» flashplayerpro_setup.exe
Overview
Analysis
File Details

flashplayerpro_setup.exe

The application flashplayerpro_setup.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer, however the file is not signed with an authenticode signature from a trusted source. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

MD5:

ac6f034c8c531f1768e79e013d35dcb8

SHA-1:

c66304d7edff843f0584e6c025822bd27e6414c6

SHA-256:

485f01486caf0eb068e446b269b722d1588e7a3762051e46783a17d102a7c862

Scanner detections:

13 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 4:56:59 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.147.26

AVG

Adware AdPlugin

2016.0.3001

Dr.Web

Trojan.Packed.26807

9.0.1.0242

ESET NOD32

Win32/AdWare.iBryte.AC application

9.7.0.302.0

herdProtect (fuzzy)

variant of startdownload.exe (Adware)

2015.8.30.21

Malwarebytes

PUP.Optional.OptimumInstaller.A

v2015.08.30.09

Panda Antivirus

Trj/Genetic.gen

15.08.30.09

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.7.28.7

Rising Antivirus

PE:Malware.iBryte!6.192B

23.00.65.15828

Sophos

iBryte Optimum Installer

4.98

VIPRE Antivirus

Threat.4778314

29418

File size:

225.8 KB (231,208 bytes)

File type:

Executable application (Win16 EXE)

Bundler/Installer:

Adknowledge Fusion

Common path:

C:\users\{user}\downloads\flashplayerpro_setup.exe

File PE Metadata

Compilation timestamp:

5/22/2014 5:00:32 PM

OS version:

5.0

OS bitness:

Win16

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:D7FU4ZF94ZRXSYwFcmrldFvjlFwcPzJiaTHDrXBSxpdy5NkpbB:vFUm9iDwWmr/BPPxTUxpd6kpbB

Entry address:

0x10827

Entry point:

E8, 30, 53, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 44, 92, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 90, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63... 
[+]

Entropy:

6.3523

Code size:

159 KB (162,816 bytes)

Remove flashplayerpro_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.