» flashplayer_v.28526810c.exe
Overview
Analysis
File Details
Downloads (1)

flashplayer_v.28526810c.exe

The application flashplayer_v.28526810c.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dls.nicdls.com.

File name:

MD5:

4a43a6b338ec472aa9810a9f749aa92b

SHA-1:

0aa94c7f76db9ec5c61c254e1e95854cfa4f56a4

SHA-256:

bfe9f278080f13cf3b3fd07424faff9a9393ffc94bf781330ca9bb621f8211e8

Scanner detections:

13 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallIQ download installer to bundle various adware offers.

Analysis date:

4/23/2024 5:56:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.DomaIQ.F

5695233

Arcabit

Application.Bundler.DomaIQ.F

1.0.0.628

avast!

Evo-gen [Susp]

151205-4

Bitdefender

Application.Bundler.DomaIQ.F

1.0.20.1710

Dr.Web

Adware.W3i.20

9.0.1.0342

Emsisoft Anti-Malware

Application.Bundler.DomaIQ

10.0.0.5366

ESET NOD32

Win32/DomaIQ.C potentially unwanted application

7.0.302.0

F-Secure

Application.Bundler.DomaIQ

11.2015-08-12_3

G Data

Application.Bundler.DomaIQ

15.12.25

MicroWorld eScan

Application.Bundler.DomaIQ.F

16.0.0.1026

NANO AntiVirus

Riskware.Base64.DomaIQ.cwpnap

1.0.10.5081

Norman

Application.Bundler.DomaIQ.F

07.10.2015 03:16:12

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1077

File size:

109.2 KB (111,829 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\flashplayer_v.28526810c.exe

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:5iezvrL9oMXJy45/CSFz9ozUqHT3wyToQ/JJ1Xi:5NvTsFSFzSzUqzAWoQhi

Entry address:

0x30DE

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 27, 7A, 00, E8, F1, 2B, 00, 00, A3, A4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 68, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, A0, 1E, 7A, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.5348

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file flashplayer_v.28526810c.exe has been seen being distributed by the following URL.

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.28526810c

Remove flashplayer_v.28526810c.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.