» flashplayer__6207_i544846497_il242.exe
Overview
Analysis
File Details
Downloads (2)

flashplayer__6207_i544846497_il242.exe

The application flashplayer__6207_i544846497_il242.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer, however the file is not signed with an authenticode signature from a trusted source. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Version:

1.1.1.72

MD5:

676370ad5bedc34fb3918ef205618123

SHA-1:

b78cbc836e463d381aca3cf7e38b340a8d007a30

SHA-256:

d23c00f47692ae929acfceee84fb89900a2f0fb1b2f737fac2af8cfa74088358

Scanner detections:

28 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 11:15:16 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11210645

384

AhnLab V3 Security

PUP/Win32.Amonetiz

16.01.17

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.149.24

avast!

Win32:Amonetize-AK [PUP]

2014.9-160117

AVG

Generic_r

2017.0.2862

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.16117

Bitdefender

Trojan.Generic.11210645

1.0.20.85

Dr.Web

Adware.Downware.2467

9.0.1.017

Emsisoft Anti-Malware

Trojan.Generic.11210645

8.16.01.17.11

ESET NOD32

Win32/Amonetize.AJ (variant)

10.9786

Fortinet FortiGate

Riskware/Amonetize

1/17/2016

F-Secure

Trojan.Generic.11210645

11.2016-17-01_1

G Data

Trojan.Generic.11210645

16.1.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.177.12041

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Amonetize

14.0.0.803

Malwarebytes

PUP.Optional.Amonetize.A

v2016.01.17.11

McAfee

Artemis!676370AD5BED

5600.6518

MicroWorld eScan

Trojan.Generic.11210645

17.0.0.51

NANO AntiVirus

Riskware.Win32.Amonetize.cwscgo

0.28.0.59608

nProtect

Trojan.Generic.11210645

14.05.11.01

Qihoo 360 Security

Win32/Virus.Adware.932

1.0.0.1015

Reason Heuristics

PUP.Amonetize (M)

16.1.17.11

Rising Antivirus

PE:Malware.Adware!6.17D8

23.00.65.16115

Sophos

Amonetize

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0ODN14

7.2.17

Trend Micro

TROJ_GEN.R0CBC0ODN14

10.465.17

VIPRE Antivirus

Trojan.Win32.Generic

29118

File size:

342.5 KB (350,720 bytes)

Product version:

1.1.1.72

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\flashplayer__6207_i544846497_il242.exe

File PE Metadata

Compilation timestamp:

4/8/2014 9:05:57 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:cP0cRWlRZPKL7TtNB70MeZ8MeqbNOPMYS2aoi1GTgpLuuBZJ2q:cP0cRW3ZPI7Tt370Rd2U2fi1GTgfB72

Entry address:

0x29951

Entry point:

E8, D6, 97, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F... 
[+]

Entropy:

6.4480

Code size:

244 KB (249,856 bytes)

The file flashplayer__6207_i544846497_il242.exe has been seen being distributed by the following 2 URLs.

http://ams1.ib.adnxs.com/click?zbBR1m8m1D9qVNjz0qDOPwAAAAAAAPA_alTY89Kgzj_NsFHWbybUPxQ9lxqX0LE8DEfNXJWwHXGqVkRTAAAAANAhJgCTBAAA_AcAAAIAAAD3i8kAxfEFAAAAAQBVU0QAVVNEACwB-gDIMQAA_7YAAgUCAQIAAI4AFSnd4QAAAAA./cnd=!TQbzOQianMsBEPeXpgYYxeMXIAE./referrer=http://metierdelauto.fr/app1.html/clickenc=http://.../direct-download.html?version=1.1.1.72&ci=280&capp=FlashPlayer&ti1=ams1CIyOtebVkuyOcRACGJT63NTxkvTYPCINODAuMTMuMTA1LjE4MygBMKqtkZoF&ti2=2499024

http://www.installpath.com/dd/alldd.html?myref=www.gethdplugin.org&version=1.1.1.72&prefix=FlashPlayerSetup&campid=6207&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MPOqGv0lVQA14X4BAAAAAK06cwAAAAAAAAAcAAYAAAAAAA4AAgADE4iCjQAAAAAAgceGAAAAAAD4do0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6NhsAAAAAAAIAAwAAgD8AmFWmQ0UBAAAAAAAAAGE0ZjBjNDE0LWJmNzQtMTFlMy05YzNiLWNmZGFmMzNlMzA3OQAAAAAAAAA=,eJyzyPJN9ysOzMsOzzHwt8wODU0pLinzKotKy60yM0p1L3FK19UFAOybDIU=&capp=FlashPlayer&AMt=1396999329906&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

Remove flashplayer__6207_i544846497_il242.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.