» flashplugin.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (3)

flashplugin.exe

Project1

The executable flashplugin.exe has been detected as malware by 13 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Project1’. The file has been seen being downloaded from goo.gl and multiple other hosts.

File name:

flashplugin.exe

Product:

Project1

Version:

1.00

MD5:

152cf27ca00d0632927fe9c1bfae765a

SHA-1:

9759946675228e0305c2564de3c409dafe3aa225

SHA-256:

2521d7f81375790ff9296bb8c487860a9428b2a47dc185102d7f82eba1857915

Scanner detections:

13 / 68

Status:

Malware

Analysis date:

5/7/2024 4:58:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.330750

1095

Avira AntiVirus

TR/Kazy.330750.9

7.11.129.118

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140205

AVG

Pakes_c

2015.0.3573

Bitdefender

Gen:Variant.Kazy.330750

1.0.20.180

Dr.Web

Trojan.DownLoader9.19558

9.0.1.036

Emsisoft Anti-Malware

Gen:Variant.Kazy.330750

8.14.02.05.06

F-Secure

Gen:Variant.Kazy.330750

11.2014-05-02_4

G Data

Gen:Variant.Kazy.330750

14.2.24

McAfee

Artemis!152CF27CA00D

5600.7229

MicroWorld eScan

Gen:Variant.Kazy.330750

15.0.0.108

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Trend Micro House Call

TROJ_GEN.F47V0203

7.2.36

File size:

228 KB (233,472 bytes)

Product version:

1.00

Original file name:

1f.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\elfbmgloiapbfaknpkilhbjdlokpkkmn\flashplugin.exe

File PE Metadata

Compilation timestamp:

2/1/2014 7:03:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:goqPGrtASVUytieqlFEmPm2IayEKb6aH1EMYghKCA7rvPp:J31qlFEmPm2IaRKb6a6Ihk5

Entry address:

0x1DB0

Entry point:

68, A4, 43, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, D5, B4, A1, 43, B2, 1D, A2, 47, 8C, CB, 60, E6, 07, AA, 49, C2, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 30, 32, 30, 34, 33, 30, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 30, 2D, 43, 30, 30, 30, 2D, 00, 00, 00, 00, FF, CC, 31, 00, 08, F7, EF, 3F, 42, 4F, 78, D3, 48, 93, C7, 13, CE, 5D, 9D, 4C, 47, 84, 87, 94, DC, 9E, E0, E6, 41, B9, 3B, 9D, FA, F9, E6, 8E, 06, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

156 KB (159,744 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Project1

Command:

C:\users\{user}\appdata\local\elfbmgloiapbfaknpkilhbjdlokpkkmn\flashplugin.exe

The file flashplugin.exe has been seen being distributed by the following 3 URLs.

http://goo.gl/yPZ4qI

https://izleyinhaydi.googlecode.com/.../FlashPlugin.exe

Remove flashplugin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.