home

flv_installer.exe

Square Network Tech Co.,LTD.

The application flv_installer.exe by Square Network Tech Co.,LTD has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from istdownload.net and multiple other hosts.
Publisher:
Square Network Tech Co.,LTD.  (signed and verified)

MD5:
eca4c26748ed49a26692c7963e033f51

SHA-1:
74a8c94f52be7db8fdb6ce102120d708e91b6b4b

SHA-256:
ac378cca815f2f2b49f12c952c978d7f461f2a2e4722af5bbc7822f9e2a42e57

Scanner detections:
21 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 9:32:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.E
898

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.168.120

avast!
Win32:Malware-gen
140813-1

AVG
Adware BundleApp_r.N
2014.0.3986

Bitdefender
Application.Bundler.E
1.0.20.1160

Dr.Web
Adware.Downware.4148
9.0.1.05190

ESET NOD32
Win32/SquareNet.A potentially unwanted application
7.0.302.0

F-Secure
Application.Bundler.E
11.2014-20-08_4

G Data
Application.Bundler
14.8.24

IKARUS anti.virus
PUA.Bundler
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13113

Malwarebytes
PUP.Optional.MultiPlug.A
v2014.08.20.10

McAfee
PUP-FAU
5600.7032

Microsoft Security Essentials
Threat.Undefined
1.181.75.0

MicroWorld eScan
Application.Bundler.E
15.0.0.696

Panda Antivirus
Trj/Genetic.gen
14.08.20.10

Reason Heuristics
PUP.SquareNetworkTechCoLTD.N
14.8.20.14

Sophos
Square Network Installer
4.98

SUPERAntiSpyware
Heur.Agent/Gen-FakeChrome
10409

VIPRE Antivirus
Threat.4150696
32210

File size:
942.1 KB (964,672 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Common path:
C:\users\{user}\downloads\flv_installer.exe

Digital Signature
Signed by:
Square Network Tech Co.,LTD.

Authority:
VeriSign, Inc.

Valid from:
12/30/2013 4:00:00 PM

Valid to:
12/31/2014 3:59:59 PM

Subject:
CN="Square Network Tech Co.,LTD.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Square Network Tech Co.,LTD.", L=Zhongshan, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
08F1CEE1EA15CE4F4CA29FDEBE3DACA3

File PE Metadata
Compilation timestamp:
5/9/2014 5:09:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:omujC/7jg4fqgQ53Q1fsIXfYxMCJSuOIKe/+:omuj2rQ5kfsIPfKjK2+

Entry address:
0x5F7CC

Entry point:
E8, 24, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 57, 83, FB, 04, 72, 75, 8D, 7B, FC, 85, FF, 76, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 7D, FC, 72, C2, EB, 3F, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46...
 
[+]

Entropy:
6.6426

Code size:
484 KB (495,616 bytes)

The file flv_installer.exe has been seen being distributed by the following 2 URLs.

http://istdownload.net/entry/node/file/pkg/flv/.../flv_installer.exe

http://istdownload.net/entry/.../exefile?ref=ssadplex&site_id=11838957

Remove flv_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.