» flashplayer_updater.exe
Overview
Analysis
File Details

flashplayer_updater.exe

TRUSTED INSTALL SOFTWARE

The application flashplayer_updater.exe by TRUSTED INSTALL SOFTWARE has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the Tomorrow Software Installer installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

Wealthy FYI Install System (signed by TRUSTED INSTALL SOFTWARE)

Product:

Wealthy FYI Install System

Version:

20.2.1.9312

MD5:

727eb40442c1f2d553bb6fe3fb267fc1

SHA-1:

9f9576bf5196a169b533d7649f45602ec209a4aa

SHA-256:

7a23504117b6b60d467b20bf89dde21809a33502c856a8a572997a041367ff03

Scanner detections:

2 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

5/12/2024 8:27:44 PM UTC (today)

Scan engine

Detection

Engine version

herdProtect (fuzzy)

variant of setup.exe (Adware)

2015.8.22.17

Reason Heuristics

PUP.TomorrowSoftware.TRUSTEDINSTALLSOFTWARE.Installer (M)

15.7.22.9

File size:

875.7 KB (896,728 bytes)

Product version:

20.2.1.9312

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Tomorrow Software Installer

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flashplayer_updater.exe

Digital Signature

Signed by:

TRUSTED INSTALL SOFTWARE

Authority:

VeriSign, Inc.

Valid from:

6/9/2015 5:00:00 PM

Valid to:

6/9/2016 4:59:59 PM

Subject:

CN=TRUSTED INSTALL SOFTWARE, O=TRUSTED INSTALL SOFTWARE, L=San Francisco, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2A889382754355CE927EAE3A2EA732CB

File PE Metadata

Compilation timestamp:

8/17/2014 10:09:05 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:hE3MLKmtvPyHu7uiNTy9pNg4W7HM8ncN+2QHCKQ:+3iKmHyOZJp7s8+QA

Entry address:

0xC822

Entry point:

E8, 3C, 05, 00, 00, E9, 57, FD, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A8, 4B, 41, 00, 89, 0D, A4, 4B, 41, 00, 89, 15, A0, 4B, 41, 00, 89, 1D, 9C, 4B, 41, 00, 89, 35, 98, 4B, 41, 00, 89, 3D, 94, 4B, 41, 00, 66, 8C, 15, C0, 4B, 41, 00, 66, 8C, 0D, B4, 4B, 41, 00, 66, 8C, 1D, 90, 4B, 41, 00, 66, 8C, 05, 8C... 
[+]

Entropy:

7.9569 (probably packed)

Code size:

51.5 KB (52,736 bytes)

Remove flashplayer_updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.