» flashplayer__4369_i1232920191_il4.exe
Overview
Analysis
File Details
Downloads (5)

flashplayer__4369_i1232920191_il4.exe

The application flashplayer__4369_i1232920191_il4.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.more-files.com and multiple other hosts.

File name:

Version:

1.1.6.20

MD5:

d0306824c66384c03470e0205eff8cfe

SHA-1:

70585b84cf601c2cb1536a556d56a5cb54f0ca1a

SHA-256:

78b6a8a846d0d8c537b62f45576272d4a0c7688805481aaa13a910f3de1d9c8e

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

5/13/2024 9:38:43 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetize

2014.09.02

Avira AntiVirus

ADWARE/Adware.Gen

7.11.170.136

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.14915

Bkav FE

HW32.CDB

1.3.0.4959

Dr.Web

Adware.Downware.8379

9.0.1.0258

ESET NOD32

Win32/Amonetize.BN (variant)

8.10352

Fortinet FortiGate

Riskware/Amonetize

9/15/2014

K7 AntiVirus

Riskware

13.183.13230

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.3247

Malwarebytes

PUP.Optional.Amonetize

v2014.09.15.01

McAfee

PUP-Amonetize

5600.7006

Panda Antivirus

Trj/Genetic.gen

14.09.15.01

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.15.13

Sophos

Generic PUA HA

4.98

Trend Micro House Call

TROJ_SPNR.08HT14

7.2.258

Trend Micro

TROJ_SPNR.08HT14

10.465.15

Zillya! Antivirus

Adware.Amonetize.Win32.922

2.0.0.1908

File size:

343 KB (351,232 bytes)

Product version:

1.1.6.20

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\flashplayer__4369_i1232920191_il4.exe

File PE Metadata

Compilation timestamp:

8/27/2014 11:01:59 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:mmmFHjLBAD4wbCyUpbR4RsQgljuLGpyAwTogKoEZgvSc7m:4HBADmXIDgAipyzon/2vV7m

Entry address:

0xAE62

Entry point:

E8, 5E, 45, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 1C, 9D, 3B, 00, 00, 75, 18, E8, 54, 2D, 00, 00, 6A, 1E, E8, 9E, 2B, 00, 00, 68, FF, 00, 00, 00, E8, D6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 1C, 9D, 3B, 00, FF, 15, 14, 31, 3B, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 20, 9D, 3B, 00, 74, 0D, 53, E8, 1D, 15, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 3A, 24, 00, 00, 89, 30, E8, 33, 24, 00, 00, 89... 
[+]

Entropy:

7.5757

Code size:

69.5 KB (71,168 bytes)

The file flashplayer__4369_i1232920191_il4.exe has been seen being distributed by the following 5 URLs.

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MzEzN3w1MDgzfFBMfDN8MXx8|bfbe65233ab3ca1d2eb3290caf0a6408|9de80ee0-2e2b-11e4-93b2-0025b320a860&capp=FlashPlayer&AMt=1409241020729&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTgzN3w1MDY1fFBMfDN8MXx8|0508bd5422e63360d703a307569c5540|bf1e7b20-e57f-11e3-a790-0025b320a860&capp=FlashPlayer&AMt=1409244494708&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTgzN3w1MDY1fFBMfDN8MXx8|0508bd5422e63360d703a307569c5540|0a9ffdd0-0dd5-11e4-ba1d-0025b320a860&capp=FlashPlayer&AMt=1409243049561&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTgzN3w1MDY1fFBMfDN8MXx8|0508bd5422e63360d703a307569c5540|ae761d60-1e54-11e4-b53e-0025b320a860&capp=FlashPlayer&AMt=1409242639934&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.entertainingdownload.com/tdownload.php?s1=8f2923477b4aaf5cfd63684ba48c33be0ade4676&t1=1409232453&myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTg3fDIxMzB8SUx8M3wxfHw

Remove flashplayer__4369_i1232920191_il4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.