» flashplayer__4369_i1235358311_il4.exe
Overview
Analysis
File Details
Downloads (2)

flashplayer__4369_i1235358311_il4.exe

The application flashplayer__4369_i1235358311_il4.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.entertainingdownload.com and multiple other hosts.

File name:

Version:

1.1.6.20

MD5:

be9df3939420d752ccd1faf22d1c4335

SHA-1:

28ca8428a38023659a20b518b4526f975ab0eb63

SHA-256:

3f468353162bef2d425f07f29c467a965e1532aa048b9649ed87a61f764b32ad

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

5/12/2024 7:02:48 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.153235

890

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetize

2014.08.31

Avira AntiVirus

APPL/Amonetize.htzw

7.11.169.216

AVG

Generic

2015.0.3366

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.14829

Dr.Web

Adware.Downware.8379

9.0.1.0243

ESET NOD32

Win32/Amonetize.BN (variant)

8.10333

F-Secure

Gen:Variant.Graftor.153235

11.2014-29-08_6

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.3325

Malwarebytes

PUP.Optional.Amonetize

v2014.08.29.02

McAfee

PUP-Amonetize

5600.7024

Panda Antivirus

Trj/Genetic.gen

14.08.31.12

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.8.31.0

Sophos

Generic PUA NI

4.98

File size:

343.5 KB (351,744 bytes)

Product version:

1.1.6.20

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\flashplayer__4369_i1235358311_il4.exe

File PE Metadata

Compilation timestamp:

8/27/2014 11:01:59 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:CmmFHjLBAD4wmbot+v/OnH9EaNgEdQGyJYTD6ZC7LG9R0gC7Fnm:EHBADGbotXdE5JlYTDV7LG9WgUnm

Entry address:

0xAE62

Entry point:

E8, 5E, 45, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 1C, 9D, 3B, 00, 00, 75, 18, E8, 54, 2D, 00, 00, 6A, 1E, E8, 9E, 2B, 00, 00, 68, FF, 00, 00, 00, E8, D6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 1C, 9D, 3B, 00, FF, 15, 14, 31, 3B, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 20, 9D, 3B, 00, 74, 0D, 53, E8, 1D, 15, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 3A, 24, 00, 00, 89, 30, E8, 33, 24, 00, 00, 89... 
[+]

Code size:

69.5 KB (71,168 bytes)

The file flashplayer__4369_i1235358311_il4.exe has been seen being distributed by the following 2 URLs.

http://www.entertainingdownload.com/tdownload.php?s1=e2416b885c2bc4161ee179386a64ac2291e4eb52&t1=1409285758&myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTh8NDYxNnxVU3wzfDF8fA|167163e4178bb3acaf3040a7421daaab|68b805e0-2f2a-11e4-a747-002590f00f96&capp=FlashPlayer&AMt=1409285575710&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTh8NDYxNnxVU3wzfDF8fA|167163e4178bb3acaf3040a7421daaab|68b805e0-2f2a-11e4-a747-002590f00f96&capp=FlashPlayer&AMt=1409285575710&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

Remove flashplayer__4369_i1235358311_il4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.