» flashplayer_v.71428794b.exe
Overview
Analysis
File Details
Downloads (51)

flashplayer_v.71428794b.exe

Awimba LLC

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayer_v.71428794b.exe by Awimba has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

Awimba LLC (signed and verified)

MD5:

19c2a66a893e6f3be9817776b6e76562

SHA-1:

91393637454430110659b5938cfb04a26ba11d31

SHA-256:

05f895a3dd8e227a06a650134cd9079147680b0cd62fa81f7aeb05498d96f73c

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Uses the InstallIQ download installer to bundle various adware offers.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/24/2024 1:27:10 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/DomaIQ.Gen

7.11.123.138

avast!

Win32:DomaIQ-AI [PUP]

2014.9-140507

AVG

MalSign.Skodna

2015.0.3481

Bkav FE

W32.Cloda54.Trojan

1.3.0.4613

Comodo Security

UnclassifiedMalware

17555

Dr.Web

Adware.W3i.29

9.0.1.0127

ESET NOD32

Win32/DomaIQ

8.9252

Fortinet FortiGate

W32/DomaIQ.C

5/7/2014

F-Prot

W32/DomaIQ.A

v6.4.7.1.166

G Data

NSIS.Application.DomaIQ

14.5.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

K7 AntiVirus

Trojan

13.175.10735

Malwarebytes

Adware.DomaIQ

v2014.05.07.05

McAfee

Artemis!19C2A66A893E

5600.7137

NANO AntiVirus

Trojan.Win32.W3i.cjeffs

0.28.0.57029

Norman

Obfuscated.gen!r

11.20140507

Reason Heuristics

PUP.Awimba.W

14.8.7.18

Rising Antivirus

PE:Trojan.Win32.Generic.1582BDDE!360889822

23.00.65.14505

Sophos

DomainIQ pay-per install

4.96

Trend Micro House Call

TROJ_GEN.R0CBC0PJJ13

7.2.127

Trend Micro

TROJ_GEN.R0CBC0PJJ13

10.465.07

VIPRE Antivirus

DomaIQ

25104

ViRobot

Backdoor.Win32.A.Hupigon.852048

2011.4.7.4223

File size:

832.1 KB (852,048 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:

C:\users\{user}\downloads\flashplayer_v.71428794b.exe

Digital Signature

Signed by:

Awimba LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/18/2012 5:12:06 PM

Valid to:

12/18/2013 5:12:06 PM

Subject:

CN=Awimba LLC, O=Awimba LLC, L=wilmington, S=DE, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

0423F035F20DC9

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:DFtGD/L5fUJ/nn3bOKSk+gU/FO1GxISS5cWltdzuRh:u3RUNuzgU01SqXfzuRh

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file flashplayer_v.71428794b.exe has been seen being distributed by the following 50 URLs.

http://network.adsmarket.com/.../i2dvlmfKfZeMZ2zEXsp6w4lmaphkoX6Vt2pwnWKcqZyKZG6WjaF7moplag?dp=M0334H9OPCGHVAY7

http://ad.yieldmanager.com/clk?3,eJyljd1Og0AQhZ-GOyQ7-9OwIV4sUoimW4pZbZabBtgVqLRWIdb69IUQ9QE8mZycfDM5AyQwpSElh6oA.uID4QEQC5RZzhfcRUEQAPcBMyCIuolsaGRudCZEz.YyFJM24l1lYlY92f2cN.7k0VKkYXaeUZpmj3O60.1Win8IvObn6fhv7K8jX5QPuY0jGv5eJfKyVk9I75tmtV1ijbNBqriTLbQaS7RSFc2VeZXqucsTfV7.9d-6bjMMJ4cIB8fjDEXtDd3nwZq28Kq3w0RJ3BqHRIDAB7YDShnBDl4UZjdcTnbclMXxaD9m1LffEyIIfWGGrqa6aZw=,

