home

flashplayerpro_setup.exe

SetupManager.exe

Optimum Installer

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application flashplayerpro_setup.exe, “flashplayerpro ” by Optimum Installer has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
SetupManager  (signed by Optimum Installer)

Product:
SetupManager.exe

Description:
flashplayerpro

Version:
3.4.8

MD5:
d653d70be84aee9a98c3c13b6278d0a5

SHA-1:
61b4c90d6f5d4763d96e10856b0ddfdfa235547d

SHA-256:
dd293fad13a2b6078886e70b9be324f39fc59dd3e4775af7f50568905abd8499

Scanner detections:
33 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 3:46:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Adware.Generic.513195
926

Agnitum Outpost
Adware.iBryte
7.1.1

AhnLab V3 Security
Adware/Win32.Agent
14.07.23

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.144.160

avast!
Win32:Installer-J [PUP]
140617-1

AVG
Adware Generic5.ABEH
2014.0.3986

Bitdefender
MemScan:Adware.Generic.513195
1.0.20.1020

Clam AntiVirus
WIN.Adware.Ibryte-137
0.98/213

Comodo Security
ApplicUnwnt.Win32.AdWare.iBryte.H
18142

Dr.Web
Adware.Downware.1260
9.0.1.05190

Emsisoft Anti-Malware
MemScan:Adware.Generic.513195
8.14.07.23.08

ESET NOD32
Win32/Adware.iBryte.G application
7.0.302.0

Fortinet FortiGate
Riskware/IBryte
7/23/2014

F-Prot
W32/Ibryte.C.gen
4.6.5.141

F-Secure
MemScan:Adware.Generic.513195
11.2014-23-07_4

G Data
MemScan:Adware.Generic.513195
14.7.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.Agent
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11833

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.Ibryte
v2014.07.23.08

McAfee
Adware-FOO!E566FB543061
5600.7060

MicroWorld eScan
MemScan:Adware.Generic.513195
15.0.0.612

NANO AntiVirus
Riskware.Win32.Agent.csqusr
0.28.0.59492

Norman
Agent.ASWDM
11.20140723

nProtect
Trojan-Clicker/W32.Agent.895784
14.04.21.01

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.OptimumInstaller.U
14.8.8.3

Rising Antivirus
PE:Adware.iBryte!6.A7
23.00.65.14721

Sophos
iBryte Optimum Installer
4.98

Total Defense
Win32/Zbot.HGO
37.0.10927

Vba32 AntiVirus
SScope.Adware.OptimusInstaller.26607
3.12.26.0

VIPRE Antivirus
Optimum Installer
28462

Zillya! Antivirus
Adware.Agent.Win32.8159
2.0.0.1783

File size:
872.8 KB (893,736 bytes)

Product version:
3.4.8

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Digital Signature
Signed by:
Optimum Installer

Authority:
VeriSign, Inc.

Valid from:
10/10/2012 6:00:00 PM

Valid to:
11/7/2013 5:59:59 PM

Subject:
CN=Optimum Installer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Optimum Installer, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7C5F27B776ADBBB7943F700066A490BF

File PE Metadata
Compilation timestamp:
6/18/2013 2:35:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:rot7o0WkM95AjIgGtJDt9HvoGRI2DHXzixQ:w25AjIXtfZT5DHXOxQ

Entry address:
0x57332

Entry point:
E8, 94, F1, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 0D, F2, 00, 00, 83, C4, 14, 5D, C3, FF, 35, 3C, 33, 4B, 00, E8, A9, 4C, 00, 00, 59, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 62, AE, 00, 00, 6A, 01, 6A, 00, E8, 0C, F5, 00, 00, 83, C4, 0C, E9, ED, F3, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 45, 08, D1, F8, 48, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C, 3B...
 
[+]

Entropy:
6.7252

Code size:
482 KB (493,568 bytes)

Remove flashplayerpro_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.