home

flvupdate.exe

AOE

The executable flvupdate.exe has been detected as malware by 38 anti-virus scanners. The file has been seen being downloaded from storage.googleapis.com and multiple other hosts.
Publisher:
AOE

Product:
AOE

Version:
369

MD5:
41d65dc8785b996689c85ff952ccd451

SHA-1:
c9080c102c00d1688fa44a66e9e73e165936d7c6

SHA-256:
b0a4214c3e2802143cf691ea7bb0c63f87cff33ed95a9dd562407c837892368d

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
4/23/2024 10:29:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.100115
363

AegisLab AV Signature
Troj.Ransom.W32.Blocker.etvf!c
2.1.4+

Agnitum Outpost
Trojan.Blocker
7.1.1

AhnLab V3 Security
Trojan/Win32.Blocker
2016.02.06

Avira AntiVirus
TR/Bepush.A.9
8.3.2.4

Arcabit
Trojan.Zusy.D18713
1.0.0.653

avast!
Win32:Dropper-NYB [Drp]
2014.9-160207

AVG
Generic36
2017.0.2841

Baidu Antivirus
Trojan.Win32.Bepush
4.0.3.1627

Bitdefender
Gen:Variant.Zusy.100115
1.0.20.190

Bkav FE
W32.SchostaA.Trojan
1.3.0.7400

Comodo Security
UnclassifiedMalware
24097

Dr.Web
Trojan.DownLoader11.13969
9.0.1.038

Emsisoft Anti-Malware
Gen:Variant.Zusy.100115
8.16.02.07.05

ESET NOD32
MSIL/Bepush (variant)
10.12984

Fortinet FortiGate
W32/Blocker.E!tr
2/7/2016

F-Prot
W32/Trojan2.OJXT
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.100115
11.2016-07-02_1

G Data
Gen:Variant.Zusy.100115
16.2.25

IKARUS anti.virus
Trojan.MSIL.Bepush
t3scan.2.0.6.0

K7 AntiVirus
Trojan
13.213.18660

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.699

Malwarebytes
Trojan.Injector.MSIL
v2016.02.07.05

McAfee
Artemis!41D65DC8785B
5600.6497

Microsoft Security Essentials
Trojan:MSIL/Bepush.gen!A
1.1.12400.0

MicroWorld eScan
Gen:Variant.Zusy.100115
17.0.0.114

NANO AntiVirus
Trojan.Win32.Blocker.dbfprx
1.0.14.5798

Panda Antivirus
Generic Malware
16.02.07.05

Qihoo 360 Security
Win32/Trojan.1e6
1.0.0.1120

Quick Heal
TrojanRansom.Blocker.r3
2.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16205

Sophos
Mal/Generic-S
4.98

Total Defense
Heur/TrojanHorse.ZCGB!suspicious
37.1.62.1

Trend Micro House Call
TROJ_SPNR.35GA14
7.2.38

Trend Micro
TROJ_SPNR.35GA14
10.465.07

Vba32 AntiVirus
Hoax.Blocker
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
47000

ViRobot
Trojan.Win32.A.Blocker.208384.E[h]
2014.3.20.0

File size:
203.5 KB (208,384 bytes)

Product version:
369

Copyright:
Copyright © 2014

Trademarks:
AOE

Original file name:
FLVUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
6/4/2014 5:44:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:leQRNchZTaH0tNAtmZtKYNvgZTaH0ttnnmmOwENH7ZTaH0t9gnmduw1NgZTaH0qo:tNUaDsNKaM4N9abkNCa+

Entry address:
0x32E02

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9630

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
196 KB (200,704 bytes)

The file flvupdate.exe has been seen being distributed by the following 2 URLs.

http://storage.googleapis.com/playerlist/Sister/myyourass/.../FLVUpdate.exe

http://www.fileshareservices.net/dl.php

Remove flvupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.