http://ad.xtendmedia.com/clk?3,eJytjVFrgzAUhX-NbyK5SWtaZA-xMbCuiZPVSR-diTYjVulEt.76WTba.YB9XDhw7uEcIBGsTUVLWJIlouVbCBEQg2pSgQ6Jj6IowoAoYErowk9r1CWnUT5lvNtupphdScfnl4n94fFXG8YythE2FXnz42RcWPYvxK91nN335v6Gr1j42a34ZRHfYnzbqkI5WeRoVyRY8nyQe-GkBZtyZXf7ZFLvDB3aBA5FjtV94MH3j8PQe4R5WMxX6o-g6kvnWqNtGVRdO5vaODua89f1X5-D.jjnxaU7Gas9wmH9DQA9ZFY=,

http://ad.xtendmedia.com/clk?3,eJydTUFugzAQfA03hGxsCAj1YEKo2sYtRESpuEQuNo0JBARWA319TZJGPXe02p2dmdVCFLhQYIZK7HKMWOm5AUQCMI65a5cmCIIAAceHvgsXvrk9i3pZoiQlZHAqGpIZyw-ekRs-5.Z05Yk39zBeLeTLzd7gIb3Rw.sjJf9HCPHm917.O-vXkUeYn2yXFQ7vsej5SKN0fMvyer1bwdfsqGgW11QCJ6.4cb3bSFpRlEexngTk6f3ywTQPSnUGIoYd6yp6wZT8EtaoxIk3gktmFW2jna5vx0nPhqm2mS7ORbIOqqkNFDO-V1MnDBQxbtiuXgf5Pa8IgNF2gNYGqWYBImD7AM6CKJRsT.ui5X-S-65mk-jhD855gUQ=,

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.73915531c

http://am10.ru/cu_out.php

http://w61.am15.net/bn3.php?k=e45999681fc6a424bf8a87de19d8ab4a

http://ad.adnetwork.net/clk?3,eJydjd1ugkAQhZ.GO0KcXX6WbHoxwEps-SkpYPROkYC4FBI2tr5912B8gH6ZmZzMnMkBygFOx7PnMMu2CIH6yIE2aw9su3ZdY805B88h1LUcmxpAyhtG8jttg-CjL318EEnyleNCiwJxu-hP9pi-mH.btF1W7wLNRYWyrxj-n5DF.v6pdd6Pjg4ZCjlWQWH5L1tUQhYd-pSIe7wTkBS5SoqNTC5wSUh1jQtBs3B7PwwCst2eZvnr880wOqWmFcUV2ei6NWqcJ.Mkx3aeRmXW42A2sz5MuuvOMjs1yD8Mnl5h,

http://ad.xtendmedia.com/clk?3,eJytjduOokAURb-GN2OoC4Ih.YCNJCai0zN0d-w3KeomhaAcLvL1Xdpm5gdmp3Jy1s4-tREJKT0WiInc9z0fBfkyRIQjiplHlnTmhmFIMUUI-QQtZ9n6j473r-lbtGrd6W0V3bX5wFn0lHwYP.uv4D7jZJeU7.LHSvago.-iGLa.D8998-iVcRB566BNYrr6F1vj3bQZd9NKbT.X-DAdIM0Sk2rXO5zkuM1MlZ6U2mdfahcXZSr.Xr7MZgqgcUjk4MS-YRjmqqhu0M9ZXVmDVzkv5o2ykYQ5JMbugiAHLwZdgLLsu64lxbVUYJE-8NhB3cLxenfg2nFrQYks6Ka9LSbjm6Y3XZuzizanaerLooIqH8QIeaVF3gjJ0ciGxsEezpuOQun2SvOuw.UF-qUyheePlfBO.DiUNy31-WKjpHgOW4ZtWQt8YcSt8fX10iMm2TD19x-FMAHH53ONpCA1-wa3J6W4,

