» flashplayer_updater.exe
Overview
Analysis
File Details
Downloads (1)

flashplayer_updater.exe

Stiff Old Neck Co.

The application flashplayer_updater.exe by Stiff Old Neck Co has been detected as a potentially unwanted program by 30 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from files4.downloadnet1013.com.

File name:

Publisher:

Trusted Speedy Software Installer (signed by Stiff Old Neck Co.)

Product:

Trusted Speedy Software Installer

Version:

97.7.3.8868

MD5:

4c79c7e735f2434e61a43910e33e94a3

SHA-1:

eb69f9038f0e09a32b193dbd3a3ff8caf3fca8bf

SHA-256:

69827bdbe37b8e0d85147a3a0eda63895fdefe09c11d2e4248b2cde4f1d3b86a

Scanner detections:

30 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

4/19/2024 6:45:52 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.DownloadAdmin.4

358

AhnLab V3 Security

PUP/Win32.DownloadAdmin

2015.12.14

Avira AntiVirus

PUA/DownloadAdmin.Gen7

8.3.2.4

avast!

Win32:DownloadAdmin-AJ [PUP]

2014.9-160212

AVG

Generic

2017.0.2836

Bitdefender

Gen:Variant.Application.Bundler.DownloadAdmin.4

1.0.20.215

Bkav FE

W32.HfsAdware

1.3.0.7383

Comodo Security

Application.Win32.DownloadAdmin.MRJ

23755

Dr.Web

Trojan.Vittalia.336

9.0.1.043

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.DownloadAdmin

8.16.02.12.07

ESET NOD32

Win32/DownloadAdmin.M potentially unwanted application

10.7.0.302.0

F-Prot

W32/DownloAdmin.A.gen

v6.4.7.1.166

F-Secure

Riskware.Gen:Variant.Application.Bundler

11.2016-12-02_6

G Data

Gen:Variant.Application.Bundler.DownloadAdmin

16.2.25

IKARUS anti.virus

PUA.DownloadAdmin

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.212.18090

Kaspersky

not-a-virus:HEUR:Downloader.Win32.Generic

14.0.0.673

Malwarebytes

PUP.Optional.DownLoadAdmin

v2016.02.12.07

McAfee

Program.DownloadAdmin

5600.6492

MicroWorld eScan

Gen:Variant.Application.Bundler.DownloadAdmin.4

17.0.0.129

NANO AntiVirus

Trojan.Win32.DownloAdmin.dujhcq

1.0.10.5081

Norman

Gen:Variant.Application.Bundler.DownloadAdmin.4

11.20160212

Qihoo 360 Security

QVM10.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.StiffOldNeckCo.Installer (M)

16.2.12.7

Rising Antivirus

PE:Malware.DownloadAdmin!6.26F9 [F]

23.00.65.16210

Sophos

PUA 'Download Admin'

5.22

Vba32 AntiVirus

SScope.Downware.DownloadAdmin

3.12.26.4

VIPRE Antivirus

Threat.4150696

45800

ViRobot

Trojan.Win32.AD-Agent.896304[h]

2014.3.20.0

Zillya! Antivirus

Downloader.DownloAdminGen.Win32.2

2.0.0.2561

File size:

875.4 KB (896,408 bytes)

Product version:

97.7.3.8868

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flashplayer_updater.exe

Digital Signature

Signed by:

Stiff Old Neck Co.

Authority:

VeriSign, Inc.

Valid from:

7/6/2015 2:00:00 AM

Valid to:

7/6/2016 1:59:59 AM

Subject:

CN=Stiff Old Neck Co., O=Stiff Old Neck Co., L=San Francisco, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

22DF15FD69B77D2AAB7B5052636D8F0B

File PE Metadata

Compilation timestamp:

7/16/2014 2:27:35 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:vnOMLKmtvPyHu7l8v3gZy9pNg4W7HMcLcN+2QHC2Q:GiKmHyOZo3Qp7scSQU

Entry address:

0xC822

Entry point:

E8, 3C, 05, 00, 00, E9, 57, FD, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A8, 4B, 41, 00, 89, 0D, A4, 4B, 41, 00, 89, 15, A0, 4B, 41, 00, 89, 1D, 9C, 4B, 41, 00, 89, 35, 98, 4B, 41, 00, 89, 3D, 94, 4B, 41, 00, 66, 8C, 15, C0, 4B, 41, 00, 66, 8C, 0D, B4, 4B, 41, 00, 66, 8C, 1D, 90, 4B, 41, 00, 66, 8C, 05, 8C... 
[+]

Code size:

51.5 KB (52,736 bytes)

The file flashplayer_updater.exe has been seen being distributed by the following URL.

http://files4.downloadnet1013.com/download/.../dl?bc=1191361&pid=installmetrix&brand=installmetrix.com&aid=35688&c=supcc008_sda6p_cir9a_supcc008_einortdf_jlp2dfr_MSIE_35688_nokws_0725&country=FR&cb=247896999&filename=FlashPlayer_Updater.exe&productKey=p3kz63nkp6vuvqn6le35zhqpafbck33m&osName=Windows&osVersion=8.1&browserName=IE&browserVersion=11&zTmp=1&executable=1191305

Remove flashplayer_updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.