home

flashplayer__4369_i1189615085_il18.exe

The application flashplayer__4369_i1189615085_il18.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.entertainingdownload.com.
Version:
1.1.6.20

MD5:
71eed5931808b22b0bb4944481cb96ba

SHA-1:
3445661e763f3609c8f53cac9c391104ceef467f

SHA-256:
600e41b3ba9b61b9375ebd080692415cd874d42fc8e748bc2d0e9ab512b9135f

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
5/12/2024 9:00:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.12
854

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2014.08.19

Avira AntiVirus
ADWARE/Adware.Gen
7.11.167.212

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14104

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.12
1.0.20.1385

Bkav FE
HW32.CDB
1.3.0.4959

Dr.Web
Adware.Downware.8012
9.0.1.0277

ESET NOD32
Win32/Amonetize.BM (variant)
8.10274

F-Secure
Gen:Variant.Application.Bundler
11.2014-04-10_7

G Data
Gen:Variant.Application.Bundler.Amonetize.12
14.10.24

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.3154

Malwarebytes
PUP.Optional.Amonetize
v2014.10.04.06

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.12
15.0.0.831

NANO AntiVirus
Riskware.Win32.Amonetize.ddtnan
0.28.2.61519

Panda Antivirus
Trj/CI.A
14.10.04.06

Qihoo 360 Security
Win32/Application.c7d
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.4.6

File size:
441.5 KB (452,096 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer__4369_i1189615085_il18.exe

File PE Metadata
Compilation timestamp:
8/8/2014 4:14:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:gVV0zJWDkT7ikFr70kFtZkj5+LIL1XVc6Efkopg:+wT7hr70kdkkLAW6Etpg

Entry address:
0x10FBF

Entry point:
E8, E2, 56, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 3C, 4E, 3A, 00, 00, 75, 18, E8, F5, 2E, 00, 00, 6A, 1E, E8, 3F, 2D, 00, 00, 68, FF, 00, 00, 00, E8, 37, F3, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 3C, 4E, 3A...
 
[+]

Code size:
100.5 KB (102,912 bytes)

The file flashplayer__4369_i1189615085_il18.exe has been seen being distributed by the following URL.

http://www.entertainingdownload.com/tdownload.php?s1=ea78f5f5f2cae1ea2faec58a8ab487c538f1cd2f&t1=1408370929&myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MjU3N3w1MDY1fE1BfDN8MXx8

Remove flashplayer__4369_i1189615085_il18.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.