home

flashplayer_v.13935772c.exe

Awimba LLC

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayer_v.13935772c.exe by Awimba has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Awimba LLC  (signed and verified)

MD5:
ec781bdaca20f56b6e88efacbae65027

SHA-1:
5c9ae40d3b824bb8549cae6869029e7d8af3efcc

SHA-256:
885cf8f5f2d3d14423717e329ac0866e2900efabe637f6b53e5e5ac0c2e47c48

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/23/2024 8:33:34 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Agent
7.1.1

AhnLab V3 Security
Malware/Gen.Generic
2013.06.01

Avira AntiVirus
TR/Trash.Gen
7.11.146.118

avast!
MSIL:DomaIQ-C [PUP]
2014.9-140807

AVG
MalSign.Skodna
2015.0.3348

Bitdefender
Adware.DomaIQ.B
1.0.20.1095

Comodo Security
ApplicUnwnt
17081

Dr.Web
Trojan.Damaged.1
9.0.1.0219

Emsisoft Anti-Malware
Adware.DomaIQ
8.14.08.07.06

ESET NOD32
Win32/DomaIQ
8.8899

Fortinet FortiGate
Adware/DomaIQ
8/7/2014

F-Secure
Adware.DomaIQ.B
11.2014-07-08_5

G Data
Adware.DomaIQ
14.8.22

herdProtect (fuzzy)
variant of flashplayer_v.14033234c.exe (Adware)
2014.9.18.10

IKARUS anti.virus
Application.Downloader.QI
t3scan.2.0.127

Malwarebytes
Adware.DomaIQ
v2014.08.07.06

McAfee
Artemis!0E84DE26BDC6
5600.7045

MicroWorld eScan
Adware.DomaIQ.B
15.0.0.783

NANO AntiVirus
Trojan.Win32.Siggen5.cbigyv
0.26.0.55366

nProtect
Adware.DomaIQ.B
13.05.31.05

Reason Heuristics
PUP.Awimba.W
14.8.7.18

Sophos
DomainIQ pay-per install
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10323

Trend Micro House Call
TROJ_GEN.R0CBH06HR13
7.2.219

Trend Micro
TROJ_GEN.R0CBC0PI413
10.465.07

Vba32 AntiVirus
AdWare.DomaIQ
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
22246

File size:
891.9 KB (913,296 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\flashplayer_v.13935772c.exe

Digital Signature
Signed by:
Awimba LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/18/2012 10:12:06 AM

Valid to:
12/18/2013 10:12:06 AM

Subject:
CN=Awimba LLC, O=Awimba LLC, L=wilmington, S=DE, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0423F035F20DC9

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:UFUAmn9asPU/esa9uXFJ58XtXyunqCc4aJ8:LZPUGPWFet3qv47

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9815

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file flashplayer_v.13935772c.exe has been seen being distributed by the following 5 URLs.

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.14179342c

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.12986504c

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.13941656c

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.12841486c

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.13472684c

Remove flashplayer_v.13935772c.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.