» flashplayer_tsv4b8s0z.exe
Overview
Analysis
File Details
Downloads (1)

flashplayer_tsv4b8s0z.exe

The application flashplayer_tsv4b8s0z.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from zbane.com.

File name:

MD5:

6ee0083331c1216ea1eea9602731b03d

SHA-1:

92db423f8560161e0d4d20ed17dc5762a40965a2

SHA-256:

7188bb11ac8d023c0f6f86db93f9caa1824ea43d768f082744ba7d4317e37517

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

5/10/2024 4:02:02 AM UTC (today)

Scan engine

Detection

Engine version

Kaspersky

not-a-virus:WebToolbar.Win32.Agent

15.0.0.562

Reason Heuristics

Adware.Bundler (M)

16.4.15.17

File size:

205.9 KB (210,800 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\flashplayer_tsv4b8s0z.exe

File PE Metadata

Compilation timestamp:

6/9/2012 10:19:49 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:Pz+g2mhAMJ/cPl3iwDaozlx/LVXHSPF0MfH:P72mhAMJ/cPlVT7VX2

Entry address:

0xAC87

Entry point:

F0, FF, 75, DC, 57, 57, 53, FF, 75, 10, FF, 75, 0C, 57, 57, FF, 75, FC, FF, 15, 54, 40, 41, 00, FF, 75, 08, 53, FF, D6, FF, 75, F0, FF, 75, FC, FF, D6, 8B, 35, 60, 40, 41, 00, 53, FF, D6, FF, 75, FC, FF, D6, FF, 75, F8, 57, FF, 15, 98, 42, 41, 00, 8B, 45, F4, 5F, 5E, 5B, C9, C2, 0C, 00, 83, 3D, 80, AA, 42, 00, 00, 75, 27, 56, 6A, 00, FF, 15, 94, 42, 41, 00, 8B, F0, 85, F6, 74, 17, 6A, 58, 56, FF, 15, 44, 40, 41, 00, 56, 6A, 00, A3, 80, AA, 42, 00, FF, 15, 98, 42, 41, 00, 5E, A1, 80, AA, 42, 00, 0F, AF, 44... 
[+]

Code size:

73 KB (74,752 bytes)

The file flashplayer_tsv4b8s0z.exe has been seen being distributed by the following URL.

http://zbane.com/.../index_v3.php?value=flash&PPD=-_-ZmZmNF8yMTlfMzYxM18zNjUyX0JSXzIwMS45My4xOTQuNzRfYjcwXzM3MTM0N19BUFA-_-lax1CNaNw_6I7_iAbRACGIDp56CpzPLZYyINMjAxLjkzLjE5NC43NCgBMKq2-p4F&CID=2746478

Remove flashplayer_tsv4b8s0z.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.