» flv-player-setup.exe
Overview
Analysis
File Details

flv-player-setup.exe

Ainishare Free Center

Hengyida Information Technology CO.,LTD.

The application flv-player-setup.exe by Hengyida Information Technology CO.,LTD has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process.

File name:

Publisher:

Ainishare.com (signed by Hengyida Information Technology CO.,LTD.)

Product:

Ainishare Free Center

Version:

1.0.0

MD5:

c74033d6f2deb9bc9e886b1030a9881d

SHA-1:

cf78a55228e906c47b035b8756b610ef258b689d

SHA-256:

4119f08c194199a98633ff06d22090598afdefe65dcd237dcae6247438604e20

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

4/19/2024 3:20:01 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Somoto

4.0.3.16111

Dr.Web

Adware.Downware.2013

9.0.1.011

ESET NOD32

Win32/Somoto

10.9934

Malwarebytes

PUP.Optional.Somoto.A

v2016.01.11.05

Reason Heuristics

PUP.HengyidaInformationTechnologyCOLTD.Installer (M)

16.1.11.17

Trend Micro House Call

TROJ_GEN.F47V0519

7.2.11

File size:

1.9 MB (2,008,088 bytes)

Product version:

1.0.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\download\flv-player-setup.exe

Digital Signature

Signed by:

Hengyida Information Technology CO.,LTD.

Authority:

WoSign CA Limited

Valid from:

1/15/2014 4:35:57 PM

Valid to:

1/15/2015 4:35:57 PM

Subject:

CN="Hengyida Information Technology CO.,LTD.", E=EastRiverGroup@yahoo.com, O="Hengyida Information Technology CO.,LTD.", L=Chengdu, S=Sichuan, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

166DAF8F034BBD9BE8EBE24044970524

File PE Metadata

Compilation timestamp:

3/17/2011 5:22:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:GjkjwgKlrSUKrGyG2tWeBJkvQrI3ZEOhN98LDV:sks3horGyG2tWe/E/EO3S

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01... 
[+]

Entropy:

7.5413

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

Remove flv-player-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.