home

flashplayer__4369_i1132254197_il7.exe

The executable flashplayer__4369_i1132254197_il7.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the TUGUU DomaIQ Setup installer, however the file is not signed with an authenticode signature from a trusted source. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from www.more-files.com and multiple other hosts.
Version:
1.1.6.20

MD5:
1860c8a02f8c7549a64cafdd8c861cec

SHA-1:
a42937d2178af62ce8f73ff3eaf5f184cd604e9d

SHA-256:
241973d365bebc5651c033c5ba40c45b0fb252450292f7153916980abedf947b

Scanner detections:
1 / 68

Status:
Malware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/12/2024 11:45:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.1.24.6

File size:
559 KB (572,416 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer__4369_i1132254197_il7.exe

File PE Metadata
Compilation timestamp:
8/5/2014 5:04:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:YEIJiO3OpTxrcSfqLs21GDDysWSxw64+doMiNgHo4dThMjplacmRXBfHi2d1dK6B:TIJjX1C8gHoCTKjyBfHi2xK6B

Entry address:
0x3F6EB

Entry point:
E8, 15, F9, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 24, 67, 48, 00, 00, 74, 05, E9, 74, F9, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83...
 
[+]

Entropy:
6.5795

Code size:
422.5 KB (432,640 bytes)

The file flashplayer__4369_i1132254197_il7.exe has been seen being distributed by the following 2 URLs.

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTEzfDIxMzB8RlJ8M3wxfHw|c4020c18ac49f2e4c71e8ec2b43ff076|22605ac0-1440-11e4-b576-0025b320a860&capp=FlashPlayer&AMt=1407281960881&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.filleddownload.com/tdownload.php?s1=cf2c3db207f4b1aca0d5762b889d2dbd0ed20910&t1=1407282008&myref=www.downloadthesefiles.com&version=1.1.6.20&prefix=TrueSkateHack3&campid=7462&instid[appname]=TrueSkateHack3&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png&AMt=1407281830016&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

Remove flashplayer__4369_i1132254197_il7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.