

Bitdefender
Trojan.GenericKD.1748163
1.0.20.1105

Dr.Web
Adware.Downware.5717
9.0.1.0221

ESET NOD32
Win32/Amonetize.BG (variant)
8.10075

F-Secure
Trojan.GenericKD.1748163
11.2014-09-08_7

G Data
Trojan.GenericKD.1748163
14.8.24

Malwarebytes
PUP.Optional.Amonetize
v2014.08.09.01

McAfee
Artemis!6353A726E2F1
5600.7044

MicroWorld eScan
Trojan.GenericKD.1748163
15.0.0.663

NANO AntiVirus
Riskware.Win32.Amonetize.dcckkw
0.28.0.60698

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.9.1

Trend Micro House Call
Suspicious_GEN.F47V0708
7.2.221

VIPRE Antivirus
Trojan.Win32.Generic
31148

File size:
326 KB (333,824 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\flashplayer__4369_i1015259043_il26.exe

File PE Metadata
Compilation timestamp:
7/4/2014 7:37:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:4nck/KG/pZywzTBQ8JXeK32NoYdok4n8vCE0P9tzXepv7Z+:4nckfhEwzTNpdk4n86RP9Ut+

Entry address:
0x11277

Entry point:
E8, BA, 46, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 3C, 2D, 42, 00, 00, 75, 18, E8, B4, 3D, 00, 00, 6A, 1E, E8, FE, 3B, 00, 00, 68, FF, 00, 00, 00, E8, 97, F6, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40...
 
[+]

Entropy:
7.3830

Code size:
94.5 KB (96,768 bytes)

The file flashplayer__4369_i1015259043_il26.exe has been seen being distributed by the following 5 URLs.

http://www.more-files.com/alldd.html?myref=www.newhdplugin.net&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=ODM0fDUwODR8SUR8M3wxfHw|5a3b0157431319d258e215fae8b4e084|d9de45b0-fd5f-11e3-b0a7-002590f00f96&capp=FlashPlayer&AMt=1404838379088&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.more-files.com/alldd.html?myref=www.newhdplugin.net&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MjQzNnw1NDk4fE1YfDN8MXx8|f6da737c31cba4d82d30cdcbde207ebf|bc26eea0-8f5f-11e3-88fd-0025b320a860&capp=FlashPlayer&AMt=1404838785008&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.generallydownload.com/download.php?version=1.1.6.20&campid=5241&instid[appname]=The Crew&instid[appsetupurl]=http://.../aclhd.exe&instid[cmdline]=&instid[appimageurl]=http://.../Header.jpg&prefix=TheCrewInstaller&instid[thankyoupage]=http://.../thank-you.html

http://www.generallydownload.com/download.php?version=1.1.6.20&campid=5241&instid[appname]=The Crew&instid[appsetupurl]=http://.../aclhd.exe&instid[cmdline]=&instid[appimageurl]=http://.../Header.jpg&prefix=TheCrewInstaller&instid[thankyoupage]=http://.../thank-you.html

http://q=http://.../1mUwxll

Remove flashplayer__4369_i1015259043_il26.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.