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.73783830c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/151/FlashPlayer/79/.../769.4.92.0465da16

http://cp.tuguu.com/.../download.php?p=769&_so=1&_bw=3&_sv=6.1&_bv=26.0&_ip=1254568223&_cc=US&asdd=1&_qs=ce_cid=20lodZ4qUKpU8aoh1mU2vl1usC1p000.&pub_id=9177?ce_cid=20lodZ4qUKpU8aoh1mU2vl1usC1p000.

http://cp.tuguu.com/pasarela/affp/.../ce_cid=20lodZ4qUKpU8aoh1mU2vl1usC1p000.&pub_id=9177?ce_cid=20lodZ4qUKpU8aoh1mU2vl1usC1p000.

http://network.adsmarket.com/.../kWJwnI2kfpeJkGnEXsp7l49lcZhinKmdj2ltlo2jfJeNYpibXpuCmIk?dp=RMX_A6511649_P1084231_V161810259_RTroy_S4247549_C20178476_B355095&dp2=UwelCf3PQAAs5jMBAAAAACbdTAAAAAAAAABcAAIAAAAAAA8AAQAEFE7iKAAAAAAAR4sQAAAAAAAhXGMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB14RMAAAAAAAIAAwAAgD8AeWFiGj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,eJzLyzMKjki1yM1zz.Z3ckspTnUMcfZPyXDxy.E2SKz0LQcAtRwLAQ==&dp3=Usource_url_hidden

http://ad.yieldmanager.com/clk?3,eJydjVtvgkAQhX8Nb8TszRVD-jAoEFMx1dALvpiVXWUJK0Q2rfjrC0ZNn3syycx850wGU38vDggdxkxIj1DOlY-pwoITxiV1ke.7mDOPTyfe1H3.UdXsQN.WAO24TAIYNNvLFB4KcoDFffYA1hBG4US.3smGtev7WHzFCfxfAWabx33.7wfgOPdAhxsdlyx4xuJFl6QZ25Yf1fIzpFl5tEkaVYnGemsytEyz64pExSqOyswk1-z4vHxx3cLaxqHgkKiv.KyE1d9qdLHqJI2SWozy2vROc64vXd-NsLXpbs4NjQprKodGQu5s1yiHzoV0CO.XVl-HlSJ0IWPUs1bbAWCKyBThAajc6vq0y2v5J7lrKtGpM.4Fu9KBog==,

http://ad.xtendmedia.com/clk?3,eJydjVtvgkAQhX8Nb8TszRVD-jAoEFMx1dALvpiVXWUJK0Q2rfjrC0ZNn3syycx850wGU38vDggdxkxIj1DOlY-pwoITxiV1ke.7mDOPTyfe1H3.UdXsQN.WAO24TAIYNNvLFB4KcoDFffYA1hBG4US.3smGtev7WHzFCfxfAWabx33.7wfgOPdAhxsdlyx4xuJFl6QZ25Yf1fIzpFl5tEkaVYnGemsytEyz64pExSqOyswk1-z4vHxx3cLaxqHgkKiv.KyE1d9qdLHqJI2SWozy2vROc64vXd-NsLXpbs4NjQprKodGQu5s1yiHzoV0CO.XVl-HlSJ0IWPUs1bbAWCKyBThAajc6vq0y2v5J7lrKtGpM.4Fu9KBog==,

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.70577379c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/151/FlashPlayer/79/.../769.4.92.0434ece3

http://cp.tuguu.com/.../download.php?p=769&_so=1&_bw=3&_sv=6.2&_bv=26.0&_ip=1825255767&_cc=US&asdd=1&_qs=ce_cid=20mnAl2fzKHbBHm51ZwAp91urPCx000.&pub_id=30679?ce_cid=20mnAl2fzKHbBHm51ZwAp91urPCx000.

