» flashvideoplayer-186380241.exe
Overview
Analysis
File Details
Network (3)

flashvideoplayer-186380241.exe

Outbox

Bicoastal Interactive

The application flashvideoplayer-186380241.exe by Bicoastal Interactive has been detected as a potentially unwanted program by 26 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. While running, it connects to the Internet address host-213.158.175.73.tedata.net on port 80 using the HTTP protocol.

File name:

Publisher:

Bicoastal Interactive (signed and verified)

Product:

Outbox

Version:

1.15.146.711

MD5:

a80cd71af8151da7ffee7df600df8470

SHA-1:

a411fe6c0a8bf31e256d2cf1bfbb1b590183de10

SHA-256:

f4434ef36163543e302680e280b9abb5955b90789eb8085cad06b4e136358d5b

Scanner detections:

26 / 68

Status:

Potentially unwanted

Analysis date:

5/22/2024 1:03:10 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.DownloadAdmin.AM

-34

AhnLab V3 Security

PUP/Win32.Downloader.C1758492

3.8.3.16

Avira AntiVirus

TR/Dldr.Small.bryyo

8.3.3.4

Arcabit

Application.Bundler.DownloadAdmin.AM

1.0.0.798

avast!

Win32:Malware-gen

2014.9-170310

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17310

Bitdefender

Application.Bundler.DownloadAdmin.AM

1.0.20.345

Bkav FE

W32.HfsAdware

1.3.0.8876

Dr.Web

Trojan.Siggen7.10262

9.0.1.069

Emsisoft Anti-Malware

Application.AdLoad

8.17.03.10.04

ESET NOD32

Win32/DownloadAdmin.AA.gen potentially unwanted (variant)

11.15063

F-Secure

Application.Bundler.DownloadAdmin

11.2017-10-03_6

G Data

Application.Bundler.DownloadAdmin.AM

17.3.A:25.11099B:25.9046

IKARUS anti.virus

PUA.DownloadAdmin.Aa

0.2.1.2

K7 AntiVirus

Adware

13.10.4.22672

Malwarebytes

PUP.Optional.DownLoadAdmin

v2017.03.10.04

MicroWorld eScan

Application.Bundler.DownloadAdmin.AM

18.0.0.207

NANO AntiVirus

Trojan.Win32.Small.elgpta

1.0.70.15657

Qihoo 360 Security

HEUR/QVM10.1.0000.Malware.Gen

1.0.0.1120

Quick Heal

Trojan.IGENERIC

3.17.14.00

Reason Heuristics

PUP.DownloadAdmin (M)

17.3.10.4

Rising Antivirus

Malware.Generic.5!tfe (thunder:5:Ze6WuuhHFTL)

23.00.65.17308

SUPERAntiSpyware

PUP.DownloadAdmin/Variant

8545

Vba32 AntiVirus

Signed-Downware.DownloadAdmin

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

56532

Zillya! Antivirus

Downloader.DownloAdminCRTD.Win32.10446

2.0.0.3228

File size:

124.3 KB (127,256 bytes)

Product version:

6.12.42.799

Original file name:

Launchuseroobe.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\flashvideoplayer-186380241.exe

Digital Signature

Signed by:

Bicoastal Interactive

Authority:

GoDaddy.com, Inc.

Valid from:

5/19/2016 2:50:40 PM

Valid to:

5/19/2017 2:50:40 PM

Subject:

CN=Bicoastal Interactive, O=Bicoastal Interactive, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

0096C56AE03C38A570

File PE Metadata

Compilation timestamp:

12/1/2016 3:47:16 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x76AD

Entry point:

E8, BE, 36, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, EC, D4, 41, 00, FF, 15, 10, 51, 41, 00, 85, C0, 75, 18, 56, E8, 0E, 10, 00, 00, 8B, F0, FF, 15, FC, 50, 41, 00, 50, E8, 13, 10, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, CC, C8, 41, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, C3, 3D, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, B7, 3D, 00, 00, 8D, 85, E0, FC... 
[+]

Entropy:

6.5301

Code size:

76.5 KB (78,336 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-52-6-18-250.compute-1.amazonaws.com (52.6.18.250:80)

TCP (HTTP):

Connects to host-213.158.175.90.tedata.net (213.158.175.90:80)

TCP (HTTP):

Connects to host-213.158.175.73.tedata.net (213.158.175.73:80)

Remove flashvideoplayer-186380241.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.