» flashplayerpro_setup.exe
Overview
Analysis
File Details

flashplayerpro_setup.exe

The application flashplayerpro_setup.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer, however the file is not signed with an authenticode signature from a trusted source. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

MD5:

abcbabde2fff313890c6782650914c22

SHA-1:

d5d5489849abb2a1313dc55238463732b6a447fc

SHA-256:

05db7119cc4d0cbb2890385a21d7f06ef6fdb7b96593724c7cf50fdbc28bd733

Scanner detections:

12 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 2:42:58 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.IBryte

15.08.30

Avira AntiVirus

APPL/OptInstal.opwa

7.11.151.162

AVG

Adware AdPlugin

2016.0.3001

Dr.Web

Trojan.Packed.26807

9.0.1.0242

F-Prot

W32/DomaIQ.G2.gen

v6.4.7.1.166

herdProtect (fuzzy)

variant of java_setup.exe (Adware)

2015.8.30.21

IKARUS anti.virus

AdWare.AdPlugin

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.178.12257

McAfee

Generic-FAIN!AF437180D77B

5600.6657

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.7.28.7

Vba32 AntiVirus

AdWare.iBryte

3.12.26.0

File size:

216.8 KB (221,992 bytes)

File type:

Executable application (Win16 EXE)

Bundler/Installer:

Adknowledge Fusion

Common path:

C:\users\{user}\downloads\flashplayerpro_setup.exe

File PE Metadata

Compilation timestamp:

5/21/2014 5:00:24 PM

OS version:

5.0

OS bitness:

Win16

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:JzeG1TLXp+myHQxVzl6YPDFyF14LiaAGJirGFv5tBiOe5djpOV:NZL3yHQjp6c5yP3JiCjpOV

Entry address:

0xEDA7

Entry point:

E8, 30, 53, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 44, 82, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 80, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63... 
[+]

Entropy:

6.3767

Code size:

152.5 KB (156,160 bytes)

Remove flashplayerpro_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.