http://cp.tuguu.com/pasarela/affp/.../ce_cid=20mnAl2fzKHbBHm51ZwAp91urPCx000.&pub_id=30679?ce_cid=20mnAl2fzKHbBHm51ZwAp91urPCx000.

http://network.adsmarket.com/click/i2FvnGfKfJyPYXDEXsp6w4lkcJlmnn6Vt2pwnWKcqZyKZG6WjaF6lJBlag?dp=CP1167624_S946_C5997540_1150789&dp2=lax1CMDo6Pyb1pr6GhACGIb0ntj5sYzESCINMTA4LjIwMy40OS44NygB&dp3=Uhttp://.../server?tp=1&pid=2137&zid=71508&aid=623033&cid=139009&opt_params=(null)&ohname=www.youtube.com&pcid=(null)&ssp_id=(null)&ssp_wsid=(null)&sid=D075946F-3542-409F-B9F7-0DC3B874471E

http://lax1.ib.adnxs.com/click?aFVLOsrBwD__3UyWpHy8PwAAAAAAAPA__91MlqR8vD9pVUs6ysHAPwa6B5uPMYhIQDSav7Fq9Br-XGxRAAAAAEWPEQCyAwAAXwAAAAIAAADkg1sASg8DAAAAAQBVU0QAVVNEANgCWgD9ywAAjXMAAgUCAQIAAIQA-CURDAAAAAA./cnd=!kwW6MAiIokcQ5IfuAhjKngwgAg../referrer=http://.../server?tp=1&pid=2137&zid=71508&aid=623033&cid=139009&opt_params=(null)&ohname=www.youtube.com&pcid=(null)&ssp_id=(null)&ssp_wsid=(null)&sid=D075946F-3542-409F-B9F7-0DC3B874471E/clickenc=http://network.adsmarket.com/click/i2FvnGfKfJyPYXDEXsp6w4lkcJlmnn6Vt2pwnWKcqZyKZG6WjaF6lJBlag?dp=CP1167624_S946_C5997540_1150789&dp2=lax1CMDo6Pyb1pr6GhACGIb0ntj5sYzESCINMTA4LjIwMy40OS44NygB&dp3=Uhttp://.../server?tp=1&pid=2137&zid=71508&aid=623033&cid=139009&opt_params=(null)&ohname=www.youtube.com&pcid=(null)&ssp_id=(null)&ssp_wsid=(null)&sid=D075946F-3542-409F-B9F7-0DC3B874

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.66810453c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/151/FlashPlayer/79/.../769.4.92.03fb7255

http://cp.tuguu.com/.../download.php?p=769&_so=1&_bw=3&_sv=6.2&_bv=26.0&_ip=3435121522&_cc=CA&asdd=1&_qs=ce_cid=20mhbT1QiNr6nm3B3Ktq1Q1uqShG000.&pub_id=36619?ce_cid=20mhbT1QiNr6nm3B3Ktq1Q1uqShG000.

http://cp.tuguu.com/pasarela/affp/.../ce_cid=20mhbT1QiNr6nm3B3Ktq1Q1uqShG000.&pub_id=36619?ce_cid=20mhbT1QiNr6nm3B3Ktq1Q1uqShG000.

http://network.adsmarket.com/.../i2dvlmfKfZeMZ2zEXsp6w4lmaphkoX6Vt2pwnWKcqZyKZG6WjaF7moplag?dp=M035XRGW72IZQUHB

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.71315359c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/151/FlashPlayer/79/.../769.4.92.04402f9f

http://cp.tuguu.com/.../download.php?p=769&_so=1&_bw=3&_sv=6.1&_bv=26.0&_ip=1188037202&_cc=US&asdd=1&_qs=ce_cid=20lodZ1iHCQjeXTU1ioSKm1urZaB000.&pub_id=9177?ce_cid=20lodZ1iHCQjeXTU1ioSKm1urZaB000.

Latest 30 of 51 download URLs

Remove flashplayer_v.71428794b.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.